From 48769bfb752495d4246794d250c8e991b88aadc8 Mon Sep 17 00:00:00 2001 From: svqualitydev Date: Wed, 28 Nov 2018 04:53:08 +0100 Subject: [PATCH] Update gems (#1241) - Fix some vulnerabilities ``` Name: loofah Version: 2.2.2 Advisory: CVE-2018-16468 Criticality: Unknown URL: https://github.com/flavorjones/loofah/issues/154 Title: Loofah XSS Vulnerability Solution: upgrade to >= 2.2.3 Name: nokogiri Version: 1.8.4 Advisory: CVE-2018-14404 Criticality: Unknown URL: https://github.com/sparklemotion/nokogiri/issues/1785 Title: Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Solution: upgrade to >= 1.8.5 Name: rack Version: 2.0.5 Advisory: CVE-2018-16470 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk Title: Possible DoS vulnerability in Rack Solution: upgrade to >= 2.0.6 Name: rack Version: 2.0.5 Advisory: CVE-2018-16471 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o Title: Possible XSS vulnerability in Rack Solution: upgrade to ~> 1.6.11, >= 2.0.6 ``` - Fix factory_bot issues - Closes #1225 --- Gemfile.lock | 8 ++++---- spec/factories.rb | 29 +++++++++++++++-------------- 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1202e164..ce667017 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -133,7 +133,7 @@ GEM kgio (2.11.2) launchy (2.4.3) addressable (~> 2.3) - loofah (2.2.2) + loofah (2.2.3) crass (~> 1.0.2) nokogiri (>= 1.5.9) method_source (0.9.0) @@ -143,7 +143,7 @@ GEM momentjs-rails (2.20.1) railties (>= 3.1) multipart-post (2.0.0) - nokogiri (1.8.4) + nokogiri (1.8.5) mini_portile2 (~> 2.3.0) parser (2.5.1.2) ast (~> 2.4.0) @@ -160,7 +160,7 @@ GEM public_suffix (3.0.3) pundit (2.0.0) activesupport (>= 3.0.0) - rack (2.0.5) + rack (2.0.6) rack-test (1.1.0) rack (>= 1.0, < 3) rack-timeout (0.5.1) @@ -284,4 +284,4 @@ DEPENDENCIES webmock BUNDLED WITH - 1.16.3 + 1.17.1 diff --git a/spec/factories.rb b/spec/factories.rb index 8dd4176d..52d5c38d 100644 --- a/spec/factories.rb +++ b/spec/factories.rb @@ -5,7 +5,7 @@ email { name.downcase.gsub(" ", "_") + "@example.com" } transient do - order_count 3 + order_count { 3 } end trait :with_orders do @@ -18,36 +18,37 @@ factory :line_item do order product - unit_price 1.5 - quantity 1 + unit_price { 1.5 } + quantity { 1 } end factory :log_entry do - action "create" + action { "create" } association :logeable, factory: :customer end factory :order do customer - address_line_one "85 2nd St" + address_line_one { "85 2nd St" } sequence(:address_line_two) { |n| "#700 (#{n})" } - address_city "San Francisco" - address_state "CA" - address_zip "94110" + address_city { "San Francisco" } + address_state { "CA" } + address_zip { "94110" } end factory :product do sequence(:name) { |n| "Monopoly #{n}" } - price 10.50 - description "A cutthroat game of financial conquest" - image_url \ + price { 10.50 } + description { "A cutthroat game of financial conquest" } + image_url do "https://cdn.recombu.com/mobile/images/news/M11370/1264769196_w670.jpg" + end product_meta_tag end factory :product_meta_tag do - meta_title "meta_title" - meta_description "meta_description" + meta_title { "meta_title" } + meta_description { "meta_description" } end factory :payment do @@ -56,7 +57,7 @@ factory :blog_post, class: "Blog::Post" do sequence(:title) { |n| "Post #{n}" } - body "Empty" + body { "Empty" } end factory :series do