diff --git a/CHANGELOG.md b/CHANGELOG.md index 34a4d142e..6c3934369 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ # Changelog Fab-manager +- Fix a security issue: updated nokogiri to 1.13.9 to fix [GHSA-2qc6-mcvw-92cw](https://github.com/advisories/GHSA-2qc6-mcvw-92cw) + ## v5.4.25 2022 October 19 - Fix a bug: unable apply a coupon if this coupon has used by an user removed diff --git a/Gemfile.lock b/Gemfile.lock index c088f78cc..1d660952b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -29,7 +29,7 @@ GEM erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - active_record_query_trace (1.8) + active_record_query_trace (1.7) activejob (5.2.8.1) activesupport (= 5.2.8.1) globalid (>= 0.3.6) @@ -54,9 +54,8 @@ GEM afm (0.2.2) ansi (1.5.0) api-pagination (4.8.2) - apipie-rails (0.8.2) - actionpack (>= 5.0) - activesupport (>= 5.0) + apipie-rails (0.5.17) + rails (>= 4.1) arel (9.0.0) ast (2.4.2) attr_required (1.0.1) @@ -68,13 +67,13 @@ GEM bcrypt (3.1.13) bindata (2.4.10) bindex (0.8.1) - bootsnap (1.13.0) - msgpack (~> 1.2) + bootsnap (1.4.6) + msgpack (~> 1.0) brpoplpush-redis_script (0.1.2) concurrent-ruby (~> 1.0, >= 1.0.5) redis (>= 1.0, <= 5.0) builder (3.2.4) - bullet (7.0.3) + bullet (7.0.0) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) camertron-eprun (1.1.1) @@ -109,15 +108,10 @@ GEM crack (0.4.3) safe_yaml (~> 1.0.0) crass (1.0.6) - database_cleaner (2.0.1) - database_cleaner-active_record (~> 2.0.0) - database_cleaner-active_record (2.0.1) - activerecord (>= 5.a) - database_cleaner-core (~> 2.0.0) - database_cleaner-core (2.0.1) + database_cleaner (1.8.3) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) - devise (4.8.1) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -137,7 +131,7 @@ GEM activesupport (> 3) elasticsearch (~> 5) hashie - elasticsearch-persistence (5.1.0) + elasticsearch-persistence (5.0.2) activemodel (> 4) activesupport (> 4) elasticsearch (~> 5) @@ -148,12 +142,13 @@ GEM elasticsearch-transport (5.0.5) faraday multi_json + equalizer (0.0.11) erubi (1.10.0) et-orbi (1.2.7) tzinfo - faker (2.23.0) - i18n (>= 1.8.11, < 2) - faraday (0.17.5) + faker (2.10.2) + i18n (>= 1.6, < 2) + faraday (0.17.3) multipart-post (>= 1.2, < 3) ffi (1.15.5) foreman (0.87.0) @@ -183,17 +178,16 @@ GEM mini_magick (>= 4.9.5, < 5) ruby-vips (>= 2.0.17, < 3) iniparse (1.5.0) - jbuilder (2.11.5) - actionview (>= 5.0.0) + jbuilder (2.10.0) activesupport (>= 5.0.0) jbuilder_cache_multi (0.1.0) jbuilder (>= 1.5.0, < 3) - json (2.6.2) + json (2.3.1) json-jwt (1.13.0) activesupport (>= 4.2) aes_key_wrap bindata - jsonpath (1.1.2) + jsonpath (1.1.0) multi_json jwt (2.2.1) kaminari (1.2.1) @@ -211,7 +205,7 @@ GEM listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - loofah (2.19.0) + loofah (2.18.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -229,8 +223,8 @@ GEM mini_magick (4.10.1) mini_mime (1.1.2) mini_portile2 (2.8.0) - minitest (5.16.3) - minitest-reporters (1.5.0) + minitest (5.16.2) + minitest-reporters (1.4.2) ansi builder minitest (>= 5.0) @@ -247,20 +241,19 @@ GEM jbuilder (~> 2.0) rails (>= 4.2.0) responders (~> 2.0) - oauth2 (2.0.9) - faraday (>= 0.17.3, < 3.