Merge pull request #53 from oreillymedia/ATLAS-23-fix-vulnerability

ATLAS-23: Fix rake vulnerability
oreillymedia · Jan 11, 2023 · bb6047f · bb6047f
2 parents 765802a + 783bdc3
commit bb6047f
Show file tree

Hide file tree

Showing 4 changed files with 126 additions and 118 deletions.
diff --git a/Gemfile b/Gemfile
@@ -1,18 +1,23 @@
 source 'https://rubygems.org'
-ruby '1.9.3'
+ruby '2.7.6'
 
 # Specify your gem's dependencies in atlas_assets.gemspec
 gemspec
 
-gem "rake", "~> 10.0.4"
-gem "jekyll", "~> 2.0"
-gem "sass", "~> 3.2.9"
-gem 'jekyll-assets'
-gem 'coffee-script'
-gem 'rack-contrib', "~> 1.1.0"
-gem "rack-rewrite", "~> 1.3.3"
+gem "rake", "~> 13.0.0"
+gem "jekyll", "~> 3.0"
+gem "sass"
+gem "jekyll-assets", "~> 2.0.0"
+gem "coffee-script", "~> 2.4.1"
+gem 'rack-contrib'
+gem "rack-rewrite"
 gem "pygmentize", "~> 0.0.3"
-gem "kramdown", "~> 1.3"
-gem "coderay", "~> 1.0.9"
-gem "puma", "~> 2.0.1"
-gem "eco"
+gem "kramdown"
+gem "coderay", "~> 1.1.3"
+gem "puma", "~> 4.3.11"
+gem "eco", "~> 1.0.0"
+gem "sprockets"
+gem "liquid"
+gem "rack", "~> 2.1.4"
+gem "kramdown-parser-gfm"
+gem "kramdown-syntax-coderay"
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,130 +1,133 @@
 PATH
   remote: .
   specs:
-    atlas_assets (0.8.13)
-      handlebars_assets (= 0.17.1)
+    atlas_assets (0.8.14)
+      handlebars_assets (= 0.23.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.3.7)
-    blankslate (2.1.2.4)
-    celluloid (0.16.0)
-      timers (~> 4.0.0)
-    classifier-reborn (2.0.3)
-      fast-stemmer (~> 1.0)
-    coderay (1.0.9)
-    coffee-script (2.3.0)
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
+    coderay (1.1.3)
+    coffee-script (2.4.1)
       coffee-script-source
       execjs
-    coffee-script-source (1.9.1)
-    colorator (0.1)
+    coffee-script-source (1.12.2)
+    colorator (1.1.0)
+    concurrent-ruby (1.1.10)
     eco (1.0.0)
       coffee-script
       eco-source
       execjs
     eco-source (1.1.0.rc.1)
-    execjs (2.4.0)
-    fast-stemmer (1.0.2)
-    fastimage (1.6.8)
+    em-websocket (0.5.3)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0)
+    eventmachine (1.2.7)
+    execjs (2.8.1)
+    fastimage (1.8.1)
       addressable (~> 2.3, >= 2.3.5)
-    ffi (1.9.6)
-    handlebars_assets (0.17.1)
-      execjs (>= 1.2.9)
-      multi_json
-      sprockets (>= 2.0.3)
-      tilt
-    hike (1.2.3)
-    hitimes (1.2.2)
-    jekyll (2.5.3)
-      classifier-reborn (~> 2.0)
-      colorator (~> 0.1)
-      jekyll-coffeescript (~> 1.0)
-      jekyll-gist (~> 1.0)
-      jekyll-paginate (~> 1.0)
+    ffi (1.15.5)
+    forwardable-extended (2.6.0)
+    handlebars_assets (0.23.1)
+      execjs (~> 2.0)
+      multi_json (~> 1.0)
+      sprockets (>= 2.0.0)
+      tilt (>= 1.2)
+    http_parser.rb (0.8.0)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
+    jekyll (3.9.2)
+      addressable (~> 2.4)
+      colorator (~> 1.0)
+      em-websocket (~> 0.5)
+      i18n (~> 0.7)
       jekyll-sass-converter (~> 1.0)
-      jekyll-watch (~> 1.1)
-      kramdown (~> 1.3)
-      liquid (~> 2.6.1)
+      jekyll-watch (~> 2.0)
+      kramdown (>= 1.17, < 3)
+      liquid (~> 4.0)
       mercenary (~> 0.3.3)
-      pygments.rb (~> 0.6.0)
-      redcarpet (~> 3.1)
+      pathutil (~> 0.9)
+      rouge (>= 1.7, < 4)
       safe_yaml (~> 1.0)
-      toml (~> 0.1.0)
-    jekyll-assets (0.13.0)
-      fastimage (~> 1.6)
-      jekyll (~> 2.0)
-      sass (~> 3.2)
-      sprockets (~> 2.10)
