Update rails with fix for CVE-2020-8185

This commit is contained in:
Eric 2020-06-17 11:50:12 -05:00 committed by Eric Schultz
parent 2b3b9497f1
commit d640d31c63
4 changed files with 96 additions and 124 deletions

View file

@ -3,7 +3,7 @@
source 'https://rubygems.org' source 'https://rubygems.org'
ruby '2.6.6' ruby '2.6.6'
gem 'rails', '~> 6.0.3' gem 'rails', '~> 6.0.3', '>= 6.0.3.2'
gem 'jbuilder', '~> 2.10' gem 'jbuilder', '~> 2.10'
gem 'bootsnap', '~> 1.4', require: false # Large rails application booting enhancer gem 'bootsnap', '~> 1.4', require: false # Large rails application booting enhancer
gem 'font_assets', '~> 0.1.14' # for serving fonts on cdn https://github.com/ericallam/font_assets gem 'font_assets', '~> 0.1.14' # for serving fonts on cdn https://github.com/ericallam/font_assets

View file

@ -12,7 +12,7 @@ PATH
remote: gems/bess remote: gems/bess
specs: specs:
bess (0.1.0) bess (0.1.0)
rails (~> 6.0.3, >= 6.0.3.1) rails (~> 6.0.3, >= 6.0.3.2)
wisper (~> 2.0) wisper (~> 2.0)
wisper-activejob (~> 1.0.0) wisper-activejob (~> 1.0.0)
@ -33,56 +33,56 @@ GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
specs: specs:
action_mailer_matchers (1.2.0) action_mailer_matchers (1.2.0)
actioncable (6.0.3.1) actioncable (6.0.3.2)
actionpack (= 6.0.3.1) actionpack (= 6.0.3.2)
nio4r (~> 2.0) nio4r (~> 2.0)
websocket-driver (>= 0.6.1) websocket-driver (>= 0.6.1)
actionmailbox (6.0.3.1) actionmailbox (6.0.3.2)
actionpack (= 6.0.3.1) actionpack (= 6.0.3.2)
activejob (= 6.0.3.1) activejob (= 6.0.3.2)
activerecord (= 6.0.3.1) activerecord (= 6.0.3.2)
activestorage (= 6.0.3.1) activestorage (= 6.0.3.2)
activesupport (= 6.0.3.1) activesupport (= 6.0.3.2)
mail (>= 2.7.1) mail (>= 2.7.1)
actionmailer (6.0.3.1) actionmailer (6.0.3.2)
actionpack (= 6.0.3.1) actionpack (= 6.0.3.2)
actionview (= 6.0.3.1) actionview (= 6.0.3.2)
activejob (= 6.0.3.1) activejob (= 6.0.3.2)
mail (~> 2.5, >= 2.5.4) mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
actionpack (6.0.3.1) actionpack (6.0.3.2)
actionview (= 6.0.3.1) actionview (= 6.0.3.2)
activesupport (= 6.0.3.1) activesupport (= 6.0.3.2)
rack (~> 2.0, >= 2.0.8) rack (~> 2.0, >= 2.0.8)
rack-test (>= 0.6.3) rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (6.0.3.1) actiontext (6.0.3.2)
actionpack (= 6.0.3.1) actionpack (= 6.0.3.2)
activerecord (= 6.0.3.1) activerecord (= 6.0.3.2)
activestorage (= 6.0.3.1) activestorage (= 6.0.3.2)
activesupport (= 6.0.3.1) activesupport (= 6.0.3.2)
nokogiri (>= 1.8.5) nokogiri (>= 1.8.5)
actionview (6.0.3.1) actionview (6.0.3.2)
activesupport (= 6.0.3.1) activesupport (= 6.0.3.2)
builder (~> 3.1) builder (~> 3.1)
erubi (~> 1.4) erubi (~> 1.4)
rails-dom-testing (~> 2.0) rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0)
activejob (6.0.3.1) activejob (6.0.3.2)
activesupport (= 6.0.3.1) activesupport (= 6.0.3.2)
globalid (>= 0.3.6) globalid (>= 0.3.6)
activemodel (6.0.3.1) activemodel (6.0.3.2)
activesupport (= 6.0.3.1) activesupport (= 6.0.3.2)
activerecord (6.0.3.1) activerecord (6.0.3.2)
activemodel (= 6.0.3.1) activemodel (= 6.0.3.2)