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) + multi_json (~> 1.3) multi_xml (~> 0.5) - rack (>= 1.2, < 4) - snaky_hash (~> 2.0) - version_gem (~> 1.1) + rack (>= 1.2, < 3) oj (3.10.5) omniauth (1.9.2) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-oauth2 (1.7.3) - oauth2 (>= 1.4, < 3) - omniauth (>= 1.9, < 3) + omniauth-oauth2 (1.6.0) + oauth2 (~> 1.1) + omniauth (~> 1.9) omniauth-rails_csrf_protection (0.1.2) actionpack (>= 4.2) omniauth (>= 1.3.1) @@ -288,20 +281,20 @@ GEM parallel (1.19.1) parser (3.1.2.0) ast (~> 2.4.1) - pdf-core (0.9.0) - pdf-reader (2.10.0) - Ascii85 (~> 1.0) + pdf-core (0.7.0) + pdf-reader (2.4.0) + Ascii85 (~> 1.0.0) afm (~> 0.2.1) hashery (~> 2.0) ruby-rc4 ttfunk - pg (1.4.4) - pg_search (2.3.6) + pg (1.2.2) + pg_search (2.3.2) activerecord (>= 5.2) activesupport (>= 5.2) - prawn (2.4.0) - pdf-core (~> 0.9.0) - ttfunk (~> 1.7) + prawn (2.2.2) + pdf-core (~> 0.7.0) + ttfunk (~> 1.5) prawn-table (0.2.2) prawn (>= 1.3.0, < 3.0.0) public_suffix (4.0.6) @@ -354,7 +347,7 @@ GEM method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) - rainbow (3.1.1) + rainbow (3.0.0) rake (13.0.6) rb-fsevent (0.10.3) rb-inotify (0.10.1) @@ -374,22 +367,22 @@ GEM railties (>= 4.2.0, < 6.0) rexml (3.2.5) rolify (5.2.0) - rubocop (1.33.0) + rubocop (1.31.2) json (~> 2.3) parallel (~> 1.10) parser (>= 3.1.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.19.1, < 2.0) + rubocop-ast (>= 1.18.0, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) rubocop-ast (1.19.1) parser (>= 3.1.1.0) - rubocop-rails (2.16.1) + rubocop-rails (2.15.2) activesupport (>= 4.2.0) rack (>= 1.1) - rubocop (>= 1.33.0, < 2.0) + rubocop (>= 1.7.0, < 2.0) ruby-progressbar (1.10.1) ruby-rc4 (0.1.5) ruby-vips (2.1.4) @@ -398,7 +391,7 @@ GEM nokogiri (>= 1.10.8) rubyzip (>= 1.3.0) rubyzip (2.3.0) - rufus-scheduler (3.8.2) + rufus-scheduler (3.8.1) fugit (~> 1.1, >= 1.1.6) safe_yaml (1.0.5) sassc (2.1.0) @@ -413,27 +406,24 @@ GEM rack-proxy (>= 0.6.1) railties (>= 5.2) semantic_range (>= 2.3.0) - sidekiq (6.5.7) - connection_pool (>= 2.2.5) + sidekiq (6.4.2) + connection_pool (>= 2.2.2) rack (~> 2.0) - redis (>= 4.5.0, < 5) - sidekiq-scheduler (4.0.3) + redis (>= 4.2.0) + sidekiq-scheduler (4.0.0) redis (>= 4.2.0) rufus-scheduler (~> 3.2) - sidekiq (>= 4, < 7) + sidekiq (>= 4) tilt (>= 1.4.0) sidekiq-unique-jobs (7.1.23) brpoplpush-redis_script (> 0.1.1, <= 2.0.0) concurrent-ruby (~> 1.0, >= 1.0.5) sidekiq (>= 5.0, < 8.0) thor (>= 0.20, < 3.0) - simplecov (0.19.1) + simplecov (0.19.0) docile (~> 1.1) simplecov-html (~> 0.11) - simplecov-html (0.12.3) - snaky_hash (2.0.1) - hashie - version_gem (~> 1.1, >= 1.1.1) + simplecov-html (0.12.2) spring (2.0.2) activesupport (>= 4.2) spring-watcher-listen (2.0.1) @@ -462,14 +452,14 @@ GEM tilt (2.0.10) tins (1.25.0) sync - ttfunk (1.7.0) + ttfunk (1.5.1) twitter_cldr (5.4.0) camertron-eprun cldr-plurals-runtime-rb (~> 1.0) tzinfo tzinfo (1.2.10) thread_safe (~> 0.1) - tzinfo-data (1.2022.5) + tzinfo-data (1.2020.4) tzinfo (>= 1.0.0) unicode-display_width (1.4.1) uniform_notifier (1.14.2) @@ -480,11 +470,11 @@ GEM activemodel (>= 3.0.0) public_suffix vcr (6.0.0) - version_gem (1.1.1) - virtus (2.0.0) + virtus (1.0.5) axiom-types (~> 0.1) coercible (~> 1.0) descendants_tracker (~> 0.0, >= 0.0.3) + equalizer (~> 0.0, >= 0.0.9) warden (1.2.8) rack (>= 2.0.6) web-console (3.7.0) @@ -495,8 +485,8 @@ GEM webfinger (1.2.0) activesupport httpclient (>= 2.4) - webmock (3.18.1) - addressable (>= 2.8.0) + webmock (3.8.2) + addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) websocket-driver (0.7.5)