From d51a10624518bfbbd6564c057f48b24d16838476 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 19 Dec 2019 21:03:44 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-538324
---
 Gemfile      |  14 +++---
 Gemfile.lock | 132 +++++++++++++++++++++++++--------------------------
 2 files changed, 73 insertions(+), 73 deletions(-)

diff --git a/Gemfile b/Gemfile
index e70eef95..c9b4dcef 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,19 +1,19 @@
 source 'https://rubygems.org'
 
-gem 'rails', '~> 5.0.4'
+gem 'rails', '~> 5.0.7'
 gem 'puma', '~> 3.0'
-gem 'sass-rails', '~> 5.0'
+gem 'sass-rails', '~> 5.0', '>= 5.0.7'
 gem 'uglifier', '>= 1.3.0'
-gem 'coffee-rails', '~> 4.2'
-gem 'jquery-rails'
+gem 'coffee-rails', '~> 4.2', '>= 4.2.2'
+gem 'jquery-rails', '>= 4.3.3'
 gem 'turbolinks', '~> 5'
 gem 'jbuilder', '~> 2.5'
 gem 'buttercms-rails'
-gem 'react-rails'
+gem 'react-rails', '>= 2.4.7'
 gem 'underscore-rails'
 gem 'rest-client'
 gem 'fastimage'
-gem 'npm-rails'
+gem 'npm-rails', '>= 0.2.1'
 gem 'aws-sdk'
 gem 'sitemap_generator'
 
