From 828a354eb3b86129bfffae41675dd7eb03a3ea5b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 Apr 2023 02:01:27 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONMAILER-20112 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290051 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290052 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20020 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20024 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20035 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20037 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20038 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20047 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20087 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20090 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20120 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20121 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20122 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20123 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20125 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20147 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20148 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20158 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20198 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20200 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20256 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20258 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20279 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20280 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20281 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-2400638 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237231 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237232 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569599 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569600 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-1314522 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20029 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20030 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20044 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20046 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20061 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20062 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20185 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-2960802 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-3237239 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-536100 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERESOURCE-568275 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20025 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20036 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20054 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20229 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20294 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-536101 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598 - https://snyk.io/vuln/SNYK-RUBY-AUTHLOGIC-20043 - https://snyk.io/vuln/SNYK-RUBY-I18N-20124 - https://snyk.io/vuln/SNYK-RUBY-I18N-72582 - https://snyk.io/vuln/SNYK-RUBY-MAIL-20026 - https://snyk.io/vuln/SNYK-RUBY-MAIL-20027 - https://snyk.io/vuln/SNYK-RUBY-MAIL-20244 - https://snyk.io/vuln/SNYK-RUBY-MYSQL2-20283 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 - https://snyk.io/vuln/SNYK-RUBY-RACK-20021 - https://snyk.io/vuln/SNYK-RUBY-RACK-20028 - https://snyk.io/vuln/SNYK-RUBY-RACK-20045 - https://snyk.io/vuln/SNYK-RUBY-RACK-20052 - https://snyk.io/vuln/SNYK-RUBY-RACK-20058 - https://snyk.io/vuln/SNYK-RUBY-RACK-20059 - https://snyk.io/vuln/SNYK-RUBY-RACK-20230 - https://snyk.io/vuln/SNYK-RUBY-RACK-20397 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848599 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848600 - https://snyk.io/vuln/SNYK-RUBY-RACK-3356639 - https://snyk.io/vuln/SNYK-RUBY-RACK-538324 - https://snyk.io/vuln/SNYK-RUBY-RACK-569066 - https://snyk.io/vuln/SNYK-RUBY-RACK-572377 - https://snyk.io/vuln/SNYK-RUBY-RACK-72567 - https://snyk.io/vuln/SNYK-RUBY-RAILS-1759747 - https://snyk.io/vuln/SNYK-RUBY-RAILS-472695 - https://snyk.io/vuln/SNYK-RUBY-RAILS-472697 - https://snyk.io/vuln/SNYK-RUBY-RAILS-536099 - https://snyk.io/vuln/SNYK-RUBY-RAILTIES-20454 - https://snyk.io/vuln/SNYK-RUBY-RAKE-552000 - https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048 --- Gemfile | 6 +- Gemfile.lock | 224 +++++++++++++++++++++++++++++++++++---------------- 2 files changed, 158 insertions(+), 72 deletions(-) diff --git a/Gemfile b/Gemfile index 69167f4..a0b77aa 100644 --- a/Gemfile +++ b/Gemfile @@ -1,12 +1,12 @@ source 'http://rubygems.org' -gem 'rails', '3.0.5' +gem 'rails', '6.1.7.3' # Bundle edge Rails instead: # gem 'rails', :git => 'git://github.com/rails/rails.git' -gem 'mysql2' -gem 'authlogic' +gem 'mysql2', '>= 