activesupport (= 6.0.3.1) activesupport (= 6.0.3.2)
activestorage (6.0.3.1) activestorage (6.0.3.2)
actionpack (= 6.0.3.1) actionpack (= 6.0.3.2)
activejob (= 6.0.3.1) activejob (= 6.0.3.2)
activerecord (= 6.0.3.1) activerecord (= 6.0.3.2)
marcel (~> 0.3.1) marcel (~> 0.3.1)
activesupport (6.0.3.1) activesupport (6.0.3.2)
concurrent-ruby (~> 1.0, >= 1.0.2) concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2) i18n (>= 0.7, < 2)
minitest (~> 5.1) minitest (~> 5.1)
@ -170,7 +170,7 @@ GEM
httparty (0.17.0) httparty (0.17.0)
mime-types (~> 3.0) mime-types (~> 3.0)
multi_xml (>= 0.5.2) multi_xml (>= 0.5.2)
i18n (1.8.2) i18n (1.8.3)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
i18n-js (3.3.0) i18n-js (3.3.0)
i18n (>= 0.6.6) i18n (>= 0.6.6)
@ -191,7 +191,7 @@ GEM
activesupport (>= 4) activesupport (>= 4)
railties (>= 4) railties (>= 4)
request_store (~> 1.0) request_store (~> 1.0)
loofah (2.5.0) loofah (2.6.0)
crass (~> 1.0.2) crass (~> 1.0.2)
nokogiri (>= 1.5.9) nokogiri (>= 1.5.9)
mail (2.7.1) mail (2.7.1)
@ -253,20 +253,20 @@ GEM
rack-test (1.1.0) rack-test (1.1.0)
rack (>= 1.0, < 3) rack (>= 1.0, < 3)
rack-timeout (0.5.1) rack-timeout (0.5.1)
rails (6.0.3.1) rails (6.0.3.2)
actioncable (= 6.0.3.1) actioncable (= 6.0.3.2)
actionmailbox (= 6.0.3.1) actionmailbox (= 6.0.3.2)
actionmailer (= 6.0.3.1) actionmailer (= 6.0.3.2)
actionpack (= 6.0.3.1) actionpack (= 6.0.3.2)
actiontext (= 6.0.3.1) actiontext (= 6.0.3.2)
actionview (= 6.0.3.1) actionview (= 6.0.3.2)
activejob (= 6.0.3.1) activejob (= 6.0.3.2)
activemodel (= 6.0.3.1) activemodel (= 6.0.3.2)
activerecord (= 6.0.3.1) activerecord (= 6.0.3.2)
activestorage (= 6.0.3.1) activestorage (= 6.0.3.2)
activesupport (= 6.0.3.1) activesupport (= 6.0.3.2)
bundler (>= 1.3.0) bundler (>= 1.3.0)
railties (= 6.0.3.1) railties (= 6.0.3.2)
sprockets-rails (>= 2.0.0) sprockets-rails (>= 2.0.0)
rails-dom-testing (2.0.3) rails-dom-testing (2.0.3)
activesupport (>= 4.2.0) activesupport (>= 4.2.0)
@ -276,9 +276,9 @@ GEM
rails-i18n (6.0.0) rails-i18n (6.0.0)
i18n (>= 0.7, < 2) i18n (>= 0.7, < 2)
railties (>= 6.0.0, < 7) railties (>= 6.0.0, < 7)
railties (6.0.3.1) railties (6.0.3.2)
actionpack (= 6.0.3.1) actionpack (= 6.0.3.2)
activesupport (= 6.0.3.1) activesupport (= 6.0.3.2)
method_source method_source
rake (>= 0.8.7) rake (>= 0.8.7)
thor (>= 0.20.3, < 2.0) thor (>= 0.20.3, < 2.0)
@ -392,7 +392,7 @@ GEM
rack-proxy (>= 0.6.1) rack-proxy (>= 0.6.1)
railties (>= 5.2) railties (>= 5.2)
semantic_range (>= 2.3.0) semantic_range (>= 2.3.0)
websocket-driver (0.7.1) websocket-driver (0.7.2)
websocket-extensions (>= 0.1.0) websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5) websocket-extensions (0.1.5)
wisper (2.0.1) wisper (2.0.1)
@ -448,7 +448,7 @@ DEPENDENCIES
rack-attack (~> 5.2) rack-attack (~> 5.2)
rack-ssl (~> 1.4) rack-ssl (~> 1.4)
rack-timeout (~> 0.5.1) rack-timeout (~> 0.5.1)
rails (~> 6.0.3) rails (~> 6.0.3, >= 6.0.3.2)
rails-i18n (~> 6.0.0, ~> 6) rails-i18n (~> 6.0.0, ~> 6)
rake (~> 12.3.2) rake (~> 12.3.2)
roadie-rails (~> 2.1) roadie-rails (~> 2.1)

