Update gems with security vulnerabilites

Bootstrap version < 4.3.1 Ref: https://nvd.nist.gov/vuln/detail/CVE-2019-8331 Devise version < 4.6.0 Ref: heartcombo/devise#4981
rubyforgood · Jun 26, 2019 · 95db8df · 95db8df
1 parent e1f8c45
commit 95db8df
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 12 deletions.
diff --git a/Gemfile b/Gemfile
@@ -4,7 +4,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby "2.6.2"
 
 gem "bootsnap", ">= 1.1.0", require: false
-gem "bootstrap", "~> 4.1.3"
+gem "bootstrap", "~> 4.3.1"
 gem "bugsnag"
 gem "coffee-rails", "~> 4.2"
 gem "devise"

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -53,9 +53,9 @@ GEM
       io-like (~> 0.3.0)
     arel (9.0.0)
     ast (2.4.0)
-    autoprefixer-rails (9.4.6)
+    autoprefixer-rails (9.6.0)
       execjs
-    bcrypt (3.1.12)
+    bcrypt (3.1.13)
     better_errors (2.5.0)
       coderay (>= 1.0.0)
       erubi (>= 1.0.0)
@@ -65,10 +65,10 @@ GEM
       debug_inspector (>= 0.0.1)
     bootsnap (1.3.2)
       msgpack (~> 1.0)
-    bootstrap (4.1.3)
-      autoprefixer-rails (>= 6.0.3)
-      popper_js (>= 1.12.9, < 2)
-      sass (>= 3.5.2)
+    bootstrap (4.3.1)
+      autoprefixer-rails (>= 9.1.0)
+      popper_js (>= 1.14.3, < 2)
+      sassc-rails (>= 2.0.0)
     bugsnag (6.10.0)
       concurrent-ruby (~> 1.0)
     builder (3.2.3)
@@ -122,7 +122,7 @@ GEM
       safe_yaml (~> 1.0.0)
     crass (1.0.4)
     debug_inspector (0.0.3)
-    devise (4.5.0)
+    devise (4.6.2)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0, < 6.0)
@@ -267,9 +267,9 @@ GEM
     rb-inotify (0.10.0)
       ffi (~> 1.0)
     regexp_parser (1.3.0)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
+    responders (3.0.0)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
     rspec (3.8.0)
       rspec-core (~> 3.8.0)
       rspec-expectations (~> 3.8.0)
@@ -314,6 +314,15 @@ GEM
       sprockets (>= 2.8, < 4.0)
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
+    sassc (2.0.1)
+      ffi (~> 1.9)
+      rake
+    sassc-rails (2.1.2)
+      railties (>= 4.0.0)
+      sassc (>= 2.0)
+      sprockets (> 3.0)
+      sprockets-rails
+      tilt
     selenium-webdriver (3.141.0)
       childprocess (~> 0.5)
       rubyzip (~> 1.2, >= 1.2.2)
@@ -374,7 +383,7 @@ DEPENDENCIES
   better_errors
   binding_of_caller
   bootsnap (>= 1.1.0)
-  bootstrap (~> 4.1.3)
+  bootstrap (~> 4.3.1)
   bugsnag
   byebug
   capistrano-bundler