fix: fastlane/Gemfile & fastlane/Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-MINIMAGICK-451567 Signed-off-by: Jakub Sokołowski <jakub@status.im>
status-im · Aug 5, 2019 · f464269 · f464269
1 parent 97c0a76
commit f464269
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 12 deletions.
diff --git a/Makefile b/Makefile
@@ -76,6 +76,10 @@ nix-update-lein: export TARGET_OS := none
 nix-update-lein: ##@nix Update maven nix expressions based on current lein setup
 	nix/tools/lein/generate-nix.sh nix/lein
 
+update-gems-nix: export TARGET_OS := android
+update-gems-nix: ##@nix Update Ruby gems in fastlane/Gemfile.lock and fastlane/gemset.nix
+	fastlane/update.sh
+
 #----------------
 # General targets
 #----------------

diff --git a/fastlane/Gemfile b/fastlane/Gemfile
@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem "fastlane"
+gem "fastlane", ">= 2.127.2"
 
 plugins_path = File.join(File.dirname(__FILE__), 'Pluginfile')
 eval_gemfile(plugins_path) if File.exist?(plugins_path)

diff --git a/fastlane/Gemfile.lock b/fastlane/Gemfile.lock
@@ -18,7 +18,7 @@ GEM
       unf (>= 0.0.5, < 1.0.0)
     dotenv (2.7.4)
     emoji_regex (1.0.1)
-    excon (0.64.0)
+    excon (0.65.0)
     faraday (0.15.4)
       multipart-post (>= 1.2, < 3)
     faraday-cookie_jar (0.0.6)
@@ -27,7 +27,7 @@ GEM
     faraday_middleware (0.13.1)
       faraday (>= 0.7.4, < 1.0)
     fastimage (2.1.5)
-    fastlane (2.127.1)
+    fastlane (2.128.0)
       CFPropertyList (>= 2.3, < 4.0.0)
       addressable (>= 2.3, < 3.0.0)
       babosa (>= 1.0.2, < 2.0.0)
@@ -47,7 +47,7 @@ GEM
       highline (>= 1.7.2, < 2.0.0)
       json (< 3.0.0)
       jwt (~> 2.1.0)
-      mini_magick (~> 4.5.1)
+      mini_magick (>= 4.9.4, < 5.0.0)
       multi_xml (~> 0.5)
       multipart-post (~> 2.0.0)
       plist (>= 3.1.0, < 4.0.0)
@@ -102,7 +102,7 @@ GEM
     mime-types (3.2.2)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2019.0331)
-    mini_magick (4.5.1)
+    mini_magick (4.9.5)
     multi_json (1.13.1)
     multi_xml (0.6.0)
     multipart-post (2.0.0)
@@ -161,7 +161,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  fastlane
+  fastlane (>= 2.127.2)
   fastlane-plugin-clean_testflight_testers
   fastlane-plugin-diawi
 

diff --git a/fastlane/gemset.nix b/fastlane/gemset.nix
@@ -147,10 +147,10 @@
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "0vcplvlykirg2vc56jjxavgpkllzq26xgp7ind7wc5ikaqaz64gn";
+      sha256 = "1mc6y6n7i0hhk7i8wwi4qjnpkm013p7z3xr994s696hk74f91a7j";
       type = "gem";
     };
-    version = "0.64.0";
+    version = "0.65.0";
   };
   faraday = {
     dependencies = ["multipart-post"];
@@ -201,10 +201,10 @@
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1dw06kbsnfg6mqzxvkmb4bswgzng0kc1nbfpvv0r7sq99wsscrz9";
+      sha256 = "1ahxbimlx6d2w0dhx2pj7mii2rpigqgmj4bcaymddbwfbp385gmx";
       type = "gem";
     };
-    version = "2.127.1";
+    version = "2.128.0";
   };
   fastlane-plugin-clean_testflight_testers = {
     groups = ["default"];
@@ -379,10 +379,10 @@
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1a59k5l29vj060yscaqk370rg5vyr132kbw6x3zar7khzjqjqd8p";
+      sha256 = "0qy09qrd5bwh8mkbj514n5vcw9ni73218h9s3zmvbpmdwrnzi8j4";
       type = "gem";
     };
-    version = "4.5.1";
+    version = "4.9.5";
   };
   multi_json = {
     groups = ["default"];

diff --git a/fastlane/update → fastlane/update.sh b/fastlane/update → fastlane/update.sh