Update uglifier gem and dependencies to v2.7.2

Uglifier prior to version 2.7.2 has a known vulnerability: > There's a vulnerability which allows a specially crafted Javascript file to > have altered functionality after minification. This bug was demonstrated to > allow potentially malicious code to be hidden within secure code, activated by > minification. Affected versions erroneously minify boolean expressions. Sources: * lautis/uglifier#86 * https://zyan.scripts.mit.edu/blog/backdooring-js/ * https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons * mishoo/UglifyJS#751
sgerrand · Nov 21, 2015 · f94d099 · f94d099
1 parent 73f5234
commit f94d099
Show file tree

Hide file tree

Showing 5 changed files with 2 additions and 2 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -44,7 +44,7 @@ GEM
     dotenv (2.0.2)
     erubis (2.7.0)
     excon (0.45.3)
-    execjs (2.5.2)
+    execjs (2.6.0)
     faraday (0.9.1)
       multipart-post (>= 1.2, < 3)
     hashie (3.4.2)
@@ -149,7 +149,7 @@ GEM
       polyglot
       polyglot (>= 0.3.1)
     tzinfo (0.3.44)
-    uglifier (2.7.1)
+    uglifier (2.7.2)
       execjs (>= 0.3.0)
       json (>= 1.8.0)
     unf (0.1.4)

diff --git a/vendor/cache/execjs-2.5.2.gem b/vendor/cache/execjs-2.5.2.gem
diff --git a/vendor/cache/execjs-2.6.0.gem b/vendor/cache/execjs-2.6.0.gem
diff --git a/vendor/cache/uglifier-2.7.1.gem b/vendor/cache/uglifier-2.7.1.gem
diff --git a/vendor/cache/uglifier-2.7.2.gem b/vendor/cache/uglifier-2.7.2.gem