From 77981add719a55d51ff7b80010648fe09c62b36f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 14 Nov 2023 15:29:14 +0000 Subject: [PATCH] fix: Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056551 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056552 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056553 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056554 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056555 --- Gemfile | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Gemfile b/Gemfile index 5d394c65c..45ba1eee6 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" } ruby '~> 2.6.5' -gem 'aliyun-sdk', '~> 0.7.0' +gem 'aliyun-sdk', '~> 0.8.0' gem 'api-pagination', '~> 4.8.2' gem 'env-tweaks', '~> 1.0.0' @@ -13,11 +13,11 @@ gem 'carrierwave', '~> 2.1', '>= 2.1.0' # fog's core, shared behaviors without API and provider specifics gem 'fog-core', '~> 2.1.0' # alicloud support -gem 'fog-aliyun', '~> 0.3.5' +gem 'fog-aliyun', '~> 0.3.19' # aws support (amazon) -gem 'fog-aws', '~> 3.5.2' +gem 'fog-aws', '~> 3.6.2' # gcp support (google) -gem 'fog-google', '~> 1.9.1' +gem 'fog-google', '~> 1.10.0' gem 'kycaid' gem 'sidekiq', '>= 6.0.7' @@ -29,7 +29,7 @@ gem 'cancancan', '~> 2.3.0' gem 'hiredis', '~> 0.6.1' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 5.2.4', '>= 5.2.4.4' +gem 'rails', '~> 5.2.4', '>= 5.2.4.5' # Use mysql as the database for Active Record gem 'mysql2', '>= 0.4.4', '< 0.6.0' # Use Puma as the app server @@ -41,7 +41,7 @@ gem 'mini_racer', platforms: :ruby gem 'maxmind-db', '~> 1.0' -gem 'kaminari', '>= 1.2.1' +gem 'kaminari', '>= 1.2.2' gem 'peatio', '~> 0.4.4' gem 'rack-cors', '~> 1.0.2' @@ -56,7 +56,7 @@ gem 'jwt', '~> 2.2' gem 'jwt-multisig', '~> 1.0', '>= 1.0.4' gem 'bunny' gem 'phonelib', '~> 0.6.45' -gem 'twilio-ruby', '~> 5.25.4' +gem 'twilio-ruby', '~> 5.26.0' gem 'vault', '~> 0.1' gem 'vault-rails', git: 'https://github.com/rubykube/vault-rails' # Use Redis adapter to run Action Cable in production @@ -87,13 +87,13 @@ gem 'pry-rails' group :development, :test do # Call 'byebug' or 'binding.pry' anywhere in the code to stop execution and get a debugger console gem 'pry-byebug', platforms: [:mri, :mingw, :x64_mingw] - gem 'factory_bot_rails', '~> 4.11', '>= 4.11.1' + gem 'factory_bot_rails', '~> 5.0', '>= 5.0.0' gem 'faker', '~> 2.1' end group :development do gem 'grape_on_rails_routes', '~> 0.3.2' - gem 'web-console', '>= 3.7.0' + gem 'web-console', '>= 4.0.0' gem 'listen', '>= 3.0.5', '< 3.2' gem 'annotate', '~> 2.7', '>= 2.7.5' gem 'spring' @@ -101,10 +101,10 @@ group :development do end group :test do - gem 'capybara', '>= 3.29.0' + gem 'capybara', '>= 3.34.0' # gem 'selenium-webdriver' # gem 'chromedriver-helper' - gem 'rspec-rails', '~> 3.9', '>= 3.9.1' + gem 'rspec-rails', '~> 4.0', '>= 4.0.0' gem 'shoulda-matchers', '~> 4.0.1.0' gem 'rails-controller-testing', '>= 1.0.5' end