From 80b87a03358726505391a483a54cf9575a10b1f2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 2 Aug 2024 07:15:11 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-7577227 - https://snyk.io/vuln/SNYK-RUBY-REXML-7577228 --- Gemfile | 2 +- Gemfile.lock | 65 ++++++++++++++++++++++------------------------------ 2 files changed, 28 insertions(+), 39 deletions(-) diff --git a/Gemfile b/Gemfile index 5e0616a5b4c..f4c958749ae 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source 'https://rubygems.org/' #gem 'pmdtester', :git => 'https://github.com/pmd/pmd-regression-tester.git', branch: 'master' gem 'pmdtester' -gem 'danger' +gem 'danger', '>= 8.4.3' # This group is only needed for rendering release notes (docs/render_release_notes.rb) # this happens during release (.ci/build.sh and do-release.sh) diff --git a/Gemfile.lock b/Gemfile.lock index 318dc9fa763..3b80f2f2ce7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,10 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) - claide (1.0.3) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) + base64 (0.2.0) + claide (1.1.0) claide-plugins (0.9.2) cork nap @@ -12,64 +13,50 @@ GEM concurrent-ruby (1.1.9) cork (0.3.0) colored2 (~> 3.1) - danger (8.4.2) + danger (9.4.3) claide (~> 1.0) claide-plugins (>= 0.9.2) colored2 (~> 3.1) cork (~> 0.1) - faraday (>= 0.9.0, < 2.0) + faraday (>= 0.9.0, < 3.0) faraday-http-cache (~> 2.0) - git (~> 1.7) + git (~> 1.13) kramdown (~> 2.3) kramdown-parser-gfm (~> 1.0) no_proxy_fix - octokit (~> 4.7) + octokit (>= 4.0) terminal-table (>= 1, < 4) differ (0.1.2) et-orbi (1.2.6) tzinfo - faraday (1.8.0) - faraday-em_http (~> 1.0) - faraday-em_synchrony (~> 1.0) - faraday-excon (~> 1.1) - faraday-httpclient (~> 1.0.1) - faraday-net_http (~> 1.0) - faraday-net_http_persistent (~> 1.1) - faraday-patron (~> 1.0) - faraday-rack (~> 1.0) - multipart-post (>= 1.2, < 3) + faraday (2.8.1) + base64 + faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) - faraday-em_http (1.0.0) - faraday-em_synchrony (1.0.0) - faraday-excon (1.1.0) - faraday-http-cache (2.2.0) + faraday-http-cache (2.5.1) faraday (>= 0.8) - faraday-httpclient (1.0.1) - faraday-net_http (1.0.1) - faraday-net_http_persistent (1.2.0) - faraday-patron (1.0.0) - faraday-rack (1.0.0) + faraday-net_http (3.0.2) fugit (1.5.2) et-orbi (~> 1.1, >= 1.1.8) raabro (~> 1.4) - git (1.10.0) + git (1.19.1) + addressable (~> 2.8) rchardet (~> 1.8) - kramdown (2.3.1) + kramdown (2.4.0) rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) liquid (5.1.0) logger-colors (1.0.0) mini_portile2 (2.6.1) - multipart-post (2.1.1) nap (1.1.0) no_proxy_fix (0.1.2) nokogiri (1.12.5) mini_portile2 (~> 2.6.1) racc (~> 1.4) - octokit (4.21.0) - faraday (>= 0.9) - sawyer (~> 0.8.0, >= 0.5.3) + octokit (9.1.0) + faraday (>= 1, < 3) + sawyer (~> 0.9) open4 (1.3.4) pmdtester (1.3.0) differ (~> 0.1) @@ -78,31 +65,33 @@ GEM nokogiri (>= 1.11.0.rc4) rufus-scheduler (~> 3.5) slop (~> 4.6) - public_suffix (4.0.6) + public_suffix (5.1.1) raabro (1.4.0) racc (1.6.0) rchardet (1.8.0) - rexml (3.2.5) + rexml (3.3.4) + strscan rouge (3.27.0) ruby2_keywords (0.0.5) rufus-scheduler (3.8.0) fugit (~> 1.1, >= 1.1.6) safe_yaml (1.0.5) - sawyer (0.8.2) + sawyer (0.9.2) addressable (>= 2.3.5) - faraday (> 0.8, < 2.0) + faraday (>= 0.17.3, < 3) slop (4.9.1) + strscan (3.1.0) terminal-table (3.0.2) unicode-display_width (>= 1.1.1, < 3) tzinfo (2.0.4) concurrent-ruby (~> 1.0) - unicode-display_width (2.1.0) + unicode-display_width (2.5.0) PLATFORMS ruby DEPENDENCIES - danger + danger (>= 8.4.3) liquid (>= 4.0.0) pmdtester rouge (>= 1.7, < 4)