From c37c70e60d720f38290fb7c96f13e45597187eb6 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 12 Jan 2019 03:17:59 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-I18N-72582 --- Gemfile | 6 +- Gemfile.lock | 192 +++++++++++++++++++++++++-------------------------- 2 files changed, 96 insertions(+), 102 deletions(-) diff --git a/Gemfile b/Gemfile index f045dc2..2083736 100644 --- a/Gemfile +++ b/Gemfile @@ -2,11 +2,11 @@ # the following line to use "http://" instead source 'https://rubygems.org' -gem "middleman", "~>3.3.8" -gem "middleman-deploy" +gem "middleman", "~> 4.3.0" +gem "middleman-deploy", ">= 1.0.0" # Live-reloading plugin -gem "middleman-livereload", "~> 3.1.0" +gem "middleman-livereload", "~> 3.1.1" # For faster file watcher updates on Windows: gem "wdm", "~> 0.1.0", :platforms => [:mswin, :mingw] diff --git a/Gemfile.lock b/Gemfile.lock index 860034c..936ef79 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,78 +1,78 @@ GEM remote: https://rubygems.org/ specs: - activesupport (4.1.9) - i18n (~> 0.6, >= 0.6.9) - json (~> 1.7, >= 1.7.7) + activesupport (5.0.7.1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) minitest (~> 5.1) - thread_safe (~> 0.1) tzinfo (~> 1.1) + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) + backports (3.11.4) bourbon (4.2.0) sass (~> 3.4) thor - celluloid (0.16.0) - timers (~> 4.0.0) - chunky_png (1.3.4) - coffee-script (2.3.0) + coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.9.0) - compass (1.0.3) - chunky_png (~> 1.2) - compass-core (~> 1.0.2) - compass-import-once (~> 1.0.5) - rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) - sass (>= 3.3.13, < 3.5) - compass-core (1.0.3) - multi_json (~> 1.0) - sass (>= 3.3.0, < 3.5) - compass-import-once (1.0.5) - sass (>= 3.2, < 3.5) + coffee-script-source (1.12.2) + concurrent-ruby (1.1.4) + contracts (0.13.0) + dotenv (2.6.0) em-websocket (0.5.1) eventmachine (>= 0.12.9) http_parser.rb (~> 0.6.0) erubis (2.7.0) - eventmachine (1.0.7) - execjs (2.3.0) - ffi (1.9.6) - haml (4.0.6) + eventmachine (1.2.7) + execjs (2.7.0) + fast_blank (1.0.0) + fastimage (2.1.5) + ffi (1.9.25) + haml (5.0.4) + temple (>= 0.8.0) tilt - hike (1.2.3) - hitimes (1.2.2) - hooks (0.4.0) - uber (~> 0.0.4) + hamster (3.0.0) + concurrent-ruby (~> 1.0) + hashie (3.6.0) http_parser.rb (0.6.0) - i18n (0.7.0) - json (1.8.2) - kramdown (1.5.0) - listen (2.8.5) - celluloid (>= 0.15.2) - rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) - middleman (3.3.9) + i18n (0.9.5) + concurrent-ruby (~> 1.0) + kramdown (1.17.0) + listen (3.0.8) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + memoist (0.16.0) + middleman (4.3.0) coffee-script (~> 2.2) - compass (>= 1.0.0, < 2.0.0) - compass-import-once (= 1.0.5) - execjs (~> 2.0) haml (>= 4.0.5) kramdown (~> 1.2) - middleman-core (= 3.3.9) - middleman-sprockets (>= 