bump dependencies for rack CVEs
https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag https://groups.google.com/forum/#!topic/rubyonrails-security/U_x-YkfuVTg
This commit is contained in:
parent
bf3451a80f
commit
386a3452b9
35
Gemfile.lock
35
Gemfile.lock
|
@ -52,21 +52,22 @@ GEM
|
|||
ast (2.4.0)
|
||||
bcrypt (3.1.12)
|
||||
builder (3.2.3)
|
||||
bullet (5.7.6)
|
||||
bullet (5.8.1)
|
||||
activesupport (>= 3.0.0)
|
||||
uniform_notifier (~> 1.11.0)
|
||||
uniform_notifier (~> 1.11)
|
||||
byebug (10.0.2)
|
||||
capybara (3.9.0)
|
||||
capybara (3.10.1)
|
||||
addressable
|
||||
mini_mime (>= 0.1.3)
|
||||
nokogiri (~> 1.8)
|
||||
rack (>= 1.6.0)
|
||||
rack-test (>= 0.6.3)
|
||||
xpath (~> 3.1)
|
||||
regexp_parser (~> 1.2)
|
||||
xpath (~> 3.2)
|
||||
chunky_png (1.3.10)
|
||||
commonmarker (0.18.1)
|
||||
ruby-enum (~> 0.5)
|
||||
concurrent-ruby (1.0.5)
|
||||
concurrent-ruby (1.1.1)
|
||||
crass (1.0.4)
|
||||
diff-lcs (1.3)
|
||||
dynamic_form (1.1.4)
|
||||
|
@ -102,14 +103,14 @@ GEM
|
|||
rb-fsevent (~> 0.9, >= 0.9.4)
|
||||
rb-inotify (~> 0.9, >= 0.9.7)
|
||||
ruby_dep (~> 1.2)
|
||||
loofah (2.2.2)
|
||||
loofah (2.2.3)
|
||||
crass (~> 1.0.2)
|
||||
nokogiri (>= 1.5.9)
|
||||
mail (2.7.1)
|
||||
mini_mime (>= 0.1.1)
|
||||
marcel (0.3.3)
|
||||
mimemagic (~> 0.3.2)
|
||||
method_source (0.9.0)
|
||||
method_source (0.9.1)
|
||||
mimemagic (0.3.2)
|
||||
mini_mime (1.0.1)
|
||||
mini_portile2 (2.3.0)
|
||||
|
@ -120,11 +121,11 @@ GEM
|
|||
mini_portile2 (~> 2.3.0)
|
||||
oauth (0.5.4)
|
||||
parallel (1.12.1)
|
||||
parser (2.5.1.2)
|
||||
parser (2.5.3.0)
|
||||
ast (~> 2.4.0)
|
||||
powerpack (0.1.2)
|
||||
public_suffix (3.0.3)
|
||||
rack (2.0.5)
|
||||
rack (2.0.6)
|
||||
rack-test (1.1.0)
|
||||
rack (>= 1.0, < 3)
|
||||
rails (5.2.1)
|
||||
|
@ -158,7 +159,9 @@ GEM
|
|||
rb-inotify (0.9.10)
|
||||
ffi (>= 0.5.0, < 2)
|
||||
rb-readline (0.5.5)
|
||||
rotp (3.3.1)
|
||||
regexp_parser (1.2.0)
|
||||
rotp (4.0.2)
|
||||
addressable (~> 2.5)
|
||||
rqrcode (0.10.1)
|
||||
chunky_png (~> 1.0)
|
||||
rspec-core (3.8.0)
|
||||
|
@ -169,7 +172,7 @@ GEM
|
|||
rspec-mocks (3.8.0)
|
||||
diff-lcs (>= 1.2.0, < 2.0)
|
||||
rspec-support (~> 3.8.0)
|
||||
rspec-rails (3.8.0)
|
||||
rspec-rails (3.8.1)
|
||||
actionpack (>= 3.0)
|
||||
activesupport (>= 3.0)
|
||||
railties (>= 3.0)
|
||||
|
@ -178,16 +181,16 @@ GEM
|
|||
rspec-mocks (~> 3.8.0)
