diff --git a/Gemfile b/Gemfile index 2a228b326adbb..a0971d8f4952f 100644 --- a/Gemfile +++ b/Gemfile @@ -383,7 +383,7 @@ group :test do gem 'rails-controller-testing' if rails5? # Rails5 only gem. gem 'test_after_commit', '~> 1.1' unless rails5? # Remove this gem when migrated to rails 5.0. It's been integrated to rails 5.0. gem 'sham_rack', '~> 1.3.6' - gem 'concurrent-ruby', '~> 1.0.5' + gem 'concurrent-ruby', '~> 1.1' gem 'test-prof', '~> 0.2.5' gem 'rspec_junit_formatter' end diff --git a/Gemfile.lock b/Gemfile.lock index e21a1b8545748..f9356ab0c7d3f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -128,9 +128,9 @@ GEM concord (0.1.5) adamantium (~> 0.2.0) equalizer (~> 0.0.9) - concurrent-ruby (1.0.5) - concurrent-ruby-ext (1.0.5) - concurrent-ruby (= 1.0.5) + concurrent-ruby (1.1.3) + concurrent-ruby-ext (1.1.3) + concurrent-ruby (= 1.1.3) connection_pool (2.2.2) crack (0.4.3) safe_yaml (~> 1.0.0) @@ -379,7 +379,7 @@ GEM json (~> 1.8) multi_xml (>= 0.5.2) httpclient (2.8.3) - i18n (1.1.0) + i18n (1.1.1) concurrent-ruby (~> 1.0) icalendar (2.4.1) ice_nine (0.11.2) @@ -444,7 +444,7 @@ GEM activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.2.2) + loofah (2.2.3) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.0) @@ -453,7 +453,7 @@ GEM memoist (0.16.0) memoizable (0.4.2) thread_safe (~> 0.3, >= 0.3.1) - method_source (0.9.0) + method_source (0.9.2) mime-types (3.2.2) mime-types-data (~> 3.2015) mime-types-data (3.2018.0812) @@ -474,7 +474,7 @@ GEM net-ssh (5.0.1) netrc (0.11.0) nio4r (2.3.1) - nokogiri (1.8.4) + nokogiri (1.8.5) mini_portile2 (~> 2.3.0) nokogumbo (1.5.0) nokogiri @@ -602,7 +602,7 @@ GEM get_process_mem (~> 0.2) puma (>= 2.7, < 4) pyu-ruby-sasl (0.0.3.3) - rack (2.0.5) + rack (2.0.6) rack-accept (0.4.5) rack (>= 0.4) rack-attack (4.4.1) @@ -966,7 +966,7 @@ DEPENDENCIES chronic (~> 0.10.2) chronic_duration (~> 0.10.6) commonmarker (~> 0.17) - concurrent-ruby (~> 1.0.5) + concurrent-ruby (~> 1.1) connection_pool (~> 2.0) creole (~> 0.5.0) database_cleaner (~> 1.5.0) diff --git a/Gemfile.rails4.lock b/Gemfile.rails4.lock index fea3102b8d6c8..11553997aac6c 100644 --- a/Gemfile.rails4.lock +++ b/Gemfile.rails4.lock @@ -125,9 +125,9 @@ GEM concord (0.1.5) adamantium (~> 0.2.0) equalizer (~> 0.0.9) - concurrent-ruby (1.0.5) - concurrent-ruby-ext (1.0.5) - concurrent-ruby (= 1.0.5) + concurrent-ruby (1.1.3) + concurrent-ruby-ext (1.1.3) + concurrent-ruby (= 1.1.3) connection_pool (2.2.2) crack (0.4.3) safe_yaml (~> 1.0.0) @@ -441,7 +441,7 @@ GEM activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.2.2) + loofah (2.2.3) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.0) @@ -470,7 +470,7 @@ GEM net-ldap (0.16.0) net-ssh (5.0.1) netrc (0.11.0) - nokogiri (1.8.4) + nokogiri (1.8.5) mini_portile2 (~> 2.3.0) nokogumbo (1.5.0) nokogiri @@ -957,7 +957,7 @@ DEPENDENCIES chronic (~> 0.10.2) chronic_duration (~> 0.10.6) commonmarker (~> 0.17) - concurrent-ruby (~> 1.0.5) + concurrent-ruby (~> 1.1) connection_pool (~> 2.0) creole (~> 0.5.0) database_cleaner (~> 1.5.0) diff --git a/changelogs/unreleased/sh-bump-gems-security.yml b/changelogs/unreleased/sh-bump-gems-security.yml new file mode 100644 index 0000000000000..06489f6f9797c --- /dev/null +++ b/changelogs/unreleased/sh-bump-gems-security.yml @@ -0,0 +1,5 @@ +--- +title: Bump nokogiri, loofah, and rack gems for security updates +merge_request: 23204 +author: +type: security