3.1.2) - sass (>= 3.4.0, < 4.0) - uglifier (~> 2.5) - middleman-core (3.3.9) - activesupport (~> 4.1.0) - bundler (~> 1.1) + middleman-cli (= 4.3.0) + middleman-core (= 4.3.0) + middleman-cli (4.3.0) + thor (>= 0.17.0, < 2.0) + middleman-core (4.3.0) + activesupport (>= 4.2, < 5.1) + addressable (~> 2.3) + backports (~> 3.6) + bundler + contracts (~> 0.13.0) + dotenv erubis - hooks (~> 0.3) - i18n (~> 0.7.0) - listen (>= 2.7.9, < 3.0) - padrino-helpers (~> 0.12.3) - rack (>= 1.4.5, < 2.0) - rack-test (~> 0.6.2) - thor (>= 0.15.2, < 2.0) - tilt (~> 1.4.1, < 2.0) + execjs (~> 2.0) + fast_blank + fastimage (~> 2.0) + hamster (~> 3.0) + hashie (~> 3.4) + i18n (~> 0.9.0) + listen (~> 3.0.0) + memoist (~> 0.14) + padrino-helpers (~> 0.13.0) + parallel + rack (>= 1.4.5, < 3) + sassc (~> 2.0) + servolux + tilt (~> 2.0.9) + uglifier (~> 3.0) middleman-deploy (1.0.0) middleman-core (>= 3.2) net-sftp @@ -82,65 +82,59 @@ GEM middleman-core (>= 3.0.2) multi_json (~> 1.0) rack-livereload - middleman-sprockets (3.4.1) - middleman-core (>= 3.3) - sprockets (~> 2.12.1) - sprockets-helpers (~> 1.1.0) - sprockets-sass (~> 1.3.0) - minitest (5.5.1) - multi_json (1.10.1) + minitest (5.11.3) + multi_json (1.13.1) neat (1.7.1) bourbon (>= 4.0) sass (>= 3.3) net-sftp (2.1.2) net-ssh (>= 2.6.5) - net-ssh (2.9.2) - padrino-helpers (0.12.4) + net-ssh (5.1.0) + padrino-helpers (0.13.3.4) i18n (~> 0.6, >= 0.6.7) - padrino-support (= 0.12.4) - tilt (~> 1.4.1) - padrino-support (0.12.4) + padrino-support (= 0.13.3.4) + tilt (>= 1.4.1, < 3) + padrino-support (0.13.3.4) activesupport (>= 3.1) - ptools (1.3.2) - rack (1.6.0) - rack-livereload (0.3.15) + parallel (1.12.1) + ptools (1.3.5) + public_suffix (3.0.3) + rack (2.0.6) + rack-livereload (0.3.17) rack - rack-test (0.6.3) - rack (>= 1.0) - rb-fsevent (0.9.4) - rb-inotify (0.9.5) - ffi (>= 0.5.0) - sass (3.4.12) - sprockets (2.12.3) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-helpers (1.1.0) - sprockets (~> 2.0) - sprockets-sass (1.3.1) - sprockets (~> 2.0) - tilt (~> 1.1) - thor (0.19.1) - thread_safe (0.3.4) - tilt (1.4.1) - timers (4.0.1) - hitimes - tzinfo (1.2.2) + rake (12.3.2) + rb-fsevent (0.10.3) + rb-inotify (0.10.0) + ffi (~> 1.0) + sass (3.7.3) + sass-listen (~> 4.0.0) + sass-listen (4.0.0) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + sassc (2.0.0) + ffi (~> 1.9.6) + rake + servolux (0.13.0) + temple (0.8.0) + thor (0.20.3) + thread_safe (0.3.6) + tilt (2.0.9) + tzinfo (1.2.5) thread_safe (~> 0.1) - uber (0.0.13) - uglifier (2.7.0) - execjs (>= 0.3.0) - json (>= 1.8.0) + uglifier (3.2.0) + execjs (>= 0.3.0, < 3) PLATFORMS ruby DEPENDENCIES bourbon - middleman (~> 3.3.8) - middleman-deploy - middleman-livereload (~> 3.1.0) + middleman (~> 4.3.0) + middleman-deploy (>= 1.0.0) + middleman-livereload (~> 3.1.1) neat tzinfo-data wdm (~> 0.1.0) + +BUNDLED WITH + 1.17.3