From 950923c7745263a7f17a1feeb876a60f20c6e8ab Mon Sep 17 00:00:00 2001
From: pwelch <pwelch@chef.io>
Date: Sun, 1 Jul 2018 10:51:42 -0400
Subject: [PATCH] Upgrade Sprockets [CVE-2018-3760]

Upgrade the Sprockets gem to patch for
[CVE-2018-3760](https://nvd.nist.gov/vuln/detail/CVE-2018-3760)

The actual sprockets CVE doesn't affect Supermarket because it does
not do asset compilation during the request/response cycle. However,
this will upgrade the gem to clear a bundle-audit failure.

Also upgrades fieri gem because it depends on Sprockets.

Fixes #1742

Signed-off-by: pwelch <pwelch@chef.io>
---
 src/fieri/Gemfile.lock       | 4 ++--
 src/supermarket/Gemfile.lock | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/fieri/Gemfile.lock b/src/fieri/Gemfile.lock
index 841aee7f3..0ed73806c 100644
--- a/src/fieri/Gemfile.lock
+++ b/src/fieri/Gemfile.lock
@@ -130,7 +130,7 @@ GEM
       method_source (~> 0.8.1)
       slop (~> 3.4)
     public_suffix (2.0.5)
-    rack (2.0.4)
+    rack (2.0.5)
     rack-protection (2.0.1)
       rack
     rack-test (0.6.3)
@@ -198,7 +198,7 @@ GEM
       rack-protection (>= 1.5.0)
       redis (~> 3.2, >= 3.2.1)
     slop (3.6.0)
-    sprockets (3.7.1)
+    sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.2.1)
diff --git a/src/supermarket/Gemfile.lock b/src/supermarket/Gemfile.lock
index 18f420845..acaa85c28 100644
--- a/src/supermarket/Gemfile.lock
+++ b/src/supermarket/Gemfile.lock
@@ -412,7 +412,7 @@ GEM
     public_suffix (2.0.5)
     pundit (1.1.0)
       activesupport (>= 3.0.0)
-    rack (2.0.4)
+    rack (2.0.5)
     rack-protection (2.0.1)
       rack
     rack-test (0.6.3)
@@ -555,7 +555,7 @@ GEM
       activesupport (>= 4.2)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
-    sprockets (3.7.1)
+    sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.2.0)