Skip to content

Commit

Permalink
Vulnerable Gem updates
Browse files Browse the repository at this point in the history
* Update Loofah to mitigate CVE-2018-16468 (See flavorjones/loofah#154 for details)

* Update rake to mitigate CVE-2018-16471

* Update locked gems
  • Loading branch information
kronn authored and MartinGantenbein committed Mar 21, 2020
1 parent 4173f10 commit cd5cb94
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 73 deletions.
6 changes: 4 additions & 2 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ gem 'paranoia', '< 2.1.2' # uses 2.0 for testing (no explicit requirement, yet)
gem 'prawn', '< 2.0' # 2.0 requires ruby 2.0
gem 'prawn-table'
gem 'protective'
gem 'rack'
gem 'rails-i18n'
gem 'rails_autolink'
gem 'rubyzip', '~> 1.2.2'
Expand Down Expand Up @@ -76,9 +75,12 @@ gem 'therubyracer', platforms: :ruby
gem 'turbolinks'
gem 'uglifier'

# security updates, can be deleted if they get in the way of updates or so
# security updates, can be deleted or changed if they get in the way of updates or so
gem 'loofah', '~> 2.2.3'
gem 'rack', '~> 1.6.11'
gem 'sprockets', '~> 3.7.2'


group :development, :test do
gem 'binding_of_caller'
gem 'codez-tarantula', require: 'tarantula-rails3'
Expand Down
Loading

0 comments on commit cd5cb94

Please sign in to comment.