Merge pull request #44 from CDL-Dryad/security-2020-01

Gem updates hoping to improve security 2020 01
datadryad · Jan 14, 2020 · f1a01ab · f1a01ab
2 parents 44521cc + a85d607
commit f1a01ab
Show file tree

Hide file tree

Showing 11 changed files with 235 additions and 223 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -135,7 +135,7 @@ GEM
     ansi (1.5.0)
     arel (6.0.4)
     ast (2.4.0)
-    autoprefixer-rails (9.7.1)
+    autoprefixer-rails (9.7.3)
       execjs
     base32-url (0.5)
     bcrypt (3.1.13)
@@ -189,7 +189,7 @@ GEM
     bootstrap-sass (3.4.1)
       autoprefixer-rails (>= 5.2.1)
       sassc (>= 2.0.0)
-    builder (3.2.3)
+    builder (3.2.4)
     byebug (11.0.1)
     capistrano (3.11.2)
       airbrussh (>= 1.0.0)
@@ -203,15 +203,15 @@ GEM
     capistrano-rails (1.4.0)
       capistrano (~> 3.1)
       capistrano-bundler (~> 1.1)
-    capybara (3.29.0)
+    capybara (3.30.0)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
       regexp_parser (~> 1.5)
       xpath (~> 3.2)
-    capybara-screenshot (1.0.23)
+    capybara-screenshot (1.0.24)
       capybara (>= 1.0, < 4)
       launchy
     carrierwave (0.10.0)
@@ -230,7 +230,7 @@ GEM
       maremma (>= 4.1, < 5)
       nokogiri (~> 1.8.1)
       thor (~> 0.19)
-    citeproc (1.0.9)
+    citeproc (1.0.10)
       namae (~> 1.0)
     citeproc-ruby (1.1.10)
       citeproc (~> 1.0, >= 1.0.9)
@@ -249,17 +249,16 @@ GEM
     coffee-script-source (1.12.2)
     colorize (0.8.1)
     concurrent-ruby (1.1.5)
-    config (2.0.0)
-      activesupport (>= 4.2)
+    config (2.2.1)
       deep_merge (~> 1.2, >= 1.2.1)
-      dry-schema (~> 1.0)
+      dry-validation (~> 1.0, >= 1.0.0)
     connection_pool (2.2.2)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
     crass (1.0.5)
-    csl (1.5.0)
+    csl (1.5.1)
       namae (~> 1.0)
-    csl-styles (1.0.1.9)
+    csl-styles (1.0.1.10)
       csl (~> 1.0)
     database_cleaner (1.7.0)
     datacite-mapping (0.4.0)
@@ -285,7 +284,7 @@ GEM
     doorkeeper (5.0.2)
       railties (>= 4.2)
     dotenv (2.7.5)
-    down (5.0.0)
+    down (5.1.0)
       addressable (~> 2.5)
     dry-configurable (0.9.0)
       concurrent-ruby (~> 1.0)
@@ -297,29 +296,36 @@ GEM
       concurrent-ruby (~> 1.0)
     dry-equalizer (0.3.0)
     dry-inflector (0.2.0)
-    dry-initializer (3.0.2)
+    dry-initializer (3.0.3)
     dry-logic (1.0.5)
       concurrent-ruby (~> 1.0)
       dry-core (~> 0.2)
       dry-equalizer (~> 0.2)
-    dry-schema (1.4.1)
+    dry-schema (1.4.3)
       concurrent-ruby (~> 1.0)
       dry-configurable (~> 0.8, >= 0.8.3)
       dry-core (~> 0.4)
       dry-equalizer (~> 0.2)
       dry-initializer (~> 3.0)
       dry-logic (~> 1.0)
       dry-types (~> 1.2)
-    dry-types (1.2.1)
+    dry-types (1.2.2)
       concurrent-ruby (~> 1.0)
       dry-container (~> 0.3)
       dry-core (~> 0.4, >= 0.4.4)
-      dry-equalizer (~> 0.2, >= 0.2.2)
+      dry-equalizer (~> 0.3)
       dry-inflector (~> 0.1, >= 0.1.2)
       dry-logic (~> 1.0, >= 1.0.2)
-    ebnf (1.1.3)
-      rdf (~> 3.0)
-      sxp (~> 1.0)
+    dry-validation (1.4.1)
