Skip to content

Commit

Permalink
Resolve security alerts (#308)
Browse files Browse the repository at this point in the history 
* Resolve security alerts

Ran `bundle update rails` to resolve CVE-2021-22885, CVE-2021-22880,
GHSA-vr8q-g5c7-m54m, and GHSA-cfjv-5498-mph5.

* Bump Rails to `5.2.6` and lock `nokogiri`

Bumped Rails again to v5.2.6 and lock `nokogiri` to last Ruby 2.4
supported v1.10.10.

Signed-off-by: Cory Hutchison <cory.hutchison@shopify.com>

* Update Gemfile

Co-authored-by: Rafael França <rafael.franca@shopify.com>

Co-authored-by: Rafael França <rafael.franca@shopify.com>
  • Loading branch information
@mutecipher @rafaelfranca
mutecipher and rafaelfranca committed May 17, 2021
1 parent a3d21c2 commit e5cbe6b
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 56 deletions.
1 change: 1 addition & 0 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ group(:development, :test) do
# Fix version to 0.14.1 since it is the last version to support Ruby 2.4
gem("shopify-money", "= 0.14.1", require: false)
gem("sidekiq", "~>5.0", require: false) # Version 6 dropped support for Ruby 2.4
gem("nokogiri", "1.10.10", require: false) # Lock to last supported for Ruby 2.4
end

gem "rubocop-sorbet", ">= 0.4.1"
109 changes: 53 additions & 56 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,53 +20,53 @@ PATH
GEM
remote: https://rubygems.org/
specs:
actioncable (5.2.4.3)
actionpack (= 5.2.4.3)
actioncable (5.2.6)
actionpack (= 5.2.6)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailer (5.2.4.3)
actionpack (= 5.2.4.3)
actionview (= 5.2.4.3)
activejob (= 5.2.4.3)
actionmailer (5.2.6)
actionpack (= 5.2.6)
actionview (= 5.2.6)
activejob (= 5.2.6)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (5.2.4.3)
actionview (= 5.2.4.3)
activesupport (= 5.2.4.3)
actionpack (5.2.6)
actionview (= 5.2.6)
activesupport (= 5.2.6)
rack (~> 2.0, >= 2.0.8)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.2.4.3)
activesupport (= 5.2.4.3)
actionview (5.2.6)
activesupport (= 5.2.6)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.2.4.3)
activesupport (= 5.2.4.3)
activejob (5.2.6)
activesupport (= 5.2.6)
globalid (>= 0.3.6)
activemodel (5.2.4.3)
activesupport (= 5.2.4.3)
activemodel (5.2.6)
activesupport (= 5.2.6)
activemodel-serializers-xml (1.0.2)
activemodel (> 5.x)
activesupport (> 5.x)
builder (~> 3.1)
activerecord (5.2.4.3)
activemodel (= 5.2.4.3)
activesupport (= 5.2.4.3)
activerecord (5.2.6)
activemodel (= 5.2.6)
activesupport (= 5.2.6)
arel (>= 9.0)
activerecord-typedstore (1.3.0)
activerecord (>= 5.2)
activeresource (5.1.1)
activemodel (>= 5.0, < 7)
activemodel-serializers-xml (~> 1.0)
activesupport (>= 5.0, < 7)
activestorage (5.2.4.3)
actionpack (= 5.2.4.3)
activerecord (= 5.2.4.3)
marcel (~> 0.3.1)
activesupport (5.2.4.3)
activestorage (5.2.6)
actionpack (= 5.2.6)
activerecord (= 5.2.6)
marcel (~> 1.0.0)
activesupport (5.2.6)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
Expand All @@ -82,45 +82,41 @@ GEM
colorize (0.8.1)
commander (4.6.0)
highline (~> 2.0.0)
concurrent-ruby (1.1.6)
concurrent-ruby (1.1.8)
connection_pool (2.2.3)
crass (1.0.6)
erubi (1.9.0)
erubi (1.10.0)
frozen_record (0.17.0)
activemodel
globalid (0.4.2)
activesupport (>= 4.2.0)
google-protobuf (3.12.2)
highline (2.0.3)
i18n (1.8.2)
i18n (1.8.10)
concurrent-ruby (~> 1.0)
identity_cache (1.0.1)
activerecord (>= 5.2)
ar_transaction_changes (~> 1.0)
jaro_winkler (1.5.4)
loofah (2.5.0)
loofah (2.9.1)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
mini_mime (>= 0.1.1)
marcel (0.3.3)
mimemagic (~> 0.3.2)
marcel (1.0.1)
method_source (0.9.2)
mimemagic (0.3.10)
nokogiri (~> 1)
rake
mini_mime (1.0.2)
mini_mime (1.1.0)
mini_portile2 (2.4.0)
minitest (5.14.2)
minitest (5.14.4)
minitest-hooks (1.5.0)
minitest (> 5.3)
minitest-reporters (1.4.2)
ansi
builder
minitest (>= 5.0)
ruby-progressbar
nio4r (2.5.2)
nokogiri (1.10.9)
nio4r (2.5.7)
nokogiri (1.10.10)
mini_portile2 (~> 2.4.0)
parallel (1.19.1)
parlour (6.0.0)
Expand All @@ -141,32 +137,32 @@ GEM
rack
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails (5.2.4.3)
actioncable (= 5.2.4.3)
actionmailer (= 5.2.4.3)
actionpack (= 5.2.4.3)
actionview (= 5.2.4.3)
activejob (= 5.2.4.3)
activemodel (= 5.2.4.3)
activerecord (= 5.2.4.3)
activestorage (= 5.2.4.3)
activesupport (= 5.2.4.3)
rails (5.2.6)
actioncable (= 5.2.6)
actionmailer (= 5.2.6)
actionpack (= 5.2.6)
actionview (= 5.2.6)
activejob (= 5.2.6)
activemodel (= 5.2.6)
activerecord (= 5.2.6)
activestorage (= 5.2.6)
activesupport (= 5.2.6)
bundler (>= 1.3.0)
railties (= 5.2.4.3)
railties (= 5.2.6)
sprockets-rails (>= 2.0.0)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
railties (5.2.4.3)
actionpack (= 5.2.4.3)
activesupport (= 5.2.4.3)
railties (5.2.6)
actionpack (= 5.2.6)
activesupport (= 5.2.6)
method_source
rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0)
rainbow (3.0.0)
rake (13.0.1)
rake (13.0.3)
redis (4.1.4)
rubocop (0.78.0)
jaro_winkler (~> 1.5.1)
Expand Down Expand Up @@ -206,18 +202,18 @@ GEM
sprockets (3.7.2)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.1)
sprockets-rails (3.2.2)
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
sqlite3 (1.4.2)
state_machines (0.5.0)
thor (1.0.1)
thor (1.1.0)
thread_safe (0.3.6)
tzinfo (1.2.7)
tzinfo (1.2.9)
thread_safe (~> 0.1)
unicode-display_width (1.6.0)
websocket-driver (0.7.2)
websocket-driver (0.7.3)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
yard (0.9.25)
Expand All @@ -236,6 +232,7 @@ DEPENDENCIES
minitest
minitest-hooks
minitest-reporters
nokogiri (= 1.10.10)
pry-byebug
rails (~> 5.2)
rake
Expand All @@ -252,4 +249,4 @@ DEPENDENCIES
yard (~> 0.9.25)

BUNDLED WITH
2.2.6
2.2.17

0 comments on commit e5cbe6b

Please sign in to comment.