fix vulnerabilities loofah nokogiri puma in 1.9

Name: loofah Version: 2.2.3 Advisory: CVE-2019-15587 Criticality: Unknown URL: flavorjones/loofah#171 Title: Loofah XSS Vulnerability Solution: upgrade to >= 2.3.1 Name: nokogiri Version: 1.10.4 Advisory: CVE-2019-13117 Criticality: Unknown URL: sparklemotion/nokogiri#1943 Title: Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Solution: upgrade to >= 1.10.5 Name: puma Version: 3.12.1 Advisory: CVE-2019-16770 Criticality: High URL: GHSA-7xx3-m584-x994 Title: Keepalive thread overload/DoS in puma Solution: upgrade to ~> 3.12.2, >= 4.3.1
senid231 · Dec 11, 2019 · b61d770 · b61d770
1 parent fad3abb
commit b61d770
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -228,7 +228,7 @@ GEM
     concurrent-ruby (1.1.4)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    crass (1.0.4)
+    crass (1.0.5)
     d3-rails (3.5.2)
       railties (>= 3.1)
     daemons (1.2.6)
@@ -321,7 +321,7 @@ GEM
       addressable (~> 2.3)
     libv8 (3.16.14.19)
     locale (2.1.2)
-    loofah (2.2.3)
+    loofah (2.4.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -340,7 +340,7 @@ GEM
     net_tcp_client (2.0.1)
     netstring (0.0.3)
     nio4r (2.3.1)
-    nokogiri (1.10.4)
+    nokogiri (1.10.7)
       mini_portile2 (~> 2.4.0)
     oj (2.18.5)
     orm_adapter (0.5.0)
@@ -355,7 +355,7 @@ GEM
     pg (1.0.0)
     powerpack (0.1.2)
     public_suffix (3.0.3)
-    puma (3.12.1)
+    puma (3.12.2)
     puma_worker_killer (0.1.0)
       get_process_mem (~> 0.2)
       puma (>= 2.7, < 4)