+      concurrent-ruby (~> 1.0)
+      dry-container (~> 0.7, >= 0.7.1)
+      dry-core (~> 0.4)
+      dry-equalizer (~> 0.2)
+      dry-initializer (~> 3.0)
+      dry-schema (~> 1.0, >= 1.4.3)
+    ebnf (1.2.0)
+      rdf (~> 3.1)
+      sxp (~> 1.1)
     edtf (3.0.5)
       activesupport (>= 3.0, < 7.0)
     equivalent-xml (0.6.0)
@@ -346,7 +352,7 @@ GEM
       faraday
     faraday_middleware (0.12.2)
       faraday (>= 0.7.4, < 1.0)
-    ffi (1.11.2)
+    ffi (1.11.3)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
@@ -394,18 +400,18 @@ GEM
     hashdiff (1.0.0)
     hashie (3.6.0)
     htmlentities (4.3.4)
-    http (4.2.0)
+    http (4.3.0)
       addressable (~> 2.3)
       http-cookie (~> 1.0)
-      http-form_data (~> 2.0)
+      http-form_data (~> 2.2)
       http-parser (~> 1.2.0)
     http-accept (1.7.0)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
-    http-form_data (2.1.1)
+    http-form_data (2.2.0)
     http-parser (1.2.1)
       ffi-compiler (>= 1.0, < 2.0)
-    httparty (0.17.1)
+    httparty (0.17.3)
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
     httpclient (2.8.3)
@@ -428,7 +434,7 @@ GEM
       turbolinks
     jquery-ui-rails (6.0.1)
       railties (>= 3.2.16)
-    json (2.2.0)
+    json (2.3.0)
     json-ld (2.2.1)
       multi_json (~> 1.12)
       rdf (>= 2.2.8, < 4.0)
@@ -454,13 +460,13 @@ GEM
     leaflet-rails (0.7.7)
     libv8 (3.16.14.19)
     link_header (0.0.8)
-    listen (3.2.0)
+    listen (3.2.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.3.1)
+    loofah (2.4.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    lumberjack (1.0.13)
+    lumberjack (1.1.1)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
     maremma (4.2.6)
@@ -477,18 +483,16 @@ GEM
     merritt-manifest (0.1.3)
       mime-types (~> 3.1)
       typesafe_enum (~> 0.1.7)
-    metaclass (0.0.4)
     method_source (0.9.2)
-    mime-types (3.3)
+    mime-types (3.3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2019.1009)
     mini_mime (1.0.2)
     mini_portile2 (2.3.0)
     minitest (5.13.0)
     mize (0.4.0)
       protocol (~> 2.0)
-    mocha (1.9.0)
-      metaclass (~> 0.0.1)
+    mocha (1.11.2)
     multi_json (1.14.1)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
@@ -534,8 +538,8 @@ GEM
       omniauth (>= 1.0.0)
     orm_adapter (0.5.0)
     pandoc-ruby (2.0.2)
-    parallel (1.19.0)
-    parser (2.6.5.0)
+    parallel (1.19.1)
+    parser (2.7.0.2)
       ast (~> 2.4.0)
     passenger (6.0.4)
       rack
@@ -557,7 +561,7 @@ GEM
       pry (~> 0.9)
       slop (~> 3.0)
     public_suffix (2.0.5)
-    rack (1.6.11)
+    rack (1.6.12)
     rack-test (0.6.3)
       rack (>= 1.0)
     rails (4.2.11)
@@ -587,20 +591,20 @@ GEM
     rainbow (3.0.0)
     rake (13.0.1)
     rb-fsevent (0.10.3)
-    rb-inotify (0.10.0)
+    rb-inotify (0.10.1)
       ffi (~> 1.0)
     rb-readline (0.5.5)
-    rdf (3.0.13)
+    rdf (3.1.1)
       hamster (~> 3.0)
       link_header (~> 0.0, >= 0.0.8)
-    rdf-aggregate-repo (2.2.1)
-      rdf (>= 2.2, < 4.0)
-    rdf-rdfa (3.0.1)
-      haml (~> 5.0)
+    rdf-aggregate-repo (3.1.0)
