From 732a75d2b234500bdbe44eb165e238200db2aee4 Mon Sep 17 00:00:00 2001 From: Riccardo Graziosi <31478034+riggraz@users.noreply.github.com> Date: Sun, 26 Jul 2020 15:25:35 +0200 Subject: [PATCH] Apply dependabot security fixes (#26) * Bump nokogiri from 1.10.5 to 1.10.8 (#11) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.5 to 1.10.8. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.5...v1.10.8) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump puma from 3.12.2 to 3.12.4 (#14) Bumps [puma](https://github.com/puma/puma) from 3.12.2 to 3.12.4. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v3.12.2...v3.12.4) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump acorn from 6.4.0 to 6.4.1 (#15) Bumps [acorn](https://github.com/acornjs/acorn) from 6.4.0 to 6.4.1. - [Release notes](https://github.com/acornjs/acorn/releases) - [Commits](https://github.com/acornjs/acorn/compare/6.4.0...6.4.1) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jquery from 3.4.1 to 3.5.0 (#18) Bumps [jquery](https://github.com/jquery/jquery) from 3.4.1 to 3.5.0. - [Release notes](https://github.com/jquery/jquery/releases) - [Commits](https://github.com/jquery/jquery/compare/3.4.1...3.5.0) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump kaminari from 1.1.1 to 1.2.1 (#19) Bumps [kaminari](https://github.com/kaminari/kaminari) from 1.1.1 to 1.2.1. - [Release notes](https://github.com/kaminari/kaminari/releases) - [Changelog](https://github.com/kaminari/kaminari/blob/master/CHANGELOG.md) - [Commits](https://github.com/kaminari/kaminari/compare/v1.1.1...v1.2.1) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Riccardo Graziosi <31478034+riggraz@users.noreply.github.com> * Bump websocket-extensions from 0.1.4 to 0.1.5 (#21) Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-ruby) from 0.1.4 to 0.1.5. - [Release notes](https://github.com/faye/websocket-extensions-ruby/releases) - [Changelog](https://github.com/faye/websocket-extensions-ruby/blob/master/CHANGELOG.md) - [Commits](https://github.com/faye/websocket-extensions-ruby/compare/0.1.4...0.1.5) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump websocket-extensions from 0.1.3 to 0.1.4 (#22) Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4. - [Release notes](https://github.com/faye/websocket-extensions-node/releases) - [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md) - [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump rack from 2.0.8 to 2.2.3 (#23) Bumps [rack](https://github.com/rack/rack) from 2.0.8 to 2.2.3. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md) - [Commits](https://github.com/rack/rack/compare/2.0.8...2.2.3) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Riccardo Graziosi <31478034+riggraz@users.noreply.github.com> * Bump lodash from 4.17.15 to 4.17.19 (#25) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 48 ++++++++++++++++++++++++------------------------ package.json | 2 +- yarn.lock | 26 +++++++++++++------------- 4 files changed, 39 insertions(+), 39 deletions(-) diff --git a/Gemfile b/Gemfile index 6b3079cf..da4cebdc 100644 --- a/Gemfile +++ b/Gemfile @@ -31,7 +31,7 @@ gem "administrate", git: "https://github.com/thoughtbot/administrate.git", tag: gem 'react-rails', '~> 2.6.0' # Pagination -gem 'kaminari', '~> 1.1.1' +gem 'kaminari', '~> 1.2.1' group :development, :test do # Call 'byebug' anywhere in the code to stop execution and get a debugger console diff --git a/Gemfile.lock b/Gemfile.lock index 3f08b072..96055429 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -97,7 +97,7 @@ GEM bindex (0.8.1) bootsnap (1.4.4) msgpack (~> 1.0) - builder (3.2.3) + builder (3.2.4) byebug (11.0.1) capybara (3.28.0) addressable @@ -109,13 +109,13 @@ GEM xpath (~> 3.2) childprocess (1.0.1) rake (< 13.0) - concurrent-ruby (1.1.5) + concurrent-ruby (1.1.6) connection_pool (2.2.2) - crass (1.0.5) + crass (1.0.6) datetime_picker_rails (0.0.7) momentjs-rails (>= 2.8.1) diff-lcs (1.3) - erubi (1.8.0) + erubi (1.9.0) execjs (2.7.0) factory_bot (5.0.2) activesupport (>= 4.2.0) @@ -125,7 +125,7 @@ GEM ffi (1.11.1) globalid (0.4.2) activesupport (>= 4.2.0) - i18n (1.6.0) + i18n (1.8.2) concurrent-ruby (~> 1.0) jbuilder (2.9.1) activesupport (>= 4.2.0) @@ -133,23 +133,23 @@ GEM rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - kaminari (1.1.1) + kaminari (1.2.1) activesupport (>= 4.1.0) - kaminari-actionview (= 1.1.1) - kaminari-activerecord (= 1.1.1) - kaminari-core (= 1.1.1) - kaminari-actionview (1.1.1) + kaminari-actionview (= 1.2.1) + kaminari-activerecord (= 1.2.1) + kaminari-core (= 1.2.1) + kaminari-actionview (1.2.1) actionview - kaminari-core (= 1.1.1) - kaminari-activerecord (1.1.1) + kaminari-core (= 1.2.1) + kaminari-activerecord (1.2.1) activerecord - kaminari-core (= 1.1.1) - kaminari-core (1.1.1) + kaminari-core (= 1.2.1) + kaminari-core (1.2.1) listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - loofah (2.3.1) + loofah (2.5.