Skip to content

Commit

Permalink
security: bump nokogiri and httparty (#84)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jufemaiz
jufemaiz authored Jun 16, 2023
1 parent 4ed055a commit b0f5710
Show file tree
Hide file tree
Showing 5 changed files with 73 additions and 43 deletions.
2 changes: 1 addition & 1 deletion .rubocop.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ AllCops:
DisplayCopNames: true
DisplayStyleGuide: true
ExtraDetails: true
TargetRubyVersion: 2.3
TargetRubyVersion: 2.6

Style/StringLiterals:
EnforcedStyle: single_quotes
Expand Down
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
# AEMO Gem Changelog

## [v0.5.1] (2023-06-16)

### Changed

* bump `httparty` to `>= 0.21.0` to resolve security issue.
* bump `nokogiri` to `>= 1.14.3` to resolve `libxml2` security issue.


## [v0.5.0] (2022-09-19)

### Added
Expand Down
100 changes: 61 additions & 39 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
@@ -1,137 +1,159 @@
PATH
remote: .
specs:
aemo (0.5.0)
aemo (0.5.1)
activesupport (>= 4.2.6, < 7.1)
httparty (~> 0.15, >= 0.15.6)
httparty (~> 0.21, >= 0.21.0)
json (>= 1.7.5, < 3)
multi_xml (~> 0.6, >= 0.5.0)
nokogiri (~> 1.10, >= 1.10.4)
nokogiri (~> 1.14, >= 1.14.3)
rexml