|
||||
rspec-support (~> 3.8.0)
|
||||
rspec-support (3.8.0)
|
||||
rubocop (0.59.2)
|
||||
rubocop (0.60.0)
|
||||
jaro_winkler (~> 1.5.1)
|
||||
parallel (~> 1.10)
|
||||
parser (>= 2.5, != 2.5.1.1)
|
||||
powerpack (~> 0.1)
|
||||
rainbow (>= 2.2.2, < 4.0)
|
||||
ruby-progressbar (~> 1.7)
|
||||
unicode-display_width (~> 1.0, >= 1.0.1)
|
||||
rubocop-rspec (1.30.0)
|
||||
rubocop (>= 0.58.0)
|
||||
unicode-display_width (~> 1.4.0)
|
||||
rubocop-rspec (1.30.1)
|
||||
rubocop (>= 0.60.0)
|
||||
ruby-enum (0.7.2)
|
||||
i18n
|
||||
ruby-progressbar (1.10.0)
|
||||
|
@ -218,7 +221,7 @@ GEM
|
|||
unicorn (5.4.1)
|
||||
kgio (~> 2.6)
|
||||
raindrops (~> 0.7)
|
||||
uniform_notifier (1.11.0)
|
||||
uniform_notifier (1.12.1)
|
||||
websocket-driver (0.7.0)
|
||||
websocket-extensions (>= 0.1.0)
|
||||
websocket-extensions (0.1.3)
|
||||
|
|
|
@ -41,7 +41,7 @@ class Comment < ApplicationRecord
|
|||
# after this many minutes old, a comment cannot be edited
|
||||
MAX_EDIT_MINS = (60 * 6)
|
||||
|
||||
SCORE_RANGE_TO_HIDE = (-2 .. 4)
|
||||
SCORE_RANGE_TO_HIDE = (-2 .. 4).freeze
|
||||
|
||||
validate do
|
||||
self.comment.to_s.strip == "" &&
|
||||
|
|
|
@ -126,10 +126,10 @@ class Story < ApplicationRecord
|
|||
wp.me ➡.ws ✩.ws x.co yep.it yourls.org zip.net }.freeze
|
||||
|
||||
# URI.parse is not very lenient, so we can't use it
|
||||
URL_RE = /\A(?<protocol>https?):\/\/(?<domain>([^\.\/]+\.)+[a-z]+)(?<port>:\d+)?(\/|\z)/i
|
||||
URL_RE = /\A(?<protocol>https?):\/\/(?<domain>([^\.\/]+\.)+[a-z]+)(?<port>:\d+)?(\/|\z)/i.freeze
|
||||
|
||||
# Dingbats, emoji, and other graphics https://www.unicode.org/charts/
|
||||
GRAPHICS_RE = /[\u{0000}-\u{001F}\u{2190}-\u{27BF}\u{1F000}-\u{1F9FF}]/
|
||||
GRAPHICS_RE = /[\u{0000}-\u{001F}\u{2190}-\u{27BF}\u{1F000}-\u{1F9FF}]/.freeze
|
||||
|
||||
attr_accessor :already_posted_story, :editing_from_suggestions, :editor,
|
||||
:fetching_ip, :is_hidden_by_cur_user, :is_saved_by_cur_user,
|
||||
|
|
|
@ -75,7 +75,7 @@ class User < ApplicationRecord
|
|||
|
||||
validates :password, :presence => true, :on => :create
|
||||
|
||||
VALID_USERNAME = /[A-Za-z0-9][A-Za-z0-9_-]{0,24}/
|
||||
VALID_USERNAME = /[A-Za-z0-9][A-Za-z0-9_-]{0,24}/.freeze
|
||||
validates :username,
|
||||
:format => { :with => /\A#{VALID_USERNAME}\z/ },
|
||||
:uniqueness => { :case_sensitive => false }
|
||||
|
|
Loading…
Reference in New Issue