From f82e550fa42e244500488cf47fc93497fc3969a3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 14 May 2020 04:27:28 +0100 Subject: [PATCH 1/2] fix: test/fixtures/mono-repo-project/Gemfile & test/fixtures/mono-repo-project/Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://dev.snyk.io/vuln/SNYK-RUBY-RACK-569066 --- test/fixtures/mono-repo-project/Gemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/fixtures/mono-repo-project/Gemfile b/test/fixtures/mono-repo-project/Gemfile index eaaf55a49f..b23a8bfb0b 100644 --- a/test/fixtures/mono-repo-project/Gemfile +++ b/test/fixtures/mono-repo-project/Gemfile @@ -1,6 +1,6 @@ source :rubygems -gem "sinatra" +gem "sinatra", ">= 2.0.0" gem "haml" gem "httparty" -gem "actionpack" +gem "actionpack", ">= 5.0.0" From 4f4fce6776993a9beac704a36e46c1a5c92f82a4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 14 May 2020 04:27:29 +0100 Subject: [PATCH 2/2] fix: test/fixtures/mono-repo-project/Gemfile & test/fixtures/mono-repo-project/Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://dev.snyk.io/vuln/SNYK-RUBY-RACK-569066 --- test/fixtures/mono-repo-project/Gemfile.lock | 95 ++++++++++---------- 1 file changed, 49 insertions(+), 46 deletions(-) diff --git a/test/fixtures/mono-repo-project/Gemfile.lock b/test/fixtures/mono-repo-project/Gemfile.lock index c204545ac4..8dba24c2ef 100644 --- a/test/fixtures/mono-repo-project/Gemfile.lock +++ b/test/fixtures/mono-repo-project/Gemfile.lock @@ -1,71 +1,74 @@ GEM remote: http://rubygems.org/ specs: - actionpack (4.2.5) - actionview (= 4.2.5) - activesupport (= 4.2.5) - rack (~> 1.6) - rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.5) + actionpack (5.2.4.2) + actionview (= 5.2.4.2) + activesupport (= 5.2.4.2) + rack (~> 2.0, >= 2.0.8) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.5) - activesupport (= 4.2.5) + actionview (5.2.4.2) + activesupport (= 5.2.4.2) builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - activesupport (4.2.5) - i18n (~> 0.7) - json (~> 1.7, >= 1.7.7) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activesupport (5.2.4.2) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) minitest (~> 5.1) - thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - builder (3.2.2) - erubis (2.7.0) + builder (3.2.4) + concurrent-ruby (1.1.6) + crass (1.0.6) + erubi (1.9.0) haml (3.1.4) httparty (0.8.1) multi_json multi_xml - i18n (0.7.0) - json (1.8.3) - loofah (2.0.3) + i18n (1.8.2) + concurrent-ruby (~> 1.0) + loofah (2.5.0) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mini_portile2 (2.1.0) - minitest (5.9.1) + mini_portile2 (2.4.0) + minitest (5.14.0) multi_json (1.12.1) multi_xml (0.5.5) - nokogiri (1.6.8.1) - mini_portile2 (~> 2.1.0) - rack (1.6.4) - rack-protection (1.5.3) + mustermann (1.1.1) + ruby2_keywords (~> 0.0.1) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) + rack (2.2.2) + rack-protection (2.0.8.1) rack - rack-test (0.6.3) - rack (>= 1.0) - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) - rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - sinatra (1.3.2) - rack (~> 1.3, >= 1.3.6) - rack-protection (~> 1.2) - tilt (~> 1.3, >= 1.3.3) - thread_safe (0.3.5) - tilt (1.4.1) - tzinfo (1.2.2) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + ruby2_keywords (0.0.2) + sinatra (2.0.8.1) + mustermann (~> 1.0) + rack (~> 2.0) + rack-protection (= 2.0.8.1) + tilt (~> 2.0) + thread_safe (0.3.6) + tilt (2.0.10) + tzinfo (1.2.7) thread_safe (~> 0.1) PLATFORMS ruby DEPENDENCIES - actionpack + actionpack (>= 5.0.0) haml httparty - sinatra + sinatra (>= 2.0.0) BUNDLED WITH - 1.13.2 + 1.17.3