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -160,18 +160,18 @@ GEM mimemagic (0.3.3) mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.11.3) + minitest (5.14.1) momentjs-rails (2.20.1) railties (>= 3.1) msgpack (1.3.1) nio4r (2.4.0) - nokogiri (1.10.5) + nokogiri (1.10.9) mini_portile2 (~> 2.4.0) orm_adapter (0.5.0) pg (1.1.4) public_suffix (3.1.1) puma (3.12.2) - rack (2.0.8) + rack (2.2.3) rack-proxy (0.6.5) rack rack-test (1.1.0) @@ -194,8 +194,8 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.2.0) - loofah (~> 2.2, >= 2.2.2) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) railties (6.0.0) actionpack (= 6.0.0) activesupport (= 6.0.0) @@ -275,7 +275,7 @@ GEM turbolinks (5.2.0) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (1.2.5) + tzinfo (1.2.7) thread_safe (~> 0.1) warden (1.2.8) rack (>= 2.0.6) @@ -294,10 +294,10 @@ GEM railties (>= 4.2) websocket-driver (0.7.1) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.4) + websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.1.9) + zeitwerk (2.3.0) PLATFORMS ruby @@ -310,7 +310,7 @@ DEPENDENCIES devise! factory_bot_rails (~> 5.0.2) jbuilder (~> 2.7) - kaminari (~> 1.1.1) + kaminari (~> 1.2.1) listen (>= 3.0.5, < 3.2) pg (>= 0.18, < 2.0) puma (~> 3.12) diff --git a/package.json b/package.json index d9926e2a..30e0036d 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ "@types/react-dom": "^16.9.0", "babel-plugin-transform-react-remove-prop-types": "^0.4.24", "bootstrap": "4.3.1", - "jquery": "^3.4.1", + "jquery": "^3.5.0", "popper.js": "^1.15.0", "prop-types": "^15.7.2", "react": "^16.9.0", diff --git a/yarn.lock b/yarn.lock index 863bb068..133487d7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1053,9 +1053,9 @@ accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.7: negotiator "0.6.2" acorn@^6.2.1: - version "6.4.0" - resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.4.0.tgz#b659d2ffbafa24baf5db1cdbb2c94a983ecd2784" - integrity sha512-gac8OEcQ2Li1dxIEWGZzsp2BitJxwkwcOm0zHAJLcPJaVvm58FRnk6RkuLRpU1EujipU2ZFODv2P9DLMfnV8mw== + version "6.4.1" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.4.1.tgz#531e58ba3f51b9dacb9a6646ca4debf5b14ca474" + integrity sha512-ZVA9k326Nwrj3Cj9jlh3wGFutC2ZornPNARZwsNYqQYgN0EsV2d53w5RN/co65Ohn4sUAUtb1rSUAOD6XN9idA== aggregate-error@^3.0.0: version "3.0.1" @@ -3913,10 +3913,10 @@ jest-worker@^24.9.0: merge-stream "^2.0.0" supports-color "^6.1.0" -jquery@^3.4.1: - version "3.4.1" - resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.4.1.tgz#714f1f8d9dde4bdfa55764ba37ef214630d80ef2" - integrity sha512-36+AdBzCL+y6qjw5Tx7HgzeGCzC81MDDgaUP8ld2zhx58HdqXGoBd+tHdrBMiyjGQs0Hxs/MLZTu/eHNJJuWPw== +jquery@^3.5.0: + version "3.5.0" + resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.5.0.tgz#9980b97d9e4194611c36530e7dc46a58d7340fc9" + integrity sha512-Xb7SVYMvygPxbFMpTFQiHh1J7HClEaThguL15N/Gg37Lri/qKyhRGZYzHRyLH8Stq3Aow0LsHO2O2ci86fCrNQ== js-base64@^2.1.8: version "2.5.1" @@ -4142,9 +4142,9 @@ lodash.uniq@^4.5.0: integrity sha1-0CJTc662Uq3BvILklFM5qEJ1R3M= lodash@^4.0.0, lodash@^4.17.11, lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.5, lodash@~4.17.10: - version "4.17.15" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548" - integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A== + version "4.17.19" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.19.tgz#e48ddedbe30b3321783c5b4301fbd353bc1e4a4b" + integrity sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ== loglevel@^1.6.6: version "1.6.6" @@ -7519,9 +7519,9 @@ websocket-driver@>=0.5.1: websocket-extensions ">=0.1.1" websocket-extensions@>=0.1.1: - version "0.1.3" - resolved "https://registry.yarnpkg.com/websocket-extensions/-/websocket-extensions-0.1.3.tgz#5d2ff22977003ec687a4b87073dfbbac146ccf29" - integrity sha512-nqHUnMXmBzT0w570r2JpJxfiSD1IzoI+HGVdd3aZ0yNi3ngvQ4jv1dtHt5VGxfI2yj5yqImPhOK4vmIh2xMbGg== + version "0.1.4" + resolved "https://registry.yarnpkg.com/websocket-extensions/-/websocket-extensions-0.1.4.tgz#7f8473bc839dfd87608adb95d7eb075211578a42" + integrity sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg== which-module@^1.0.0: version "1.0.0"