GEM
remote: https://rubygems.org/
specs:
activesupport (6.1.7.3)
activesupport (7.0.5)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
zeitwerk (~> 2.3)
addressable (2.8.1)
public_suffix (>= 2.0.2, < 6.0)
addressable (2.8.4)
public_suffix (>= 2.0.2, < 6.0)
ast (2.4.0)
ast (2.4.2)
awesome_print (1.8.0)
awesome_print (1.9.2)
coderay (1.1.3)
concurrent-ruby (1.1.10)
concurrent-ruby (1.2.2)
coveralls (0.8.23)
json (>= 1.8, < 3)
simplecov (~> 0.16.1)
term-ansicolor (~> 1.3)
thor (>= 0.19.4, < 2.0)
tins (~> 1.6)
crack (0.4.3)
safe_yaml (~> 1.0.0)
crack (0.4.5)
rexml
diff-lcs (1.5.0)
docile (1.3.2)
docile (1.4.0)
ffi (1.15.5)
formatador (0.2.5)
guard (2.17.0)
formatador (1.1.0)
guard (2.18.0)
formatador (>= 0.2.4)
listen (>= 2.7, < 4.0)
lumberjack (>= 1.0.12, < 2.0)
nenv (~> 0.1)
notiffany (~> 0.0)
pry (>= 0.9.12)
pry (>= 0.13.0)
shellany (~> 0.0)
thor (>= 0.18.1)
guard-yard (2.2.1)
guard (>= 1.1.0)
yard (>= 0.7.0)
hashdiff (1.0.0)
hashdiff (1.0.1)
httparty (0.21.0)
mini_mime (>= 1.0.0)
multi_xml (>= 0.5.2)
i18n (1.12.0)
i18n (1.14.1)
concurrent-ruby (~> 1.0)
json (2.3.1)
json (2.6.3)
listen (3.8.0)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
lumberjack (1.0.13)
lumberjack (1.2.8)
method_source (0.9.2)
method_source (1.0.0)
mini_mime (1.1.2)
mini_portile2 (2.8.0)
minitest (5.18.0)
multi_xml (0.6.0)
nenv (0.3.0)
nokogiri (1.13.10)
mini_portile2 (~> 2.8.0)
nokogiri (1.15.2-x86_64-darwin)
racc (~> 1.4)
notiffany (0.1.3)
nenv (~> 0.1)
shellany (~> 0.0)
parallel (1.17.0)
parser (2.6.3.0)
ast (~> 2.4.0)
parallel (1.23.0)
parser (2.7.2.0)
ast (~> 2.4.1)
powerpack (0.1.2)
pry (0.12.2)
coderay (~> 1.1.0)
method_source (~> 0.9.0)
powerpack (0.1.3)
pry (0.14.2)
coderay (~> 1.1)
method_source (~> 1.0)
psych (5.1.0)
stringio
public_suffix (4.0.6)
public_suffix (5.0.1)
racc (1.6.2)
racc (1.7.1)
rack (3.0.6.1)
rack (3.0.8)
rainbow (3.0.0)
rainbow (3.1.1)
rb-fsevent (0.11.0)
rb-fsevent (0.11.2)
rb-inotify (0.10.1)
ffi (~> 1.0)
rdoc (6.3.2)
rdoc (6.5.0)
psych (>= 4.0.0)
rexml (3.2.5)
rspec (3.8.0)
rspec-core (~> 3.8.0)
rspec-expectations (~> 3.8.0)
rspec-mocks (~> 3.8.0)
rspec-core (3.8.2)
rspec-support (~> 3.8.0)
rspec-expectations (3.8.6)
rspec (3.12.0)
rspec-core (~> 3.12.0)
rspec-expectations (~> 3.12.0)
rspec-mocks (~> 3.12.0)
rspec-core (3.12.2)
rspec-support (~> 3.12.0)
rspec-expectations (3.12.3)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0)
rspec-mocks (3.8.1)
rspec-support (~> 3.12.0)
rspec-mocks (3.12.5)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0)
rspec-support (3.8.2)
rspec-support (~> 3.12.0)
rspec-support (3.12.0)
rubocop (0.52.1)
parallel (~> 1.10)
parser (>= 2.4.0.2, < 3.0)
powerpack (~> 0.1)
rainbow (>= 2.2.2, < 4.0)
ruby-progressbar (~> 1.7)
unicode-display_width (~> 1.0, >= 1.0.1)
ruby-progressbar (1.10.1)
safe_yaml (1.0.5)
ruby-progressbar (1.13.0)
shellany (0.0.1)
simplecov (0.16.1)
docile (~> 1.1)
json (>= 1.8, < 3)
simplecov-html (~> 0.10.0)
simplecov-html (0.10.2)
stringio (3.0.7)
sync (0.5.0)
term-ansicolor (1.7.1)
tins (~> 1.0)
thor (0.20.3)
timecop (0.9.1)
tins (1.21.1)
tzinfo (2.0.5)
thor (1.2.2)
timecop (0.9.6)
tins (1.32.1)
sync
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
unicode-display_width (1.6.0)
webmock (3.6.2)
addressable (>= 2.3.6)
unicode-display_width (1.8.0)
webmock (3.18.1)
addressable (>= 2.8.0)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
yard (0.9.20)
yard (0.9.34)
zeitwerk (2.6.7)

PLATFORMS
ruby
x86_64-darwin-19

DEPENDENCIES
addressable (~> 2.8, >= 2.8.0)!
Expand Down
4 changes: 2 additions & 2 deletions aemo.gemspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,10 @@ Gem::Specification.new do |s|

# Production Dependencies
s.add_dependency 'activesupport', '>= 4.2.6', '< 7.1'
s.add_dependency 'httparty', '~> 0.15', '>= 0.15.6'
s.add_dependency 'httparty', '~> 0.21', '>= 0.21.0'
s.add_dependency 'json', '>= 1.7.5', '< 3'
s.add_dependency 'multi_xml', '~> 0.6', '>= 0.5.0'
s.add_dependency 'nokogiri', '~> 1.10', '>= 1.10.4'
s.add_dependency 'nokogiri', '~> 1.14', '>= 1.14.3'
s.add_dependency 'rexml'

# Development Dependencies
Expand Down
2 changes: 1 addition & 1 deletion lib/aemo/version.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
# @author Joel Courtney <[email protected]>
module AEMO
# aemo version
VERSION = '0.5.0'
VERSION = '0.5.1'

# aemo version split amongst different revisions
MAJOR_VERSION, MINOR_VERSION, REVISION = VERSION.split('.').map(&:to_i)
Expand Down

0 comments on commit b0f5710

Please sign in to comment.