From 92be43595aaa5ceafd4140186be9f362140276fd Mon Sep 17 00:00:00 2001 From: Adrian Cann Date: Sun, 14 Oct 2018 10:37:12 -0400 Subject: [PATCH] Update gems with security vulnerabilities ruby-advisory-db: 323 advisories Name: nokogiri Version: 1.8.4 Advisory: CVE-2018-14404 Criticality: Unknown URL: https://github.com/sparklemotion/nokogiri/issues/1785 Title: Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Solution: upgrade to >= 1.8.5 Name: rubyzip Version: 1.2.1 Advisory: CVE-2018-1000544 Criticality: Unknown URL: https://github.com/rubyzip/rubyzip/issues/369 Title: Directory Traversal in rubyzip Solution: upgrade to >= 1.2.2 --- Gemfile.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 16cc188..59cbcaf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -152,7 +152,7 @@ GEM activesupport (>= 4.2.0) hashdiff (0.3.7) highline (1.7.8) - i18n (1.0.1) + i18n (1.1.0) concurrent-ruby (~> 1.0) i18n-tasks (0.9.5) activesupport (>= 4.0.2) @@ -181,7 +181,7 @@ GEM mime-types (3.1) mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) - mini_mime (1.0.0) + mini_mime (1.0.1) mini_portile2 (2.3.0) minitest (5.11.3) multipart-post (2.0.0) @@ -192,7 +192,7 @@ GEM net-ssh (>= 2.6.5) net-ssh (4.1.0) nio4r (2.3.1) - nokogiri (1.8.3) + nokogiri (1.8.5) mini_portile2 (~> 2.3.0) normalize-rails (3.0.3) oj (2.18.5) @@ -259,7 +259,7 @@ GEM rspec-mocks (~> 3.5.0) rspec-support (~> 3.5.0) rspec-support (3.5.0) - rubyzip (1.2.1) + rubyzip (1.2.2) safe_yaml (1.0.4) sass (3.4.22) sass-rails (5.0.6) @@ -396,4 +396,4 @@ RUBY VERSION ruby 2.5.1p57 BUNDLED WITH - 1.16.2 + 1.16.5