+      rdf (~> 3.1)
+    rdf-rdfa (3.1.0)
+      haml (~> 5.1)
       htmlentities (~> 4.3)
-      rdf (~> 3.0)
-      rdf-aggregate-repo (>= 2.2, < 4.0)
-      rdf-xsd (~> 3.0)
+      rdf (~> 3.1)
+      rdf-aggregate-repo (~> 3.1)
+      rdf-xsd (~> 3.1)
     rdf-rdfxml (2.2.1)
       htmlentities (~> 4.3)
       rdf (>= 2.2, < 4.0)
@@ -609,8 +613,8 @@ GEM
     rdf-turtle (2.2.2)
       ebnf (~> 1.1)
       rdf (>= 2.2, < 4.0)
-    rdf-xsd (3.0.1)
-      rdf (~> 3.0)
+    rdf-xsd (3.1.0)
+      rdf (~> 3.1)
     redcarpet (3.5.0)
     ref (2.0.0)
     regexp_parser (1.6.0)
@@ -633,12 +637,12 @@ GEM
       rspec-mocks (~> 3.9.0)
     rspec-collection_matchers (1.2.0)
       rspec-expectations (>= 2.99.0.beta1)
-    rspec-core (3.9.0)
-      rspec-support (~> 3.9.0)
+    rspec-core (3.9.1)
+      rspec-support (~> 3.9.1)
     rspec-expectations (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.0)
+    rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-rails (3.9.0)
@@ -649,7 +653,7 @@ GEM
       rspec-expectations (~> 3.9.0)
       rspec-mocks (~> 3.9.0)
       rspec-support (~> 3.9.0)
-    rspec-support (3.9.0)
+    rspec-support (3.9.2)
     rubocop (0.57.2)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
@@ -677,7 +681,7 @@ GEM
       tilt (>= 1.1, < 3)
     sassc (2.2.1)
       ffi (~> 1.9)
-    selenium-webdriver (3.142.6)
+    selenium-webdriver (3.142.7)
       childprocess (>= 0.5, < 4.0)
       rubyzip (>= 1.2.2)
     serrano (0.5.0)
@@ -727,8 +731,9 @@ GEM
     stripe (4.16.0)
       faraday (~> 0.13)
       net-http-persistent (~> 3.0)
-    sxp (1.0.2)
-      rdf (~> 3.0)
+    sxp (1.1.0)
+      rdf (~> 3.1)
+    sync (0.5.0)
     temple (0.8.2)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
@@ -740,8 +745,9 @@ GEM
     thor (0.20.3)
     thread_safe (0.3.6)
     tilt (2.0.10)
-    tins (1.22.2)
-    trollop (2.9.9)
+    tins (1.24.0)
+      sync
+    trollop (2.9.10)
     turbolinks (5.2.1)
       turbolinks-source (~> 5.2)
     turbolinks-source (5.2.0)
@@ -750,7 +756,7 @@ GEM
       jquery-rails
       railties (>= 3.1)
     typesafe_enum (0.1.9)
-    tzinfo (1.2.5)
+    tzinfo (1.2.6)
       thread_safe (~> 0.1)
     uglifier (3.0.4)
       execjs (>= 0.3.0, < 3)
@@ -766,7 +772,7 @@ GEM
       binding_of_caller (>= 0.7.2)
       railties (>= 4.0)
       sprockets-rails (>= 2.0, < 4.0)
-    webdrivers (4.1.3)
+    webdrivers (4.2.0)
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
       selenium-webdriver (>= 3.0, < 4.0)

diff --git a/stash/script/counter-uploader/Gemfile.lock b/stash/script/counter-uploader/Gemfile.lock
@@ -32,7 +32,8 @@ GEM
       faraday-encoding (~> 0.0.1)
       faraday_middleware (~> 0.10.0)
       multi_json (~> 1.12)
-      nokogiri (~> 1.6, >= 1.6.8)
+      nokogiri (>= 1.10.7)
+      nokogiri (>= 1.10.7)
       oj (>= 2.8.3)
     mime-types (3.2.2)
       mime-types-data (~> 3.2015)
@@ -42,7 +43,7 @@ GEM
     multi_json (1.13.1)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    nokogiri (1.10.3)
+    nokogiri (1.10.7)
       mini_portile2 (~> 2.4.0)
     oj (3.7.11)
     public_suffix (3.1.1)