0.2.12' +gem 'authlogic', '>= 3.3.0' gem 'rails3-generators' # Use unicorn as the web server # gem 'unicorn' diff --git a/Gemfile.lock b/Gemfile.lock index 97ab2fc..c284368 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,79 +1,165 @@ GEM remote: http://rubygems.org/ specs: - abstract (1.0.0) - actionmailer (3.0.5) - actionpack (= 3.0.5) - mail (~> 2.2.15) - actionpack (3.0.5) - activemodel (= 3.0.5) - activesupport (= 3.0.5) - builder (~> 2.1.2) - erubis (~> 2.6.6) - i18n (~> 0.4) - rack (~> 1.2.1) - rack-mount (~> 0.6.13) - rack-test (~> 0.5.7) - tzinfo (~> 0.3.23) - activemodel (3.0.5) - activesupport (= 3.0.5) - builder (~> 2.1.2) - i18n (~> 0.4) - activerecord (3.0.5) - activemodel (= 3.0.5) - activesupport (= 3.0.5) - arel (~> 2.0.2) - tzinfo (~> 0.3.23) - activeresource (3.0.5) - activemodel (= 3.0.5) - activesupport (= 3.0.5) - activesupport (3.0.5) - arel (2.0.9) - authlogic (2.1.6) - activesupport - builder (2.1.2) - erubis (2.6.6) - abstract (>= 1.0.0) - i18n (0.5.0) - mail (2.2.15) - activesupport (>= 2.3.6) - i18n (>= 0.4.0) - mime-types (~> 1.16) - treetop (~> 1.4.8) - mime-types (1.16) - mysql2 (0.2.6) - polyglot (0.3.1) - rack (1.2.1) - rack-mount (0.6.13) - rack (>= 1.0.0) - rack-test (0.5.7) - rack (>= 1.0) - rails (3.0.5) - actionmailer (= 3.0.5) - actionpack (= 3.0.5) - activerecord (= 3.0.5) - activeresource (= 3.0.5) - activesupport (= 3.0.5) - bundler (~> 1.0) - railties (= 3.0.5) - rails3-generators (0.17.4) + actioncable (6.1.7.3) + actionpack (= 6.1.7.3) + activesupport (= 6.1.7.3) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailbox (6.1.7.3) + actionpack (= 6.1.7.3) + activejob (= 6.1.7.3) + activerecord (= 6.1.7.3) + activestorage (= 6.1.7.3) + activesupport (= 6.1.7.3) + mail (>= 2.7.1) + actionmailer (6.1.7.3) + actionpack (= 6.1.7.3) + actionview (= 6.1.7.3) + activejob (= 6.1.7.3) + activesupport (= 6.1.7.3) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (6.1.7.3) + actionview (= 6.1.7.3) + activesupport (= 6.1.7.3) + rack (~> 2.0, >= 2.0.9) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (6.1.7.3) + actionpack (= 6.1.7.3) + activerecord (= 6.1.7.3) + activestorage (= 6.1.7.3) + activesupport (= 6.1.7.3) + nokogiri (>= 1.8.5) + actionview (6.1.7.3) + activesupport (= 6.1.7.3) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activejob (6.1.7.3) + activesupport (= 6.1.7.3) + globalid (>= 0.3.6) + activemodel (6.1.7.3) + activesupport (= 6.1.7.3) + activerecord (6.1.7.3) + activemodel (= 6.1.7.3) + activesupport (= 6.1.7.3) + activestorage (6.1.7.3) + actionpack (= 6.1.7.3) + activejob (= 6.1.7.3) + activerecord (= 6.1.7.3) + activesupport (= 6.1.7.3) + marcel (~> 1.0) + mini_mime (>= 1.1.0) + activesupport (6.1.7.3) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + authlogic (6.4.2) + activemodel (>= 5.2, < 7.1) + activerecord (>= 5.2, < 7.1) + activesupport (>= 5.2, < 7.1) + request_store (~> 1.0) + builder (3.2.4) + concurrent-ruby (1.2.2) + crass (1.0.6) + date (3.3.3) + erubi (1.12.0) + globalid (1.1.0) + activesupport (>= 5.0) + i18n (1.12.0) + concurrent-ruby (~> 1.0) + loofah (2.20.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.8.1) + mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp + marcel (1.0.2) + method_source (1.0.0) + mini_mime (1.1.2) + mini_portile2 (2.8.1) + minitest (5.18.0) + mysql2 (0.5.5) + net-imap (0.3.4) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.1) + timeout + net-smtp (0.3.3) + net-protocol + nio4r (2.5.9) + nokogiri (1.14.2) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) + racc (1.6.2) + rack (2.2.6.4) + rack-test (2.1.0) + rack (>= 1.3) + rails (6.1.7.3) + actioncable (= 6.1.7.3) + actionmailbox (= 6.1.7.3) + actionmailer (= 6.1.7.3) + actionpack (= 6.1.7.3) + actiontext (= 6.1.7.3) + actionview (= 6.1.7.3) + activejob (= 6.1.7.3) + activemodel (= 6.1.7.3) + activerecord (= 6.1.7.3) + activestorage (= 6.1.7.3) + activesupport (= 6.1.7.3) + bundler (>= 1.15.0) + railties (= 6.1.7.3) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.5.0) + loofah (~> 2.19, >= 2.19.1) + rails3-generators (1.0.0) railties (>= 3.0.0) - railties (3.0.5) - actionpack (= 3.0.5) - activesupport (= 3.0.5) - rake (>= 0.8.7) - thor (~> 0.14.4) - rake (0.8.7) - thor (0.14.6) - treetop (1.4.9) - polyglot (>= 0.3.1) - tzinfo (0.3.24) + railties (6.1.7.3) + actionpack (= 6.1.7.3) + activesupport (= 6.1.7.3) + method_source + rake (>= 12.2) + thor (~> 1.0) + rake (13.0.6) + request_store (1.5.1) + rack (>= 1.4) + sprockets (4.2.0) + concurrent-ruby (~> 1.0) + rack (>= 2.2.4, < 4) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) + sprockets (>= 3.0.0) + thor (1.2.1) + timeout (0.3.2) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + websocket-driver (0.7.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + zeitwerk (2.6.7) PLATFORMS ruby DEPENDENCIES - authlogic - mysql2 - rails (= 3.0.5) + authlogic (>= 3.3.0) + mysql2 (>= 0.2.12) + rails (= 6.1.7.3) rails3-generators + +BUNDLED WITH + 2.1.4