From 48a4c59fcc889db1703128d5b48a0e793bdf6195 Mon Sep 17 00:00:00 2001 From: Adam Wead Date: Wed, 5 Dec 2018 09:12:04 -0500 Subject: [PATCH] Gem updates to address security vulnerabilities Covers: * CVE-2018-16471 (rack) * CVE-2018-16470 (rack) * CVE-2018-16468 (loofah) * also minor patch release and updates to other gems --- Gemfile.lock | 132 +++++++++++++++++++++++++-------------------------- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 14beee76..f2b5f6d8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ GIT GIT remote: https://github.com/stympy/faker.git - revision: 098f0455d5c91ae55e5e4ece32e117c557dabbee + revision: aca03bed6918ece830a62fd73085de5db20282b6 branch: master specs: faker (1.9.1) @@ -20,25 +20,25 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (5.1.6) - actionpack (= 5.1.6) + actioncable (5.1.6.1) + actionpack (= 5.1.6.1) nio4r (~> 2.0) websocket-driver (~> 0.6.1) - actionmailer (5.1.6) - actionpack (= 5.1.6) - actionview (= 5.1.6) - activejob (= 5.1.6) + actionmailer (5.1.6.1) + actionpack (= 5.1.6.1) + actionview (= 5.1.6.1) + activejob (= 5.1.6.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.1.6) - actionview (= 5.1.6) - activesupport (= 5.1.6) + actionpack (5.1.6.1) + actionview (= 5.1.6.1) + activesupport (= 5.1.6.1) rack (~> 2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.6) - activesupport (= 5.1.6) + actionview (5.1.6.1) + activesupport (= 5.1.6.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -61,31 +61,31 @@ GEM rdf-vocab (>= 2.0, < 4.0) active_encode (0.4.1) rails - activejob (5.1.6) - activesupport (= 5.1.6) + activejob (5.1.6.1) + activesupport (= 5.1.6.1) globalid (>= 0.3.6) - activemodel (5.1.6) - activesupport (= 5.1.6) + activemodel (5.1.6.1) + activesupport (= 5.1.6.1) activemodel-serializers-xml (1.0.2) activemodel (> 5.x) activesupport (> 5.x) builder (~> 3.1) - activerecord (5.1.6) - activemodel (= 5.1.6) - activesupport (= 5.1.6) + activerecord (5.1.6.1) + activemodel (= 5.1.6.1) + activesupport (= 5.1.6.1) arel (~> 8.0) - activesupport (5.1.6) + activesupport (5.1.6.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) addressable (2.5.2) public_suffix (>= 2.0.2, < 4.0) - airbrussh (1.3.0) + airbrussh (1.3.1) sshkit (>= 1.6.1, != 1.7.0) arel (8.0.0) ast (2.4.0) - autoprefixer-rails (9.3.1) + autoprefixer-rails (9.4.2) execjs backports (3.11.4) bagit (0.4.2) @@ -143,7 +143,7 @@ GEM capistrano resque resque-scheduler - capybara (3.10.0) + capybara (3.12.0) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) @@ -162,7 +162,7 @@ GEM execjs coffee-script-source (1.12.2) colorize (0.8.1) - concurrent-ruby (1.0.5) + concurrent-ruby (1.1.3) connection_pool (2.2.2) coveralls (0.8.22) json (>= 1.8, < 3) @@ -197,7 +197,7 @@ GEM uber (< 0.2.0) docile (1.3.1) docopt (0.5.0) - down (4.6.1) + down (4.7.0) addressable (~> 2.5) draper (3.0.1) actionpack (~> 5.0) @@ -314,7 +314,7 @@ GEM concurrent-ruby (~> 1.0) ice_nine (0.11.2) inflecto (0.0.2) - jbuilder (2.7.0) + jbuilder (2.8.0) activesupport (>= 4.2.0) multi_json (>= 1.2) jquery-rails (4.3.3) @@ -354,19 +354,19 @@ GEM listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - loofah (2.2.2) + loofah (2.2.3) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - method_source (0.9.0) + method_source (0.9.2) mime-types (3.2.2) mime-types-data (~> 3.2015) mime-types-data (3.2018.0812) mini_magick (4.9.2) mini_mime (1.0.1) mini_portile2 (2.3.0) - mini_racer (0.2.3) + mini_racer (0.2.4) libv8 (>= 6.3) minitest (5.11.3) mono_logger (1.1.0) @@ -382,7 +382,7 @@ GEM net-scp (1.2.1) net-ssh (>= 2.6.5) net-ssh (5.0.2) - newrelic_rpm (5.4.0.347) + newrelic_rpm (5.5.0.348) niftany (0.3.0) colorize (~> 0.8.1) erb_lint (~> 0.0.22) @@ -394,19 +394,19 @@ GEM mini_portile2 (~> 2.3.0) orm_adapter (0.5.0) parallel (1.12.1) - parser (2.5.1.2) + parser (2.5.3.0) ast (~> 2.4.0) path_expander (1.0.3) pg (1.1.3) - popper_js (1.14.3) + popper_js (1.14.5) powerpack (0.1.2) - pry (0.11.3) + pry (0.12.2) coderay (~> 1.1.0) method_source (~> 0.9.0) pry-byebug (3.6.0) byebug (~> 10.0) pry (~> 0.10) - pry-rails (0.3.6) + pry-rails (0.3.8) pry (>= 0.10.4) psu_dir (0.2.0) hydra-ldap @@ -419,35 +419,35 @@ GEM json websocket (~> 1.0) raabro (1.1.6) - rack (2.0.5) + rack (2.0.6) rack-protection (2.0.4) rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.1.6) - actioncable (= 5.1.6) - actionmailer (= 5.1.6) - actionpack (= 5.1.6) - actionview (= 5.1.6) - activejob (= 5.1.6) - activemodel (= 5.1.6) - activerecord (= 5.1.6) - activesupport (= 5.1.6) + rails (5.1.6.1) + actioncable (= 5.1.6.1) + actionmailer (= 5.1.6.1) + actionpack (= 5.1.6.1) + actionview (= 5.1.6.1) + activejob (= 5.1.6.1) + activemodel (= 5.1.6.1) + activerecord (= 5.1.6.1) + activesupport (= 5.1.6.1) bundler (>= 1.3.0) - railties (= 5.1.6) + railties (= 5.1.6.1) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.2) - actionpack (~> 5.x, >= 5.0.1) - actionview (~> 5.x, >= 5.0.1) - activesupport (~> 5.x) + rails-controller-testing (1.0.3) + actionpack (>= 5.0.1.x) + actionview (>= 5.0.1.x) + activesupport (>= 5.0.1.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.0.4) loofah (~> 2.2, >= 2.2.2) - railties (5.1.6) - actionpack (= 5.1.6) - activesupport (= 5.1.6) + railties (5.1.6.1) + actionpack (= 5.1.6.1) + activesupport (= 5.1.6.1) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -456,7 +456,7 @@ GEM rb-fsevent (0.10.3) rb-inotify (0.9.10) ffi (>= 0.5.0, < 2) - rdf (3.0.5) + rdf (3.0.7) hamster (~> 3.0) link_header (~> 0.0, >= 0.0.8) rdf-isomorphic (3.0.0) @@ -464,9 +464,9 @@ GEM rdf-turtle (3.0.3) ebnf (~> 1.1) rdf (~> 3.0) - rdf-vocab (3.0.3) + rdf-vocab (3.0.4) rdf (~> 3.0) - redis (4.0.2) + redis (4.0.3) redis-namespace (1.6.0) redis (>= 3.0.4) reform (2.2.4) @@ -475,7 +475,7 @@ GEM reform-rails (0.1.7) activemodel (>= 3.2) reform (>= 2.2.0) - regexp_parser (1.2.0) + regexp_parser (1.3.0) representable (3.0.4) declarative (< 0.1.0) declarative-option (< 0.2.0) @@ -530,12 +530,12 @@ GEM rubocop-rspec (1.22.2) rubocop (>= 0.52.1) ruby-progressbar (1.10.0) - ruby_parser (3.11.0) + ruby_parser (3.12.0) sexp_processor (~> 4.9) rubyzip (1.2.2) rufus-scheduler (3.5.2) fugit (~> 1.1, >= 1.1.5) - sass (3.6.0) + sass (3.7.2) sass-listen (~> 4.0.0) sass-listen (4.0.0) rb-fsevent (~> 0.9, >= 0.9.4) @@ -549,13 +549,13 @@ GEM scss_lint (0.57.1) rake (>= 0.9, < 13) sass (~> 3.5, >= 3.5.5) - selenium-webdriver (3.14.1) + selenium-webdriver (3.141.0) childprocess (~> 0.5) rubyzip (~> 1.2, >= 1.2.2) sexp_processor (4.11.0) shoulda-matchers (3.1.2) activesupport (>= 4.0.0) - shrine (2.12.0) + shrine (2.13.0) down (~> 4.1) simplecov (0.16.1) docile (~> 1.1) @@ -591,12 +591,12 @@ GEM net-ssh (>= 2.8.0) sxp (1.0.1) rdf (>= 2.2, < 4.0) - term-ansicolor (1.6.0) + term-ansicolor (1.7.0) tins (~> 1.0) thor (0.19.4) thread_safe (0.3.6) - tilt (2.0.8) - tins (1.17.0) + tilt (2.0.9) + tins (1.20.2) travis (1.8.9) backports faraday (~> 0.9) @@ -618,7 +618,7 @@ GEM tzinfo (1.2.5) thread_safe (~> 0.1) uber (0.1.0) - uglifier (4.1.19) + uglifier (4.1.20) execjs (>= 0.3.0, < 3) unicode-display_width (1.4.0) validatable (1.6.7) @@ -640,8 +640,8 @@ GEM reform-rails vegas (0.1.11) rack (>= 1.0.0) - warden (1.2.7) - rack (>= 1.0) + warden (1.2.8) + rack (>= 2.0.6) web-console (3.7.0) actionview (>= 5.0) activemodel (>= 5.0)