From 82e872e8ba927a4c97a8a34aad4f66bf5cc89dc2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 20 Jan 2023 03:08:59 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242 --- Gemfile | 2 +- Gemfile.lock | 94 +++++++++++++++++++++++++++++----------------------- 2 files changed, 54 insertions(+), 42 deletions(-) diff --git a/Gemfile b/Gemfile index 794ff40..ed39cd1 100644 --- a/Gemfile +++ b/Gemfile @@ -6,5 +6,5 @@ gem "dotenv", "~> 2.4" plugins_path = File.join(File.dirname(__FILE__), 'fastlane', 'Pluginfile') eval_gemfile(plugins_path) if File.exist?(plugins_path) -gem "cocoapods", "~> 1.5" +gem "cocoapods", "~> 1.11", ">= 1.11.0" gem 'slather' diff --git a/Gemfile.lock b/Gemfile.lock index 237e13e..3911b84 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,14 +1,16 @@ GEM remote: https://rubygems.org/ specs: - CFPropertyList (3.0.3) - activesupport (5.2.6) + CFPropertyList (3.0.5) + rexml + activesupport (6.1.7.1) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - addressable (2.7.0) - public_suffix (>= 2.0.2, < 5.0) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) algoliasearch (1.27.5) httpclient (~> 2.8, >= 2.8.3) json (>= 1.5.1) @@ -31,11 +33,12 @@ GEM aws-sigv4 (1.2.3) aws-eventstream (~> 1, >= 1.0.2) babosa (1.0.4) - claide (1.0.3) - cocoapods (1.10.1) - addressable (~> 2.6) + claide (1.1.0) + clamp (1.3.2) + cocoapods (1.11.3) + addressable (~> 2.8) claide (>= 1.0.2, < 2.0) - cocoapods-core (= 1.10.1) + cocoapods-core (= 1.11.3) cocoapods-deintegrate (>= 1.0.3, < 2.0) cocoapods-downloader (>= 1.4.0, < 2.0) cocoapods-plugins (>= 1.0.0, < 2.0) @@ -46,26 +49,26 @@ GEM escape (~> 0.0.4) fourflusher (>= 2.3.0, < 3.0) gh_inspector (~> 1.0) - molinillo (~> 0.6.6) + molinillo (~> 0.8.0) nap (~> 1.0) - ruby-macho (~> 1.4) - xcodeproj (>= 1.19.0, < 2.0) - cocoapods-core (1.10.1) - activesupport (> 5.0, < 6) - addressable (~> 2.6) + ruby-macho (>= 1.0, < 3.0) + xcodeproj (>= 1.21.0, < 2.0) + cocoapods-core (1.11.3) + activesupport (>= 5.0, < 7) + addressable (~> 2.8) algoliasearch (~> 1.0) concurrent-ruby (~> 1.1) fuzzy_match (~> 2.0.4) nap (~> 1.0) netrc (~> 0.11) - public_suffix + public_suffix (~> 4.0) typhoeus (~> 1.0) - cocoapods-deintegrate (1.0.4) - cocoapods-downloader (1.4.0) + cocoapods-deintegrate (1.0.5) + cocoapods-downloader (1.6.3) cocoapods-plugins (1.0.0) nap - cocoapods-search (1.0.0) - cocoapods-trunk (1.5.0) + cocoapods-search (1.0.1) + cocoapods-trunk (1.6.0) nap (>= 0.8, < 2.0) netrc (~> 0.11) cocoapods-try (1.2.0) @@ -73,7 +76,7 @@ GEM colored2 (3.1.2) commander (4.6.0) highline (~> 2.0.0) - concurrent-ruby (1.1.8) + concurrent-ruby (1.1.10) declarative (0.0.20) digest-crc (0.6.3) rake (>= 12.0.0, < 14.0.0) @@ -82,7 +85,7 @@ GEM dotenv (2.7.6) emoji_regex (3.2.2) escape (0.0.4) - ethon (0.14.0) + ethon (0.16.0) ffi (>= 1.15.0) excon (0.82.0) faraday (1.4.2) @@ -142,9 +145,7 @@ GEM xcodeproj (>= 1.13.0, < 2.0.0) xcpretty (~> 0.3.0) xcpretty-travis-formatter (>= 0.0.3) - fastlane-plugin-auth0_shipper (0.4.1) - semantic (~> 1.5) - ffi (1.15.1) + ffi (1.15.5) fourflusher (2.3.1) fuzzy_match (2.0.4) gh_inspector (1.1.3) @@ -191,25 +192,30 @@ GEM http-cookie (1.0.3) domain_name (~> 0.5) httpclient (2.8.3) - i18n (1.8.10) + i18n (1.12.0) concurrent-ruby (~> 1.0) jmespath (1.4.0) - json (2.5.1) + json (2.6.3) jwt (2.2.3) memoist (0.16.2) mini_magick (4.11.0) mini_mime (1.1.0) - minitest (5.14.4) - molinillo (0.6.6) + mini_portile2 (2.8.1) + minitest (5.17.0) + molinillo (0.8.0) multi_json (1.15.0) multipart-post (2.0.0) nanaimo (0.3.0) nap (1.1.0) naturally (2.2.1) netrc (0.11.0) + nokogiri (1.14.0) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) os (1.1.1) plist (3.6.0) - public_suffix (4.0.6) + public_suffix (4.0.7) + racc (1.6.2) rake (13.0.3) representable (3.1.1) declarative (< 0.1.0) @@ -218,11 +224,10 @@ GEM retriable (3.1.2) rexml (3.2.5) rouge (2.0.7) - ruby-macho (1.4.0) + ruby-macho (2.5.1) ruby2_keywords (0.0.4) rubyzip (2.3.0) security (0.1.3) - semantic (1.6.1) signet (0.15.0) addressable (~> 2.3) faraday (>= 0.17.3, < 2.0) @@ -231,10 +236,15 @@ GEM simctl (1.6.8) CFPropertyList naturally + slather (2.7.4) + CFPropertyList (>= 2.2, < 4) + activesupport + clamp (~> 1.3) + nokogiri (>= 1.13.9) + xcodeproj (~> 1.21) terminal-notifier (2.0.0) terminal-table (1.8.0) unicode-display_width (~> 1.1, >= 1.1.1) - thread_safe (0.3.6) trailblazer-option (0.1.1) tty-cursor (0.7.1) tty-screen (0.8.1) @@ -242,8 +252,8 @@ GEM tty-cursor (~> 0.7) typhoeus (1.4.0) ethon (>= 0.9.0) - tzinfo (1.2.9) - thread_safe (~> 0.1) + tzinfo (2.0.5) + concurrent-ruby (~> 1.0) uber (0.1.0) unf (0.1.4) unf_ext @@ -251,25 +261,27 @@ GEM unicode-display_width (1.7.0) webrick (1.7.0) word_wrap (1.0.0) - xcodeproj (1.19.0) + xcodeproj (1.22.0) CFPropertyList (>= 2.3.3, < 4.0) atomos (~> 0.1.3) claide (>= 1.0.2, < 2.0) colored2 (~> 3.1) nanaimo (~> 0.3.0) + rexml (~> 3.2.4) xcpretty (0.3.0) rouge (~> 2.0.7) xcpretty-travis-formatter (1.0.1) xcpretty (~> 0.2, >= 0.0.7) + zeitwerk (2.6.6) PLATFORMS ruby DEPENDENCIES - cocoapods (~> 1.5) + cocoapods (~> 1.11, >= 1.11.0) dotenv (~> 2.4) fastlane (~> 2.96) - fastlane-plugin-auth0_shipper + slather BUNDLED WITH - 2.2.18 + 2.1.4