View file

@ -164,6 +164,24 @@ CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License. specific language governing permissions and limitations under the License.
------
** websocket-driver; version 0.7.2 --
Copyright 2010-2020 James Coglan
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
this file except in compliance with the License. You may obtain a copy of the
License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
------ ------
** msgpack; version 1.3.1 -- ** msgpack; version 1.3.1 --
@ -558,25 +576,6 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
------
** websocket-driver; version 0.7.1 --
Copyright 2010-2019 James Coglan
Copyright 2010-2019 James Coglan
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
this file except in compliance with the License. You may obtain a copy of the
License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
------ ------
** unf; version 0.1.4 -- ** unf; version 0.1.4 --
@ -1976,38 +1975,6 @@ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
------
** loofah; version 2.5.0 --
Copyright (c) 2006-2008 The Authors
(c) 1997-2009 http://sourceforge.com/' SourceForge, Inc.
Copyright (c) 2009 2018 by Mike Dalessio, Bryan Helmkamp
The MIT License
The MIT License
Copyright (c) 2009 -- 2018 by Mike Dalessio, Bryan Helmkamp
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
------ ------
** zeitwerk; version 2.3.0 -- ** zeitwerk; version 2.3.0 --
@ -2067,7 +2034,7 @@ THE SOFTWARE.
------ ------
** activestorage; version 6.0.3.1 -- ** activestorage; version 6.0.3.2 --
Copyright (c) 2017-2019 David Heinemeier Hansson, Basecamp Copyright (c) 2017-2019 David Heinemeier Hansson, Basecamp
Copyright (c) 2017-2019 David Heinemeier Hansson, Basecamp Copyright (c) 2017-2019 David Heinemeier Hansson, Basecamp
@ -2127,7 +2094,7 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
------ ------
** railties; version 6.0.3.1 -- ** railties; version 6.0.3.2 --
Copyright (c) 2004-2019 David Heinemeier Hansson Copyright (c) 2004-2019 David Heinemeier Hansson
Copyright (c) 2006-2013 Paul Battley, Michael Neumann, Tim Fletcher. Copyright (c) 2006-2013 Paul Battley, Michael Neumann, Tim Fletcher.
@ -2762,7 +2729,7 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
------ ------
** activesupport; version 6.0.3.1 -- ** activesupport; version 6.0.3.2 --
Copyright (c) 2005-2019 David Heinemeier Hansson Copyright (c) 2005-2019 David Heinemeier Hansson
Copyright (c) 2005-2019 David Heinemeier Hansson Copyright (c) 2005-2019 David Heinemeier Hansson
@ -3141,9 +3108,10 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
------ ------
** i18n; version 1.8.2 -- ** i18n; version 1.8.3 --
Copyright (c) 2003-2009 Masao Mutoh Copyright (c) 2003-2009 Masao Mutoh
Copyright (c) 2008 The Ruby I18n team Copyright (c) 2008 The Ruby I18n team
Copyright (c) 2005-2019 David Heinemeier Hansson
Copyright (c) 2008 The Ruby I18n team Copyright (c) 2008 The Ruby I18n team
@ -3168,7 +3136,7 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
------ ------
** actioncable; version 6.0.3.1 -- ** actioncable; version 6.0.3.2 --
Copyright (c) 2010-2015 James Coglan Copyright (c) 2010-2015 James Coglan
Copyright (c) 2015-2019 Basecamp, LLC Copyright (c) 2015-2019 Basecamp, LLC
@ -3251,7 +3219,11 @@ OTHER DEALINGS IN THE SOFTWARE.
------ ------
** activerecord; version 6.0.3.1 -- ** actionmailer; version 6.0.3.2 --
Copyright (c) 2004-2019 David Heinemeier Hansson
** actionpack; version 6.0.3.2 --
Copyright (c) 2004-2019 David Heinemeier Hansson
** activerecord; version 6.0.3.2 --
Copyright (c) 2004-2019 David Heinemeier Hansson Copyright (c) 2004-2019 David Heinemeier Hansson
