From 8b4ff8c7cee82a7e31d49ff8df4c172c5e8ae482 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 20 Mar 2023 09:22:47 +0000 Subject: [PATCH] fix: Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028 - https://snyk.io/vuln/SNYK-RUBY-RACK-3360233 --- Gemfile | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Gemfile b/Gemfile index 0a1c624d..54a49eb0 100644 --- a/Gemfile +++ b/Gemfile @@ -3,11 +3,11 @@ source 'https://rubygems.org' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 5.2' +gem 'rails', '~> 6.1', '>= 6.1.7.3' # Use postgresql as the database for Active Record gem 'pg', '= 0.21.0' # Use SCSS for stylesheets -gem 'sass-rails', '~> 5.0' +gem 'sass-rails', '~> 5.0', '>= 5.0.8' # Use Uglifier as compressor for JavaScript assets gem 'uglifier', '>= 1.3.0' # Use CoffeeScript for .coffee assets and views @@ -16,9 +16,9 @@ gem 'coffee-rails', '~> 4.2.2' # gem 'therubyracer', platforms: :ruby # Use jquery as the JavaScript library -gem 'jquery-rails', '>= 4.3.1' +gem 'jquery-rails', '>= 4.3.3' # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder -gem 'jbuilder', '~> 2.0' +gem 'jbuilder', '~> 2.7', '>= 2.7.0' # bundle exec rake doc:rails generates the API under doc/api. gem 'sdoc', '~> 0.4.0', group: :doc @@ -28,10 +28,10 @@ gem 'bourbon' gem 'neat', '< 2.0' gem 'bitters' # Haml is the way -gem 'haml-rails', '~> 1.0' +gem 'haml-rails', '~> 1.0', '>= 1.0.0' gem 'redcarpet' # Fontawesome is pretty awesome -gem "font-awesome-rails" +gem "font-awesome-rails", ">= 4.7.0.6" # other starter gems gem 'high_voltage' gem 'normalize-rails' @@ -40,13 +40,13 @@ gem 'jquery-ui-rails', '>= 5.0.5', '< 6.0.0' gem 'geokit' -gem 'acts_as_list', '>= 0.9.5' +gem 'acts_as_list', '>= 0.9.15' -gem 'devise', '>= 4.3.0' +gem 'devise', '>= 4.7.0' gem 'rails_12factor' gem 'puma' -gem 'dotenv-rails', '>= 2.2.1', :groups => [:development, :test] +gem 'dotenv-rails', '>= 2.7.6', :groups => [:development, :test] gem 'twilio-ruby' @@ -54,7 +54,7 @@ gem 'paperclip', '5.3.0' gem 'aws-sdk', '~> 2.3' gem 'filterrific', '~> 2.1' -gem 'kaminari', '>= 1.0.1' +gem 'kaminari', '>= 1.1.1' gem 'que' gem 'platform-api' gem 'friendly_id' @@ -67,7 +67,7 @@ gem 'polylines' gem 'leaflet-rails' # Require FactoryBot in production for seeding purposes -gem 'factory_bot_rails', '>= 4.8.0' +gem 'factory_bot_rails', '>= 4.8.2' gem 'appsignal' gem 'sendgrid_actionmailer_adapter' gem 'sinatra' @@ -103,13 +103,13 @@ group :development, :test do gem 'turnip' gem 'vcr' gem 'bullet' - gem 'rails-controller-testing' + gem 'rails-controller-testing', '>= 1.0.3' gem 'email_spec' end group :development do # Access an IRB console on exception pages or by using <%= console %> in views - gem 'web-console', '~> 3.6' + gem 'web-console', '~> 3.6', '>= 3.6.2' # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring'