From 950923c7745263a7f17a1feeb876a60f20c6e8ab Mon Sep 17 00:00:00 2001 From: pwelch <pwelch@chef.io> Date: Sun, 1 Jul 2018 10:51:42 -0400 Subject: [PATCH] Upgrade Sprockets [CVE-2018-3760] Upgrade the Sprockets gem to patch for [CVE-2018-3760](https://nvd.nist.gov/vuln/detail/CVE-2018-3760) The actual sprockets CVE doesn't affect Supermarket because it does not do asset compilation during the request/response cycle. However, this will upgrade the gem to clear a bundle-audit failure. Also upgrades fieri gem because it depends on Sprockets. Fixes #1742 Signed-off-by: pwelch <pwelch@chef.io> --- src/fieri/Gemfile.lock | 4 ++-- src/supermarket/Gemfile.lock | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/fieri/Gemfile.lock b/src/fieri/Gemfile.lock index 841aee7f3..0ed73806c 100644 --- a/src/fieri/Gemfile.lock +++ b/src/fieri/Gemfile.lock @@ -130,7 +130,7 @@ GEM method_source (~> 0.8.1) slop (~> 3.4) public_suffix (2.0.5) - rack (2.0.4) + rack (2.0.5) rack-protection (2.0.1) rack rack-test (0.6.3) @@ -198,7 +198,7 @@ GEM rack-protection (>= 1.5.0) redis (~> 3.2, >= 3.2.1) slop (3.6.0) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) diff --git a/src/supermarket/Gemfile.lock b/src/supermarket/Gemfile.lock index 18f420845..acaa85c28 100644 --- a/src/supermarket/Gemfile.lock +++ b/src/supermarket/Gemfile.lock @@ -412,7 +412,7 @@ GEM public_suffix (2.0.5) pundit (1.1.0) activesupport (>= 3.0.0) - rack (2.0.4) + rack (2.0.5) rack-protection (2.0.1) rack rack-test (0.6.3) @@ -555,7 +555,7 @@ GEM activesupport (>= 4.2) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.0)