copyright (c) 2007-2016 Nick Kallen, Bryan Helmkamp, Emilio Tagua, Aaron Patterson copyright (c) 2007-2016 Nick Kallen, Bryan Helmkamp, Emilio Tagua, Aaron Patterson
** coderay; version 1.1.2 -- ** coderay; version 1.1.2 --
@ -3270,6 +3242,10 @@ Copyright (c) 2008 John Nunemaker
Copyright (c) 2008-2011 Pivotal Labs Copyright (c) 2008-2011 Pivotal Labs
Copyright (c) 2010-2015, The Dojo Foundation Copyright (c) 2010-2015, The Dojo Foundation
** jaro_winkler; version 1.5.3 -- ** jaro_winkler; version 1.5.3 --
** loofah; version 2.6.0 --
Copyright (c) 2006-2008 The Authors
(c) 1997-2009 http://sourceforge.com/' SourceForge, Inc.
Copyright (c) 2009 2018 by Mike Dalessio, Bryan Helmkamp
** mime-types; version 3.2.2 -- ** mime-types; version 3.2.2 --
Copyright 2003-2018 Austin Ziegler and contributors. Copyright 2003-2018 Austin Ziegler and contributors.
** mime-types-data; version 3.2019.0331 -- ** mime-types-data; version 3.2019.0331 --
@ -3287,7 +3263,7 @@ Copyright (c) Django Software Foundation and individual contributors.
Copyright (c) 2007-2019 Leah Neukirchen <http://leahneukirchen.org/infopage.html> Copyright (c) 2007-2019 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
** rack-attack; version 5.4.2 -- ** rack-attack; version 5.4.2 --
Copyright Kickstarter, PBC. Copyright Kickstarter, PBC.
** rails; version 6.0.3.1 -- ** rails; version 6.0.3.2 --
** rails-dom-testing; version 2.0.3 -- ** rails-dom-testing; version 2.0.3 --
Copyright (c) 2013-2015 Kasper Timm Hansen Copyright (c) 2013-2015 Kasper Timm Hansen
** rails-html-sanitizer; version 1.3.0 -- ** rails-html-sanitizer; version 1.3.0 --
@ -3393,13 +3369,9 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
------ ------
** actionmailer; version 6.0.3.1 -- ** actionview; version 6.0.3.2 --
Copyright (c) 2004-2019 David Heinemeier Hansson Copyright (c) 2004-2019 David Heinemeier Hansson
** actionpack; version 6.0.3.1 -- ** activemodel; version 6.0.3.2 --
Copyright (c) 2004-2019 David Heinemeier Hansson
** actionview; version 6.0.3.1 --
Copyright (c) 2004-2019 David Heinemeier Hansson
** activemodel; version 6.0.3.1 --
Copyright (c) 2004-2019 David Heinemeier Hansson Copyright (c) 2004-2019 David Heinemeier Hansson
Copyright (c) 2004-2019 David Heinemeier Hansson Copyright (c) 2004-2019 David Heinemeier Hansson
@ -3487,7 +3459,7 @@ THE SOFTWARE.
------ ------
** activejob; version 6.0.3.1 -- ** activejob; version 6.0.3.2 --
Copyright (c) 2014-2019 David Heinemeier Hansson Copyright (c) 2014-2019 David Heinemeier Hansson
Copyright (c) 2014-2019 David Heinemeier Hansson Copyright (c) 2014-2019 David Heinemeier Hansson
@ -4229,9 +4201,9 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
------ ------
** actionmailbox; version 6.0.3.1 -- ** actionmailbox; version 6.0.3.2 --
Copyright (c) 2019 Basecamp, LLC Copyright (c) 2019 Basecamp, LLC
** actiontext; version 6.0.3.1 -- ** actiontext; version 6.0.3.2 --
Copyright (c) 2019 Basecamp, LLC Copyright (c) 2019 Basecamp, LLC
MIT License MIT License

View file

@ -15,7 +15,7 @@ Gem::Specification.new do |spec|
spec.files = Dir["{app,config,db,lib}/**/*", "LICENSE", "AGPL-3.0.txt", "GPL-3.0.txt", "LGPL-3.0.txt", "Rakefile", "README.md"] spec.files = Dir["{app,config,db,lib}/**/*", "LICENSE", "AGPL-3.0.txt", "GPL-3.0.txt", "LGPL-3.0.txt", "Rakefile", "README.md"]
spec.add_dependency "rails", "~> 6.0.3", ">= 6.0.3.1" spec.add_dependency "rails", "~> 6.0.3", ">= 6.0.3.2"
spec.add_dependency 'wisper', '~> 2.0' spec.add_dependency 'wisper', '~> 2.0'
spec.add_dependency 'wisper-activejob', '~> 1.0.0' spec.add_dependency 'wisper-activejob', '~> 1.0.0'