From 505bc1b81db09db5b097469660028eb9bbadf31f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 30 May 2020 22:29:51 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598 --- Gemfile | 6 +- Gemfile.lock | 197 ++++++++++++++++++++++++++------------------------- 2 files changed, 102 insertions(+), 101 deletions(-) diff --git a/Gemfile b/Gemfile index 456d314..995760d 100644 --- a/Gemfile +++ b/Gemfile @@ -2,10 +2,10 @@ # the following line to use "https" source 'http://rubygems.org' -gem "middleman", "~>3.3.2" -gem "middleman-livereload", "~> 3.1.0" +gem "middleman", "~> 4.3.7" +gem "middleman-livereload", "~> 3.1.1" gem 'bourbon' -gem 'middleman-deploy' +gem 'middleman-deploy', '>= 0.2.3' gem 'github-markdown' gem 'quantile' diff --git a/Gemfile.lock b/Gemfile.lock index c805e6b..86bfc0a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,77 +1,85 @@ GEM remote: http://rubygems.org/ specs: - activesupport (4.0.5) - i18n (~> 0.6, >= 0.6.9) - minitest (~> 4.2) - multi_json (~> 1.3) - thread_safe (~> 0.1) - tzinfo (~> 0.3.37) + activesupport (5.2.4.3) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) awesome_print (1.2.0) babosa (0.3.11) + backports (3.17.2) bourbon (3.1.8) sass (>= 3.2.0) thor - chunky_png (1.3.1) coderay (1.1.0) - coffee-script (2.2.0) + coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.7.0) - compass (0.12.6) - chunky_png (~> 1.2) - fssm (>= 0.2.7) - sass (~> 3.2.19) - compass-import-once (1.0.4) - sass (>= 3.2, < 3.5) + coffee-script-source (1.12.2) + concurrent-ruby (1.1.6) + contracts (0.13.0) + dotenv (2.7.5) em-websocket (0.5.1) eventmachine (>= 0.12.9) http_parser.rb (~> 0.6.0) erubis (2.7.0) - eventmachine (1.0.3) - execjs (2.0.2) - ffi (1.9.3) - fssm (0.2.10) + eventmachine (1.2.7) + execjs (2.7.0) + fast_blank (1.0.0) + fastimage (2.1.7) + ffi (1.12.2) github-markdown (0.6.5) - haml (4.0.5) + haml (5.1.2) + temple (>= 0.8.0) tilt - hike (1.2.3) - hooks (0.4.0) - uber (~> 0.0.4) + hamster (3.0.0) + concurrent-ruby (~> 1.0) + hashie (3.6.0) http_parser.rb (0.6.0) - i18n (0.6.9) - json (1.8.1) - kramdown (1.3.3) - listen (1.3.1) - rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) - rb-kqueue (>= 0.2) + i18n (0.9.5) + concurrent-ruby (~> 1.0) + kramdown (1.17.0) + listen (3.0.8) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + memoist (0.16.2) method_source (0.8.2) - middleman (3.3.2) - coffee-script (~> 2.2.0) - compass (>= 0.12.4) - compass-import-once (~> 1.0.4) - execjs (~> 2.0) + middleman (4.3.7) + coffee-script (~> 2.2) haml (>= 4.0.5) kramdown (~> 1.2) - middleman-core (= 3.3.2) - middleman-sprockets (>= 3.1.2) - sass (>= 3.2.17, < 4.0) - uglifier (~> 2.5) - middleman-core (3.3.2) - activesupport (~> 4.0.1) - bundler (~> 1.1) + middleman-cli (= 4.3.7) + middleman-core (= 4.3.7) + middleman-cli (4.3.7) + thor (>= 0.17.0, < 2.0) + middleman-core (4.3.7) + activesupport (>= 4.2, < 6.0) + addressable (~> 2.3) + backports (~> 3.6) + bundler + contracts (~> 0.13.0) + dotenv erubis - hooks (~> 0.3) - i18n (~> 0.6.9) - listen (~> 1.1) - padrino-helpers (~> 0.12.1) - rack (>= 1.4.5, < 2.0) - rack-test (~> 0.6.2) - thor (>= 0.15.2, < 2.0) - tilt (~> 1.4.1, < 2.0) - middleman-deploy (0.2.3) - middleman-core (>= 3.0.0) + execjs (~> 2.0) + fast_blank + fastimage (~> 2.0) + hamster (~> 3.0) + hashie (~> 3.4) + i18n (~> 0.9.0) + listen (~> 3.0.0) + memoist (~> 0.14) + padrino-helpers (~> 0.13.0) + parallel + rack (>= 1.4.5, < 3) + sassc (~> 2.0) + servolux + tilt (~> 2.0.9) + uglifier (~> 3.0) + middleman-deploy (1.0.0) + middleman-core (>= 3.2) net-sftp ptools middleman-livereload (3.1.1) @@ -79,62 +87,52 @@ GEM middleman-core (>= 3.0.2) multi_json (~> 1.0) rack-livereload - middleman-sprockets (3.3.3) - middleman-core (>= 3.2) - sprockets (~> 2.2) - sprockets-helpers (~> 1.1.0) - sprockets-sass (~> 1.1.0) - minitest (4.7.5) - multi_json (1.10.1) + minitest (5.14.1) + multi_json (1.14.1) narray (0.6.0.9) - net-sftp (2.1.2) - net-ssh (>= 2.6.5) - net-ssh (2.9.1) - padrino-helpers (0.12.2) + net-sftp (3.0.0) + net-ssh (>= 5.0.0, < 7.0.0) + net-ssh (6.0.2) + padrino-helpers (0.13.3.4) i18n (~> 0.6, >= 0.6.7) - padrino-support (= 0.12.2) - tilt (~> 1.4.1) - padrino-support (0.12.2) + padrino-support (= 0.13.3.4) + tilt (>= 1.4.1, < 3) + padrino-support (0.13.3.4) activesupport (>= 3.1) + parallel (1.19.1) pry (0.9.12.6) coderay (~> 1.0) method_source (~> 0.8) slop (~> 3.4) - ptools (1.2.4) + ptools (1.3.5) + public_suffix (4.0.5) quantile (0.2.0) - rack (1.5.2) - rack-livereload (0.3.15) + rack (2.2.2) + rack-livereload (0.3.17) rack - rack-test (0.6.2) - rack (>= 1.0) - rb-fsevent (0.9.4) - rb-inotify (0.9.4) - ffi (>= 0.5.0) - rb-kqueue (0.2.2) - ffi (>= 0.5.0) + rb-fsevent (0.10.4) + rb-inotify (0.10.1) + ffi (~> 1.0) ruby-stemmer (0.9.3) - sass (3.2.19) + sass (3.7.4) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sassc (2.3.0) + ffi (~> 1.9) + servolux (0.13.0) slop (3.5.0) - sprockets (2.12.1) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-helpers (1.1.0) - sprockets (~> 2.0) - sprockets-sass (1.1.0) - sprockets (~> 2.0) - tilt (~> 1.1) stopwords-filter (0.3.1) + temple (0.8.2) tf-idf-similarity (0.1.3) - thor (0.19.1) - thread_safe (0.3.3) - tilt (1.4.1) - tzinfo (0.3.39) - uber (0.0.6) - uglifier (2.5.0) - execjs (>= 0.3.0) - json (>= 1.8.0) + thor (1.0.1) + thread_safe (0.3.6) + tilt (2.0.10) + tzinfo (1.2.7) + thread_safe (~> 0.1) + uglifier (3.2.0) + execjs (>= 0.3.0, < 3) PLATFORMS ruby @@ -144,9 +142,9 @@ DEPENDENCIES babosa bourbon github-markdown - middleman (~> 3.3.2) - middleman-deploy - middleman-livereload (~> 3.1.0) + middleman (~> 4.3.7) + middleman-deploy (>= 0.2.3) + middleman-livereload (~> 3.1.1) narray pry quantile @@ -155,3 +153,6 @@ DEPENDENCIES tf-idf-similarity tzinfo-data wdm (~> 0.1.0) + +BUNDLED WITH + 1.17.3