From b03c2dc916ec62f321a3e340023b8ad3231200c7 Mon Sep 17 00:00:00 2001 From: wvengen Date: Thu, 11 Oct 2018 20:57:41 +0200 Subject: [PATCH] Bundle update (CVE-2018-3760, requires Ruby 2.3) --- .travis.yml | 2 +- Gemfile | 2 +- Gemfile.lock | 238 +++++++++++++++-------------- doc/SETUP_DEVELOPMENT.md | 4 +- plugins/wiki/foodsoft_wiki.gemspec | 1 + 5 files changed, 125 insertions(+), 122 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2b840a439..cffb71d2c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,7 @@ language: ruby sudo: false rvm: - - 2.1 + - 2.3 services: - mysql - redis-server diff --git a/Gemfile b/Gemfile index 9cd25ca91..dd68ad397 100644 --- a/Gemfile +++ b/Gemfile @@ -20,7 +20,7 @@ gem 'rails-assets-listjs', '0.2.0.beta.4' # remember to maintain list.*.js plugi gem 'i18n-js', '~> 3.0.0.rc8' gem 'rails-i18n' -gem 'mysql2' +gem 'mysql2', '~> 0.4.0' # for compatibility with rails 4 gem 'prawn' gem 'prawn-table' gem 'haml', '~> 4.0' # some breaking changes in version 5, remove this line again when fixed diff --git a/Gemfile.lock b/Gemfile.lock index d7b27c356..0e16c445a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -45,6 +45,7 @@ PATH deface (~> 1.0) diffy rails + twitter-text (~> 1.14) wikicloth GEM @@ -84,25 +85,25 @@ GEM minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - acts_as_tree (2.7.0) + acts_as_tree (2.8.0) activerecord (>= 3.0.0) addressable (2.5.2) public_suffix (>= 2.0.2, < 4.0) arel (6.0.4) attribute_normalizer (1.2.0) base32 (0.3.2) - better_errors (2.4.0) + better_errors (2.5.0) coderay (>= 1.0.0) erubi (>= 1.0.0) rack (>= 0.9.0) - binding_of_caller (0.7.3) + binding_of_caller (0.8.0) debug_inspector (>= 0.0.1) - bootstrap-datepicker-rails (1.7.1.1) + bootstrap-datepicker-rails (1.8.0.1) railties (>= 3.0) builder (3.2.3) - bullet (5.6.1) + bullet (5.7.6) activesupport (>= 3.0.0) - uniform_notifier (~> 1.10.0) + uniform_notifier (~> 1.11.0) callsite (0.0.11) capybara (2.13.0) addressable @@ -125,32 +126,32 @@ GEM coffee-script-source (1.12.2) commonjs (0.2.7) concurrent-ruby (1.0.5) - connection_pool (2.2.1) + connection_pool (2.2.2) content_for_in_controllers (0.0.2) - coveralls (0.8.21) + coveralls (0.8.22) json (>= 1.8, < 3) - simplecov (~> 0.14.1) + simplecov (~> 0.16.1) term-ansicolor (~> 1.3) thor (~> 0.19.4) tins (~> 1.6) - crass (1.0.3) - daemons (1.2.5) - database_cleaner (1.6.1) + crass (1.0.4) + daemons (1.2.6) + database_cleaner (1.7.0) date_time_attribute (0.1.2) activesupport (>= 3.0.0) debug_inspector (0.0.3) - deface (1.2.0) - nokogiri (~> 1.6) + deface (1.3.2) + nokogiri (>= 1.6) polyglot rails (>= 4.1) rainbow (>= 2.1.0) diff-lcs (1.3) - diffy (3.2.0) - docile (1.1.5) - email_reply_trimmer (0.1.8) - erubi (1.7.0) + diffy (3.2.1) + docile (1.3.1) + email_reply_trimmer (0.1.12) + erubi (1.7.1) erubis (2.7.0) - eventmachine (1.0.9.1) + eventmachine (1.2.7) exception_notification (4.2.2) actionmailer (>= 4.0, < 6) activesupport (>= 4.0, < 6) @@ -163,7 +164,7 @@ GEM railties (>= 3.0.0) faker (1.8.4) i18n (~> 0.5) - ffi (1.9.18) + ffi (1.9.25) gaffe (1.2.0) rails (>= 4.0.0) globalid (0.4.1) @@ -177,31 +178,31 @@ GEM haml (>= 4.0.6, < 6.0) html2haml (>= 1.0.1) railties (>= 4.0.1) - has_scope (0.7.1) - actionpack (>= 4.1, < 5.2) - activesupport (>= 4.1, < 5.2) + has_scope (0.7.2) + actionpack (>= 4.1) + activesupport (>= 4.1) html2haml (2.2.0) erubis (~> 2.7.0) haml (>= 4.0, < 6) nokogiri (>= 1.6.0) ruby_parser (~> 3.5) htmlentities (4.3.4) - i18n (0.9.0) + i18n (0.9.5) concurrent-ruby (~> 1.0) - i18n-js (3.0.2) - i18n (~> 0.6, >= 0.6.6) + i18n-js (3.0.11) + i18n (>= 0.6.6, < 2) i18n-spec (0.6.0) iso - ice_cube (0.16.2) - inherited_resources (1.7.2) - actionpack (>= 3.2, < 5.2.x) + ice_cube (0.16.3) + inherited_resources (1.9.0) + actionpack (>= 4.2, < 5.3) has_scope (~> 0.6) - railties (>= 3.2, < 5.2.x) + railties (>= 4.2, < 5.3) responders interception (0.5) iso (0.2.2) i18n - jquery-rails (4.3.1) + jquery-rails (4.3.3) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) @@ -230,35 +231,36 @@ GEM loofah (2.2.2) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.6) - mime-types (>= 1.16, < 4) - mailcatcher (0.6.5) - eventmachine (= 1.0.9.1) - mail (~> 2.3) - rack (~> 1.5) - sinatra (~> 1.2) - skinny (~> 0.2.3) - sqlite3 (~> 1.3) - thin (~> 1.5.0) - meta_request (0.4.3) + mail (2.7.0) + mini_mime (>= 0.1.1) + mailcatcher (0.2.4) + eventmachine + haml + i18n + json + mail + sinatra + skinny (>= 0.1.2) + sqlite3-ruby + thin + meta_request (0.6.0) callsite (~> 0.0, >= 0.0.11) rack-contrib (>= 1.1, < 3) - railties (>= 3.0.0, < 5.2.0) + railties (>= 3.0.0, < 6) method_source (0.9.0) - midi-smtp-server (2.1.2) - mime-types (3.1) + midi-smtp-server (2.1.4) + mime-types (3.2.2) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) + mime-types-data (3.2018.0812) + mini_mime (1.0.1) mini_portile2 (2.3.0) - minitest (5.10.3) + minitest (5.11.3) mono_logger (1.1.0) - multi_json (1.12.2) - mysql2 (0.4.9) - nokogiri (1.8.2) + multi_json (1.13.1) + mysql2 (0.4.10) + nokogiri (1.8.5) mini_portile2 (~> 2.3.0) pdf-core (0.7.0) - polyamorous (1.3.1) - activerecord (>= 3.0) polyglot (0.3.5) prawn (2.2.2) pdf-core (~> 0.7.0) @@ -267,7 +269,7 @@ GEM prawn (>= 1.3.0, < 3.0.0) protected_attributes (1.1.0) activemodel (>= 4.0.1, < 5.0) - pry (0.11.2) + pry (0.11.3) coderay (~> 1.1.0) method_source (~> 0.9.0) pry-rescue (1.4.5) @@ -276,11 +278,11 @@ GEM pry-stack_explorer (0.4.9.2) binding_of_caller (>= 0.7) pry (>= 0.9.11) - public_suffix (3.0.0) + public_suffix (3.0.3) quiet_assets (1.1.0) railties (>= 3.1, < 5.0) - rack (1.6.9) - rack-contrib (1.7.0) + rack (1.6.10) + rack-contrib (1.8.0) rack (~> 1.4) rack-protection (1.5.5) rack @@ -301,8 +303,8 @@ GEM railties (>= 3.1) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.8) - activesupport (>= 4.2.0.beta, < 5.0) + rails-dom-testing (1.0.9) + activesupport (>= 4.2.0, < 5.0) nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.4) @@ -319,27 +321,25 @@ GEM activesupport (= 4.2.10) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rainbow (2.2.2) - rake - rake (12.2.1) - ransack (1.8.4) - actionpack (>= 3.0) - activerecord (>= 3.0) - activesupport (>= 3.0) + rainbow (3.0.0) + rake (12.3.1) + ransack (1.8.9) + actionpack (>= 3.0, <= 5.1.1) + activerecord (>= 3.0, <= 5.1.1) + activesupport (>= 3.0, <= 5.1.1) i18n - polyamorous (~> 1.3) - rb-fsevent (0.10.2) + rb-fsevent (0.10.3) rb-inotify (0.9.10) ffi (>= 0.5.0, < 2) - recurring_select (2.0.0) + recurring_select (2.1.0) coffee-rails (>= 3.1) ice_cube (>= 0.11) jquery-rails (>= 3.0) rails (>= 3.2) sass-rails (>= 4.0) - redis (3.3.5) - redis-namespace (1.5.3) - redis (~> 3.0, >= 3.0.4) + redis (4.0.2) + redis-namespace (1.6.0) + redis (>= 3.0.4) ref (2.0.0) responders (2.4.0) actionpack (>= 4.2.0, < 5.3) @@ -353,46 +353,46 @@ GEM roo (2.7.1) nokogiri (~> 1) rubyzip (~> 1.1, < 2.0.0) - roo-xls (1.1.0) + roo-xls (1.2.0) nokogiri - roo (>= 2.0.0beta1, < 3) + roo (>= 2.0.0, < 3) spreadsheet (> 0.9.0) - rspec (3.7.0) - rspec-core (~> 3.7.0) - rspec-expectations (~> 3.7.0) - rspec-mocks (~> 3.7.0) - rspec-core (3.7.0) - rspec-support (~> 3.7.0) - rspec-expectations (3.7.0) + rspec (3.8.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-core (3.8.0) + rspec-support (~> 3.8.0) + rspec-expectations (3.8.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-mocks (3.7.0) + rspec-support (~> 3.8.0) + rspec-mocks (3.8.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-rails (3.7.1) + rspec-support (~> 3.8.0) + rspec-rails (3.8.0) actionpack (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) - rspec-core (~> 3.7.0) - rspec-expectations (~> 3.7.0) - rspec-mocks (~> 3.7.0) - rspec-support (~> 3.7.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-support (~> 3.8.0) rspec-rerun (1.1.0) rspec (~> 3.0) - rspec-support (3.7.0) + rspec-support (3.8.0) ruby-filemagic (0.7.2) ruby-ole (1.2.12.1) - ruby-prof (0.16.2) - ruby-units (2.2.0) - ruby_parser (3.10.1) + ruby-prof (0.17.0) + ruby-units (2.3.1) + ruby_parser (3.11.0) sexp_processor (~> 4.9) - rubyzip (1.2.1) - sass (3.5.3) + rubyzip (1.2.2) + sass (3.6.0) sass-listen (~> 4.0.0) sass-listen (4.0.0) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - sass-rails (5.0.6) + sass-rails (5.0.7) railties (>= 4.0.0, < 6) sass (~> 3.1) sprockets (>= 2.8, < 4.0) @@ -400,17 +400,17 @@ GEM tilt (>= 1.1, < 3) select2-rails (4.0.3) thor (~> 0.14) - sexp_processor (4.10.0) + sexp_processor (4.11.0) simple-navigation (3.14.0) activesupport (>= 2.3.2) simple-navigation-bootstrap (1.0.2) railties (>= 3.1) simple-navigation (>= 3.7.0, < 4.0.0) - simple_form (3.5.0) - actionpack (> 4, < 5.2) - activemodel (> 4, < 5.2) - simplecov (0.14.1) - docile (~> 1.1.0) + simple_form (4.0.0) + actionpack (> 4) + activemodel (> 4) + simplecov (0.16.1) + docile (~> 1.1) json (>= 1.8, < 3) simplecov-html (~> 0.10.0) simplecov-html (0.10.2) @@ -418,12 +418,12 @@ GEM rack (~> 1.5) rack-protection (~> 1.4) tilt (>= 1.3, < 3) - skinny (0.2.4) - eventmachine (~> 1.0.0) - thin (>= 1.5, < 1.7) - spreadsheet (1.1.4) + skinny (0.2.2) + eventmachine (~> 1.0) + thin + spreadsheet (1.1.8) ruby-ole (>= 1.0) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -431,19 +431,21 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) + sqlite3-ruby (1.3.3) + sqlite3 (>= 1.3.3) term-ansicolor (1.6.0) tins (~> 1.0) therubyracer (0.12.3) libv8 (~> 3.16.14.15) ref - thin (1.5.1) - daemons (>= 1.0.9) - eventmachine (>= 0.12.6) - rack (>= 1.0.0) + thin (1.7.2) + daemons (~> 1.0, >= 1.0.9) + eventmachine (~> 1.0, >= 1.0.4) + rack (>= 1, < 3) thor (0.19.4) thread_safe (0.3.6) tilt (2.0.8) - tins (1.15.0) + tins (1.16.3) ttfunk (1.5.1) twitter-bootstrap-rails (2.2.8) actionpack (>= 3.1) @@ -452,14 +454,14 @@ GEM railties (>= 3.1) twitter-text (1.14.7) unf (~> 0.1.0) - tzinfo (1.2.4) + tzinfo (1.2.5) thread_safe (~> 0.1) - uglifier (3.2.0) + uglifier (4.1.19) execjs (>= 0.3.0, < 3) unf (0.1.4) unf_ext - unf_ext (0.0.7.4) - uniform_notifier (1.10.0) + unf_ext (0.0.7.5) + uniform_notifier (1.11.0) vegas (0.1.11) rack (>= 1.0.0) web-console (2.3.0) @@ -467,7 +469,7 @@ GEM binding_of_caller (>= 0.7.2) railties (>= 4.0) sprockets-rails (>= 2.0, < 4.0) - whenever (0.9.7) + whenever (0.10.0) chronic (>= 0.6.3) wikicloth (0.8.3) builder @@ -517,7 +519,7 @@ DEPENDENCIES mailcatcher meta_request midi-smtp-server - mysql2 + mysql2 (~> 0.4.0) prawn prawn-table protected_attributes (= 1.1.0) @@ -556,4 +558,4 @@ DEPENDENCIES whenever BUNDLED WITH - 1.15.4 + 1.16.1 diff --git a/doc/SETUP_DEVELOPMENT.md b/doc/SETUP_DEVELOPMENT.md index 0d9ef8560..48af64d34 100644 --- a/doc/SETUP_DEVELOPMENT.md +++ b/doc/SETUP_DEVELOPMENT.md @@ -33,9 +33,9 @@ If instead you just want to run Foodsoft without changing its code, please refer \curl -L https://get.rvm.io | bash source ~/.rvm/scripts/rvm - rvm install 2.0 + rvm install 2.3 - We try to keep Foodsoft compatible with Ruby 2.0 as well as any later versions, + We try to keep Foodsoft compatible with Ruby 2.3 as well as any later versions, so if you use this and don't want to use RVM, that might actually work. 2. Install system dependencies. diff --git a/plugins/wiki/foodsoft_wiki.gemspec b/plugins/wiki/foodsoft_wiki.gemspec index a71b98002..07f0c1822 100644 --- a/plugins/wiki/foodsoft_wiki.gemspec +++ b/plugins/wiki/foodsoft_wiki.gemspec @@ -18,6 +18,7 @@ Gem::Specification.new do |s| s.add_dependency "rails" s.add_dependency 'wikicloth' + s.add_dependency 'twitter-text', '~> 1.14' # wikicloth doesn't support version 2 s.add_dependency 'acts_as_versioned' # need git version, make sure that is included in foodsoft's Gemfile s.add_dependency "deface", "~> 1.0" s.add_dependency 'diffy'