gollum: 5.1 -> 5.1.1 (security, CVE-2020-14001)

This also fixes a potential security issue (reported by bundler-audit) by updating kramdown to 2.3.0 for CVE-2020-14001 [0]. [0]: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6
2020-08-13 21:08:06 +02:00 · 2020-08-13 21:08:06 +02:00 · 6e4042d067
parent 421b2a04b0
commit 6e4042d067
2 changed files with 15 additions and 13 deletions
--- a/pkgs/applications/misc/gollum/Gemfile.lock
+++ b/pkgs/applications/misc/gollum/Gemfile.lock
@ -2,17 +2,17 @@ GEM
  remote: https://rubygems.org/
  specs:
    backports (3.18.1)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.7)
    crass (1.0.6)
    execjs (2.7.0)
    ffi (1.13.1)
    gemojione (4.3.3)
      json
    github-markup (3.0.4)
-    gollum (5.1)
+    gollum (5.1.1)
      gemojione (~> 4.1)
      gollum-lib (~> 5.0)
-      kramdown (~> 2.1.0)
+      kramdown (~> 2.3)
      kramdown-parser-gfm (~> 1.0.0)
      mustache (>= 0.99.5, < 1.0.0)
      octicons (~> 8.5)
@ -38,7 +38,8 @@ GEM
      mime-types (>= 1.15)
      rugged (~> 0.99)
    json (2.3.1)
-    kramdown (2.1.0)
+    kramdown (2.3.0)
+      rexml
    kramdown-parser-gfm (1.0.1)
      kramdown (~> 2.0)
    loofah (2.6.0)
@ -63,7 +64,7 @@ GEM
    rb-inotify (0.10.1)
      ffi (~> 1.0)
    rexml (3.2.4)
-    rouge (3.21.0)
+    rouge (3.22.0)
    rss (0.2.9)
      rexml
    ruby2_keywords (0.0.2)
--- a/pkgs/applications/misc/gollum/gemset.nix
+++ b/pkgs/applications/misc/gollum/gemset.nix
@ -14,10 +14,10 @@
    platforms = [];
    source = {
      remotes = ["https://rubygems.org"];
-      sha256 = "094387x4yasb797mv07cs3g6f08y56virc2rjcpb1k79rzaj3nhl";
+      sha256 = "1vnxrbhi7cq3p4y2v9iwd10v1c7l15is4var14hwnb2jip4fyjzz";
      type = "gem";
    };
-    version = "1.1.6";
+    version = "1.1.7";
  };
  crass = {
    groups = ["default"];
@ -76,10 +76,10 @@
    platforms = [];
    source = {
      remotes = ["https://rubygems.org"];
-      sha256 = "06qc6flb2sik64ich3j4a9yky9cqsj77vdjff51wxi4lhd9ga6sk";
+      sha256 = "14i6y3ilv9l7cqvkawl75js26cfj1pd8cphhmq9lic95ajvdf371";
      type = "gem";
    };
-    version = "5.1";
+    version = "5.1.1";
  };
  gollum-lib = {
    dependencies = ["gemojione" "github-markup" "gollum-rugged_adapter" "loofah" "nokogiri" "octicons" "rouge" "twitter-text"];
@ -114,14 +114,15 @@
    version = "2.3.1";
  };
  kramdown = {
+    dependencies = ["rexml"];
    groups = ["default"];
    platforms = [];
    source = {
      remotes = ["https://rubygems.org"];
-      sha256 = "1dl840bvx8d9nq6lg3mxqyvbiqnr6lk3jfsm6r8zhz7p5srmd688";
+      sha256 = "1vmw752c26ny2jwl0npn0gbyqwgz4hdmlpxnsld9qi9xhk5b1qh7";
      type = "gem";
    };
-    version = "2.1.0";
+    version = "2.3.0";
  };
  kramdown-parser-gfm = {
    dependencies = ["kramdown"];
@ -286,10 +287,10 @@
    platforms = [];
    source = {
      remotes = ["https://rubygems.org"];
-      sha256 = "1agrrmj88k9jkk36ra1ml2c1jffpp595pkxmcla74ac9ia09vn3s";
+      sha256 = "1wcz7i009wdbymlfsamagqi18m6ih8j60bii0k18f21g70r72i0m";
      type = "gem";
    };
-    version = "3.21.0";
+    version = "3.22.0";
  };
  rss = {
    dependencies = ["rexml"];