-      sprockets-helpers
-      sprockets-sass
-    jekyll-coffeescript (1.0.1)
-      coffee-script (~> 2.2)
-    jekyll-gist (1.1.0)
-    jekyll-paginate (1.1.0)
-    jekyll-sass-converter (1.3.0)
-      sass (~> 3.2)
-    jekyll-watch (1.2.1)
-      listen (~> 2.7)
-    kramdown (1.6.0)
-    liquid (2.6.2)
-    listen (2.8.5)
-      celluloid (>= 0.15.2)
-      rb-fsevent (>= 0.9.3)
-      rb-inotify (>= 0.9)
-    mercenary (0.3.5)
-    multi_json (1.11.0)
-    parslet (1.5.0)
-      blankslate (~> 2.0)
-    posix-spawn (0.3.10)
-    puma (2.0.1)
-      rack (>= 1.1, < 2.0)
+    jekyll-assets (2.0.3)
+      fastimage (~> 1.8)
+      jekyll (~> 3.0)
+      sprockets (~> 3.3)
+      sprockets-helpers (~> 1.2)
+    jekyll-sass-converter (1.5.2)
+      sass (~> 3.4)
+    jekyll-watch (2.2.1)
+      listen (~> 3.0)
+    kramdown (2.4.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    kramdown-syntax-coderay (1.0.1)
+      coderay (~> 1.1)
+      kramdown (~> 2.0)
+    liquid (4.0.3)
+    listen (3.7.1)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    mercenary (0.3.6)
+    multi_json (1.15.0)
+    nio4r (2.5.8)
+    pathutil (0.16.2)
+      forwardable-extended (~> 2.6)
+    public_suffix (5.0.0)
+    puma (4.3.12)
+      nio4r (~> 2.0)
     pygmentize (0.0.3)
-    pygments.rb (0.6.2)
-      posix-spawn (~> 0.3.6)
-      yajl-ruby (~> 1.2.0)
-    rack (1.6.0)
-    rack-contrib (1.1.0)
-      rack (>= 0.9.1)
-    rack-rewrite (1.3.3)
-    rake (10.0.4)
-    rb-fsevent (0.9.4)
-    rb-inotify (0.9.5)
-      ffi (>= 0.5.0)
-    redcarpet (3.2.2)
-    safe_yaml (1.0.4)
-    sass (3.2.19)
-    sprockets (2.12.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-helpers (1.1.0)
-      sprockets (~> 2.0)
-    sprockets-sass (1.3.1)
-      sprockets (~> 2.0)
-      tilt (~> 1.1)
-    tilt (1.4.1)
-    timers (4.0.1)
-      hitimes
-    toml (0.1.2)
-      parslet (~> 1.5.0)
-    yajl-ruby (1.2.1)
+    rack (2.1.4.1)
+    rack-contrib (2.3.0)
+      rack (~> 2.0)
+    rack-rewrite (1.5.1)
+    rake (13.0.6)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    rexml (3.2.5)
+    rouge (3.30.0)
+    safe_yaml (1.0.5)
+    sass (3.7.4)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    sprockets (3.7.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-helpers (1.4.0)
+      sprockets (>= 2.2)
+    tilt (2.0.11)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   atlas_assets!
-  coderay (~> 1.0.9)
-  coffee-script
-  eco
-  jekyll (~> 2.0)
-  jekyll-assets
-  kramdown (~> 1.3)
-  puma (~> 2.0.1)
+  coderay (~> 1.1.3)
+  coffee-script (~> 2.4.1)
+  eco (~> 1.0.0)
+  jekyll (~> 3.0)
+  jekyll-assets (~> 2.0.0)
+  kramdown
+  kramdown-parser-gfm
+  kramdown-syntax-coderay
+  liquid
+  puma (~> 4.3.11)
   pygmentize (~> 0.0.3)
-  rack-contrib (~> 1.1.0)
-  rack-rewrite (~> 1.3.3)
-  rake (~> 10.0.4)
-  sass (~> 3.2.9)
+  rack (~> 2.1.4)
+  rack-contrib
+  rack-rewrite
+  rake (~> 13.0.0)
+  sass
+  sprockets
+
+RUBY VERSION
+   ruby 2.7.6p219
+
+BUNDLED WITH
+   2.3.26
diff --git a/atlas_assets.gemspec b/atlas_assets.gemspec
@@ -17,5 +17,5 @@ Gem::Specification.new do |gem|
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
 
-  gem.add_dependency "handlebars_assets", "0.17.1"
+  gem.add_dependency "handlebars_assets", "0.23.1"
 end
diff --git a/lib/atlas_assets/version.rb b/lib/atlas_assets/version.rb
@@ -1,5 +1,5 @@
 module Atlas
 	module Assets
-		VERSION = "0.8.13"
+		VERSION = "0.8.14"
 	end
 end