From 5f72f7c27f7abcacd626756a995a0d0b45aa793a Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Thu, 13 Aug 2020 20:54:00 +0200 Subject: [PATCH] jekyll: Update the dependencies (security, CVE-2020-14001) This fixes a potential security issue (reported by bundler-audit) by updating kramdown to 2.3.0 for CVE-2020-14001 [0]. [0]: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6 --- .../misc/jekyll/basic/Gemfile.lock | 14 ++++---- .../applications/misc/jekyll/basic/gemset.nix | 28 ++++++++-------- .../misc/jekyll/full/Gemfile.lock | 16 +++++----- pkgs/applications/misc/jekyll/full/gemset.nix | 32 +++++++++---------- 4 files changed, 45 insertions(+), 45 deletions(-) diff --git a/pkgs/applications/misc/jekyll/basic/Gemfile.lock b/pkgs/applications/misc/jekyll/basic/Gemfile.lock index 86f1bf23a6b5..ffc7c0e2aebf 100644 --- a/pkgs/applications/misc/jekyll/basic/Gemfile.lock +++ b/pkgs/applications/misc/jekyll/basic/Gemfile.lock @@ -10,7 +10,7 @@ GEM addressable (2.7.0) public_suffix (>= 2.0.2, < 5.0) colorator (1.1.0) - concurrent-ruby (1.1.6) + concurrent-ruby (1.1.7) em-websocket (0.5.1) eventmachine (>= 0.12.9) http_parser.rb (~> 0.6.0) @@ -18,11 +18,11 @@ GEM ffi (1.13.1) forwardable-extended (2.6.0) gemoji (3.0.1) - html-pipeline (2.13.0) + html-pipeline (2.14.0) activesupport (>= 2) nokogiri (>= 1.4) http_parser.rb (0.6.0) - i18n (1.8.3) + i18n (1.8.5) concurrent-ruby (~> 1.0) jekyll (4.1.1) addressable (~> 2.4) @@ -56,7 +56,7 @@ GEM gemoji (~> 3.0) html-pipeline (~> 2.2) jekyll (>= 3.0, < 5.0) - kramdown (2.2.1) + kramdown (2.3.0) rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) @@ -67,7 +67,7 @@ GEM mercenary (0.4.0) mini_portile2 (2.4.0) minitest (5.14.1) - nokogiri (1.10.9) + nokogiri (1.10.10) mini_portile2 (~> 2.4.0) pathutil (0.16.2) forwardable-extended (~> 2.6) @@ -76,7 +76,7 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) rexml (3.2.4) - rouge (3.20.0) + rouge (3.22.0) safe_yaml (1.0.5) sassc (2.4.0) ffi (~> 1.9) @@ -86,7 +86,7 @@ GEM tzinfo (1.2.7) thread_safe (~> 0.1) unicode-display_width (1.7.0) - zeitwerk (2.3.0) + zeitwerk (2.4.0) PLATFORMS ruby diff --git a/pkgs/applications/misc/jekyll/basic/gemset.nix b/pkgs/applications/misc/jekyll/basic/gemset.nix index e4c8a94fce4b..b14b27f3756b 100644 --- a/pkgs/applications/misc/jekyll/basic/gemset.nix +++ b/pkgs/applications/misc/jekyll/basic/gemset.nix @@ -36,10 +36,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "094387x4yasb797mv07cs3g6f08y56virc2rjcpb1k79rzaj3nhl"; + sha256 = "1vnxrbhi7cq3p4y2v9iwd10v1c7l15is4var14hwnb2jip4fyjzz"; type = "gem"; }; - version = "1.1.6"; + version = "1.1.7"; }; em-websocket = { dependencies = ["eventmachine" "http_parser.rb"]; @@ -98,10 +98,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "01snn9z3c2p17d9wfczkdkml6mdffah6fpyzgs9mdskb14m68rq6"; + sha256 = "080sn9z1a64gv04p318jz10y6lv6qd3avip08rrcmq9k4ihai0f1"; type = "gem"; }; - version = "2.13.0"; + version = "2.14.0"; }; "http_parser.rb" = { groups = ["default"]; @@ -119,10 +119,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "10nq1xjqvkhngiygji831qx9bryjwws95r4vrnlq9142bzkg670s"; + sha256 = "153sx77p16vawrs4qpkv7qlzf9v5fks4g7xqcj1dwk40i6g7rfzk"; type = "gem"; }; - version = "1.8.3"; + version = "1.8.5"; }; jekyll = { dependencies = ["addressable" "colorator" "em-websocket" "i18n" "jekyll-sass-converter" "jekyll-watch" "kramdown" "kramdown-parser-gfm" "liquid" "mercenary" "pathutil" "rouge" "safe_yaml" "terminal-table"]; @@ -218,10 +218,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "059mk8lmddp2a2aa6s4pp7x2yyqbqg5crx5jkn32dzlnqi2j5cn6"; + sha256 = "1vmw752c26ny2jwl0npn0gbyqwgz4hdmlpxnsld9qi9xhk5b1qh7"; type = "gem"; }; - version = "2.2.1"; + version = "2.3.0"; }; kramdown-parser-gfm = { dependencies = ["kramdown"]; @@ -291,10 +291,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "12j76d0bp608932xkzmfi638c7aqah57l437q8494znzbj610qnm"; + sha256 = "0xmf60nj5kg9vaj5bysy308687sgmkasgx06vbbnf94p52ih7si2"; type = "gem"; }; - version = "1.10.9"; + version = "1.10.10"; }; pathutil = { dependencies = ["forwardable-extended"]; @@ -353,10 +353,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1r5npy9a95qh5v74lw7ir3nhaq4xrzyhfdixd7c5xy295i92nnic"; + sha256 = "1wcz7i009wdbymlfsamagqi18m6ih8j60bii0k18f21g70r72i0m"; type = "gem"; }; - version = "3.20.0"; + version = "3.22.0"; }; safe_yaml = { groups = ["default"]; @@ -426,9 +426,9 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1akpm3pwvyiack2zk6giv9yn3cqb8pw6g40p4394pdc3xmy3s4k0"; + sha256 = "0jvn50k76kl14fpymk4hdsf9sk00jl84yxzl783xhnw4dicp0m0k"; type = "gem"; }; - version = "2.3.0"; + version = "2.4.0"; }; } \ No newline at end of file diff --git a/pkgs/applications/misc/jekyll/full/Gemfile.lock b/pkgs/applications/misc/jekyll/full/Gemfile.lock index 9acfaaa97cd1..d79550720658 100644 --- a/pkgs/applications/misc/jekyll/full/Gemfile.lock +++ b/pkgs/applications/misc/jekyll/full/Gemfile.lock @@ -17,7 +17,7 @@ GEM execjs coffee-script-source (1.12.2) colorator (1.1.0) - concurrent-ruby (1.1.6) + concurrent-ruby (1.1.7) em-websocket (0.5.1) eventmachine (>= 0.12.9) http_parser.rb (~> 0.6.0) @@ -29,11 +29,11 @@ GEM ffi (1.13.1) forwardable-extended (2.6.0) gemoji (3.0.1) - html-pipeline (2.13.0) + html-pipeline (2.14.0) activesupport (>= 2) nokogiri (>= 1.4) http_parser.rb (0.6.0) - i18n (1.8.3) + i18n (1.8.5) concurrent-ruby (~> 1.0) jekyll (4.1.1) addressable (~> 2.4) @@ -55,7 +55,7 @@ GEM jekyll-coffeescript (2.0.0) coffee-script (~> 2.2) coffee-script-source (~> 1.12) - jekyll-feed (0.14.0) + jekyll-feed (0.15.0) jekyll (>= 3.7, < 5.0) jekyll-gist (1.5.0) octokit (~> 4.2) @@ -77,7 +77,7 @@ GEM gemoji (~> 3.0) html-pipeline (~> 2.2) jekyll (>= 3.0, < 5.0) - kramdown (2.2.1) + kramdown (2.3.0) rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) @@ -97,7 +97,7 @@ GEM mini_portile2 (2.4.0) minitest (5.14.1) multipart-post (2.1.1) - nokogiri (1.10.9) + nokogiri (1.10.10) mini_portile2 (~> 2.4.0) octokit (4.18.0) faraday (>= 0.9) @@ -110,7 +110,7 @@ GEM ffi (~> 1.0) rdoc (6.2.1) rexml (3.2.4) - rouge (3.20.0) + rouge (3.22.0) safe_yaml (1.0.5) sassc (2.4.0) ffi (~> 1.9) @@ -125,7 +125,7 @@ GEM thread_safe (~> 0.1) unicode-display_width (1.7.0) yajl-ruby (1.4.1) - zeitwerk (2.3.0) + zeitwerk (2.4.0) PLATFORMS ruby diff --git a/pkgs/applications/misc/jekyll/full/gemset.nix b/pkgs/applications/misc/jekyll/full/gemset.nix index 073f69f5b33b..aa0bc9bcdcc5 100644 --- a/pkgs/applications/misc/jekyll/full/gemset.nix +++ b/pkgs/applications/misc/jekyll/full/gemset.nix @@ -90,10 +90,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "094387x4yasb797mv07cs3g6f08y56virc2rjcpb1k79rzaj3nhl"; + sha256 = "1vnxrbhi7cq3p4y2v9iwd10v1c7l15is4var14hwnb2jip4fyjzz"; type = "gem"; }; - version = "1.1.6"; + version = "1.1.7"; }; em-websocket = { dependencies = ["eventmachine" "http_parser.rb"]; @@ -195,10 +195,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "01snn9z3c2p17d9wfczkdkml6mdffah6fpyzgs9mdskb14m68rq6"; + sha256 = "080sn9z1a64gv04p318jz10y6lv6qd3avip08rrcmq9k4ihai0f1"; type = "gem"; }; - version = "2.13.0"; + version = "2.14.0"; }; "http_parser.rb" = { groups = ["default"]; @@ -216,10 +216,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "10nq1xjqvkhngiygji831qx9bryjwws95r4vrnlq9142bzkg670s"; + sha256 = "153sx77p16vawrs4qpkv7qlzf9v5fks4g7xqcj1dwk40i6g7rfzk"; type = "gem"; }; - version = "1.8.3"; + version = "1.8.5"; }; jekyll = { dependencies = ["addressable" "colorator" "em-websocket" "i18n" "jekyll-sass-converter" "jekyll-watch" "kramdown" "kramdown-parser-gfm" "liquid" "mercenary" "pathutil" "rouge" "safe_yaml" "terminal-table"]; @@ -260,10 +260,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0fhbz5wc8cf60dwsbqcr49wygyk5qarpc7g77p6dlwq2r21nil5c"; + sha256 = "1mgc1ik2cq2g8g7z9ql2i6ydzy771m2i4qrd1q77x8cf2sprlb0z"; type = "gem"; }; - version = "0.14.0"; + version = "0.15.0"; }; jekyll-gist = { dependencies = ["octokit"]; @@ -369,10 +369,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "059mk8lmddp2a2aa6s4pp7x2yyqbqg5crx5jkn32dzlnqi2j5cn6"; + sha256 = "1vmw752c26ny2jwl0npn0gbyqwgz4hdmlpxnsld9qi9xhk5b1qh7"; type = "gem"; }; - version = "2.2.1"; + version = "2.3.0"; }; kramdown-parser-gfm = { dependencies = ["kramdown"]; @@ -519,10 +519,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "12j76d0bp608932xkzmfi638c7aqah57l437q8494znzbj610qnm"; + sha256 = "0xmf60nj5kg9vaj5bysy308687sgmkasgx06vbbnf94p52ih7si2"; type = "gem"; }; - version = "1.10.9"; + version = "1.10.10"; }; octokit = { dependencies = ["faraday" "sawyer"]; @@ -602,10 +602,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1r5npy9a95qh5v74lw7ir3nhaq4xrzyhfdixd7c5xy295i92nnic"; + sha256 = "1wcz7i009wdbymlfsamagqi18m6ih8j60bii0k18f21g70r72i0m"; type = "gem"; }; - version = "3.20.0"; + version = "3.22.0"; }; safe_yaml = { groups = ["default"]; @@ -718,9 +718,9 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1akpm3pwvyiack2zk6giv9yn3cqb8pw6g40p4394pdc3xmy3s4k0"; + sha256 = "0jvn50k76kl14fpymk4hdsf9sk00jl84yxzl783xhnw4dicp0m0k"; type = "gem"; }; - version = "2.3.0"; + version = "2.4.0"; }; } \ No newline at end of file