From 8d23a5c55f8ce86c0adf1573c3955423ef9ffb04 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Wed, 6 Jul 2016 15:49:58 +0900 Subject: [PATCH 1/2] Update nokogiri to 1.6.8 to fix its security issue The security issue is fixed in this version. See also https://github.com/sparklemotion/nokogiri/issues/1473 --- Gemfile | 4 +++- Gemfile.lock | 14 ++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index 2feed9c..be5a1ef 100644 --- a/Gemfile +++ b/Gemfile @@ -7,4 +7,6 @@ gem 'selenium-webdriver' gem 'rakuten_web_service' gem 'dotenv' -# gem "rails" +# This version dependency is required to resolve this install issue: +# https://github.com/flori/json/issues/229 +gem 'json', '~> 1.8.2' diff --git a/Gemfile.lock b/Gemfile.lock index 4fd15e4..ae9dc79 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -18,13 +18,15 @@ GEM faraday_middleware (0.9.0) faraday (>= 0.7.4, < 0.9) ffi (1.9.0) - json (1.8.0) + json (1.8.3) mime-types (1.24) - mini_portile (0.5.1) + mini_portile2 (2.1.0) multi_json (1.7.9) multipart-post (1.2.0) - nokogiri (1.6.0) - mini_portile (~> 0.5.0) + nokogiri (1.6.8) + mini_portile2 (~> 2.1.0) + pkg-config (~> 1.1.7) + pkg-config (1.1.7) rack (1.5.2) rack-test (0.6.2) rack (>= 1.0) @@ -48,5 +50,9 @@ DEPENDENCIES capybara capybara-webkit dotenv + json (~> 1.8.2) rakuten_web_service selenium-webdriver + +BUNDLED WITH + 1.10.6 From e08492a3c03c61cb846e639c013b273507cc2a41 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Wed, 6 Jul 2016 15:54:27 +0900 Subject: [PATCH 2/2] Update rack to fix its security issue The report is here: https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index ae9dc79..0fc0a3e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -27,7 +27,7 @@ GEM mini_portile2 (~> 2.1.0) pkg-config (~> 1.1.7) pkg-config (1.1.7) - rack (1.5.2) + rack (2.0.1) rack-test (0.6.2) rack (>= 1.0) rakuten_web_service (0.1.0)