From c0fb83f9476b235960ad4e7fcf7f5949278edbfe Mon Sep 17 00:00:00 2001 From: tochman Date: Tue, 3 Jul 2018 09:49:03 +0200 Subject: [PATCH] adds security fixes --- Gemfile | 6 ++++++ Gemfile.lock | 49 ++++++++++++++++++++++++++----------------------- 2 files changed, 32 insertions(+), 23 deletions(-) diff --git a/Gemfile b/Gemfile index ca0e0c5..ef80204 100644 --- a/Gemfile +++ b/Gemfile @@ -25,3 +25,9 @@ end group :production do gem 'rails_12factor' end + +# Fixes +gem 'loofah', '~> 2.2.1' +gem 'rails-html-sanitizer', '~> 1.0.4' +gem 'sprockets', '~> 3.7.2' + diff --git a/Gemfile.lock b/Gemfile.lock index 489d889..d4285bf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -39,17 +39,17 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) arel (8.0.0) - autoprefixer-rails (8.0.0) + autoprefixer-rails (8.6.4) execjs - bcrypt (3.1.11) + bcrypt (3.1.12) binding_of_caller (0.8.0) debug_inspector (>= 0.0.1) bootstrap-sass (3.3.7) autoprefixer-rails (>= 5.2.1) sass (>= 3.3.4) builder (3.2.3) - byebug (10.0.0) - carrierwave (1.2.2) + byebug (10.0.2) + carrierwave (1.2.3) activemodel (>= 4.0.0) activesupport (>= 4.0.0) mime-types (>= 1.16) @@ -66,17 +66,17 @@ GEM execjs coffee-script-source (1.12.2) concurrent-ruby (1.0.5) - crass (1.0.3) + crass (1.0.4) debug_inspector (0.0.3) - devise (4.4.1) + devise (4.4.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.2) + railties (>= 4.1.0, < 6.0) responders warden (~> 1.2.3) - erubi (1.7.0) + erubi (1.7.1) execjs (2.7.0) - ffi (1.9.21) + ffi (1.9.25) globalid (0.4.1) activesupport (>= 4.2.0) i18n (0.9.5) @@ -84,11 +84,11 @@ GEM jbuilder (2.7.0) activesupport (>= 4.2.0) multi_json (>= 1.2) - jquery-rails (4.3.1) + jquery-rails (4.3.3) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - loofah (2.2.0) + loofah (2.2.2) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.0) @@ -104,8 +104,8 @@ GEM mini_portile2 (2.3.0) minitest (5.11.3) multi_json (1.13.1) - nio4r (2.2.0) - nokogiri (1.8.2) + nio4r (2.3.1) + nokogiri (1.8.3) mini_portile2 (~> 2.3.0) orm_adapter (0.5.0) pg (0.21.0) @@ -115,9 +115,9 @@ GEM pry-byebug (3.6.0) byebug (~> 10.0) pry (~> 0.10) - puma (3.11.2) - rack (2.0.4) - rack-test (0.8.2) + puma (3.11.4) + rack (2.0.5) + rack-test (1.0.0) rack (>= 1.0, < 3) rails (5.1.5) actioncable (= 5.1.5) @@ -134,8 +134,8 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) + rails-html-sanitizer (1.0.4) + loofah (~> 2.2, >= 2.2.2) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging @@ -148,13 +148,13 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (11.3.0) - rb-fsevent (0.10.2) + rb-fsevent (0.10.3) rb-inotify (0.9.10) ffi (>= 0.5.0, < 2) responders (2.4.0) actionpack (>= 4.2.0, < 5.3) railties (>= 4.2.0, < 5.3) - sass (3.5.5) + sass (3.5.6) sass-listen (~> 4.0.0) sass-listen (4.0.0) rb-fsevent (~> 0.9, >= 0.9.4) @@ -167,7 +167,7 @@ GEM tilt (>= 1.1, < 3) spring (2.0.2) activesupport (>= 4.2) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -177,12 +177,12 @@ GEM thor (0.20.0) thread_safe (0.3.6) tilt (2.0.8) - turbolinks (5.1.0) + turbolinks (5.1.1) turbolinks-source (~> 5.1) turbolinks-source (5.1.0) tzinfo (1.2.5) thread_safe (~> 0.1) - uglifier (4.1.6) + uglifier (4.1.14) execjs (>= 0.3.0, < 3) warden (1.2.7) rack (>= 1.0) @@ -204,15 +204,18 @@ DEPENDENCIES devise jbuilder (~> 2.0) jquery-rails + loofah (~> 2.2.1) mailboxer pg (~> 0.15) pry-byebug puma (~> 3.7) rails (= 5.1.5) + rails-html-sanitizer (~> 1.0.4) rails_12factor rake (~> 11.1, >= 11.1.2) sass-rails (~> 5.0) spring + sprockets (~> 3.7.2) turbolinks uglifier (>= 1.3.0) web-console (~> 2.0)