@@ -23,7 +23,7 @@ end
 
 group :development do
   gem 'sqlite3'
-  gem 'web-console', '>= 3.3.0'
+  gem 'web-console', '>= 3.7.0'
   gem 'listen', '~> 3.0.5'
   gem 'spring'
   gem 'spring-watcher-listen', '~> 2.0.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 5e7382b8..40248987 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,39 +1,39 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.0.7)
-      actionpack (= 5.0.7)
+    actioncable (5.0.7.2)
+      actionpack (= 5.0.7.2)
       nio4r (>= 1.2, < 3.0)
       websocket-driver (~> 0.6.1)
-    actionmailer (5.0.7)
-      actionpack (= 5.0.7)
-      actionview (= 5.0.7)
-      activejob (= 5.0.7)
+    actionmailer (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.0.7)
-      actionview (= 5.0.7)
-      activesupport (= 5.0.7)
+    actionpack (5.0.7.2)
+      actionview (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
       rack (~> 2.0)
       rack-test (~> 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.0.7)
-      activesupport (= 5.0.7)
+    actionview (5.0.7.2)
+      activesupport (= 5.0.7.2)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.0.7)
-      activesupport (= 5.0.7)
+    activejob (5.0.7.2)
+      activesupport (= 5.0.7.2)
       globalid (>= 0.3.6)
-    activemodel (5.0.7)
-      activesupport (= 5.0.7)
-    activerecord (5.0.7)
-      activemodel (= 5.0.7)
-      activesupport (= 5.0.7)
+    activemodel (5.0.7.2)
+      activesupport (= 5.0.7.2)
+    activerecord (5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
       arel (~> 7.0)
-    activesupport (5.0.7)
+    activesupport (5.0.7.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -636,8 +636,8 @@ GEM
     babel-transpiler (0.7.0)
       babel-source (>= 4.0, < 6)
       execjs (~> 2.0)
-    bindex (0.5.0)
-    builder (3.2.3)
+    bindex (0.8.1)
+    builder (3.2.4)
     buttercms-rails (1.2.1)
       buttercms-ruby (~> 1.3.1)
     buttercms-ruby (1.3.1)
@@ -649,84 +649,84 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    concurrent-ruby (1.0.5)
+    concurrent-ruby (1.1.5)
     connection_pool (2.2.2)
-    crass (1.0.4)
+    crass (1.0.5)
     domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
     erubis (2.7.0)
     execjs (2.7.0)
     fastimage (2.1.3)
-    ffi (1.9.25)
-    globalid (0.4.1)
+    ffi (1.11.3)
+    globalid (0.4.2)
       activesupport (>= 4.2.0)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
-    i18n (1.1.0)
+    i18n (1.7.0)
       concurrent-ruby (~> 1.0)
     jbuilder (2.7.0)
       activesupport (>= 4.2.0)
       multi_json (>= 1.2)
     jmespath (1.4.0)
-    jquery-rails (4.3.3)
+    jquery-rails (4.3.5)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
-    loofah (2.2.3)
+    loofah (2.4.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.0)
+    mail (2.7.1)
       mini_mime (>= 0.1.1)
-    method_source (0.9.0)
+    method_source (0.9.2)
     mime-types (3.2.2)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2018.0812)
-    mini_mime (1.0.1)
+    mini_mime (1.0.2)
     mini_portile2 (2.4.0)
-    minitest (5.11.3)
+    minitest (5.13.0)
     multi_json (1.13.1)
     netrc (0.11.0)
-    nio4r (2.3.1)
-    nokogiri (1.10.4)
+    nio4r (2.5.2)
+    nokogiri (1.10.7)
       mini_portile2 (~> 2.4.0)
     npm-rails (0.2.1)
       rails (>= 3.2)
     pg (1.1.2)
     puma (3.12.0)
-    rack (2.0.7)
+    rack (2.0.8)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (5.0.7)
-      actioncable (= 5.0.7)
-      actionmailer (= 5.0.7)
-      actionpack (= 5.0.7)
-      actionview (= 5.0.7)
-      activejob (= 5.0.7)
-      activemodel (= 5.0.7)
-      activerecord (= 5.0.7)
-      activesupport (= 5.0.7)
+    rails (5.0.7.2)
+      actioncable (= 5.0.7.2)
+      actionmailer (= 5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activerecord (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
       bundler (>= 1.3.0)
-      railties (= 5.0.7)
+      railties (= 5.0.7.2)
       sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
-    railties (5.0.7)
-      actionpack (= 5.0.7)
-      activesupport (= 5.0.7)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (12.3.1)
+    rake (13.0.1)
     rb-fsevent (0.10.3)
-    rb-inotify (0.9.10)
-      ffi (>= 0.5.0, < 2)
-    react-rails (2.4.7)
+    rb-inotify (0.10.0)
+      ffi (~> 1.0)
+    react-rails (2.6.0)
       babel-transpiler (>= 0.7.0)
       connection_pool
       execjs
@@ -736,7 +736,7 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    sass (3.5.7)
+    sass (3.7.4)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
       rb-fsevent (~> 0.9, >= 0.9.4)
@@ -762,9 +762,9 @@ GEM
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
     sqlite3 (1.3.13)
-    thor (0.20.0)
+    thor (1.0.1)
     thread_safe (0.3.6)
-    tilt (2.0.8)
+    tilt (2.0.10)
     turbolinks (5.2.0)
       turbolinks-source (~> 5.2)
     turbolinks-source (5.2.0)
@@ -783,7 +783,7 @@ GEM
       railties (>= 5.0)
     websocket-driver (0.6.5)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
+    websocket-extensions (0.1.4)
 
 PLATFORMS
   ruby
@@ -792,18 +792,18 @@ DEPENDENCIES
   aws-sdk
   buttercms-rails
   byebug
-  coffee-rails (~> 4.2)
+  coffee-rails (~> 4.2, >= 4.2.2)
   fastimage
   jbuilder (~> 2.5)
-  jquery-rails
+  jquery-rails (>= 4.3.3)
   listen (~> 3.0.5)
-  npm-rails
+  npm-rails (>= 0.2.1)
   pg
   puma (~> 3.0)
-  rails (~> 5.0.4)
-  react-rails
+  rails (~> 5.0.7)
+  react-rails (>= 2.4.7)
   rest-client
-  sass-rails (~> 5.0)
+  sass-rails (~> 5.0, >= 5.0.7)
   sitemap_generator
   spring
   spring-watcher-listen (~> 2.0.0)
@@ -811,10 +811,10 @@ DEPENDENCIES
   turbolinks (~> 5)
   uglifier (>= 1.3.0)
   underscore-rails
-  web-console (>= 3.3.0)
+  web-console (>= 3.7.0)
 
 RUBY VERSION
    ruby 2.5.1p57
 
 BUNDLED WITH
-   1.16.4
+   1.17.3