From 8696c62de8834e4b83766044c34412b643264fa0 Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@znuny.com>
Date: Fri, 20 Dec 2019 16:47:00 +0100
Subject: [PATCH] Updated rake to 2.0.8 (CVE-2019-16782) and rails to 5.2.4.1.

---
 Gemfile                                      |   4 +-
 Gemfile.lock                                 | 104 +++++++++----------
 spec/requests/integration/monitoring_spec.rb |   4 +
 3 files changed, 58 insertions(+), 54 deletions(-)

diff --git a/Gemfile b/Gemfile
index 893c20a6e..643b46577 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,7 +2,7 @@ source 'https://rubygems.org'
 
 # core - base
 ruby '2.5.5'
-gem 'rails', '5.2.3'
+gem 'rails', '5.2.4.1'
 
 # core - rails additions
 gem 'activerecord-import'
@@ -49,7 +49,7 @@ gem 'eco'
 gem 'sassc-rails'
 
 # asset handling - pipeline
-gem 'sprockets'
+gem 'sprockets', '~> 3.7.2'
 gem 'uglifier'
 
 gem 'autoprefixer-rails'
diff --git a/Gemfile.lock b/Gemfile.lock
index 1532852ba..f91ee600c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -49,37 +49,37 @@ GEM
   specs:
     aasm (5.0.0)
       concurrent-ruby (~> 1.0)
-    actioncable (5.2.3)
-      actionpack (= 5.2.3)
+    actioncable (5.2.4.1)
+      actionpack (= 5.2.4.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
+    actionmailer (5.2.4.1)
+      actionpack (= 5.2.4.1)
+      actionview (= 5.2.4.1)
+      activejob (= 5.2.4.1)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.3)
-      actionview (= 5.2.3)
-      activesupport (= 5.2.3)
-      rack (~> 2.0)
+    actionpack (5.2.4.1)
+      actionview (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
+      rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.3)
-      activesupport (= 5.2.3)
+    actionview (5.2.4.1)
+      activesupport (= 5.2.4.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.3)
-      activesupport (= 5.2.3)
+    activejob (5.2.4.1)
+      activesupport (= 5.2.4.1)
       globalid (>= 0.3.6)
-    activemodel (5.2.3)
-      activesupport (= 5.2.3)
-    activerecord (5.2.3)
-      activemodel (= 5.2.3)
-      activesupport (= 5.2.3)
+    activemodel (5.2.4.1)
+      activesupport (= 5.2.4.1)
+    activerecord (5.2.4.1)
+      activemodel (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
       arel (>= 9.0)
     activerecord-import (1.0.2)
       activerecord (>= 3.2)
@@ -91,11 +91,11 @@ GEM
       multi_json (~> 1.11, >= 1.11.2)
       rack (>= 1.5.2, < 3)
       railties (>= 4.0)
-    activestorage (5.2.3)
-      actionpack (= 5.2.3)
-      activerecord (= 5.2.3)
+    activestorage (5.2.4.1)
+      actionpack (= 5.2.4.1)
+      activerecord (= 5.2.4.1)
       marcel (~> 0.3.1)
-    activesupport (5.2.3)
+    activesupport (5.2.4.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -120,7 +120,7 @@ GEM
       msgpack (~> 1.0)
     browser (2.5.3)
     buftok (0.2.0)
-    builder (3.2.3)
+    builder (3.2.4)
     byebug (11.0.1)
     capybara (3.21.0)
       addressable
@@ -185,7 +185,7 @@ GEM
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0.6.0)
     equalizer (0.0.11)
-    erubi (1.8.0)
+    erubi (1.9.0)
     eventmachine (1.2.7)
     execjs (2.7.0)
     factory_bot (5.0.2)
@@ -245,7 +245,7 @@ GEM
     http-form_data (2.1.1)
     http_parser.rb (0.6.0)
     httpclient (2.8.3)
-    i18n (1.6.0)
+    i18n (1.7.0)
       concurrent-ruby (~> 1.0)
     icalendar (2.5.3)
       ice_cube (~> 0.16)
@@ -272,7 +272,7 @@ GEM
     logging (2.2.2)
       little-plugger (~> 1.1)
       multi_json (~> 1.10)
-    loofah (2.3.1)
+    loofah (2.4.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     lumberjack (1.0.13)
@@ -285,11 +285,11 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2019.0331)
     mimemagic (0.3.3)
-    mini_mime (1.0.1)
+    mini_mime (1.0.2)
     mini_portile2 (2.4.0)
     mini_racer (0.2.4)
       libv8 (>= 6.3)
-    minitest (5.11.3)
+    minitest (5.13.0)
     msgpack (1.2.4)
     multi_json (1.13.1)
     multi_xml (0.6.0)
@@ -300,8 +300,8 @@ GEM
     nestful (1.1.3)
     net-ldap (0.16.1)
     netrc (0.11.0)
-    nio4r (2.3.1)
-    nokogiri (1.10.5)
+    nio4r (2.5.2)
+    nokogiri (1.10.7)
       mini_portile2 (~> 2.4.0)
     nori (2.6.0)
     notiffany (0.1.1)
@@ -378,23 +378,23 @@ GEM
       pry (>= 0.9.11)
     public_suffix (3.0.3)
     puma (3.12.2)
-    rack (2.0.7)
+    rack (2.0.8)
     rack-livereload (0.3.17)
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.3)
-      actioncable (= 5.2.3)
-      actionmailer (= 5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
-      activemodel (= 5.2.3)
-      activerecord (= 5.2.3)
-      activestorage (= 5.2.3)
-      activesupport (= 5.2.3)
+    rails (5.2.4.1)
+      actioncable (= 5.2.4.1)
+      actionmailer (= 5.2.4.1)
+      actionpack (= 5.2.4.1)
+      actionview (= 5.2.4.1)
+      activejob (= 5.2.4.1)
+      activemodel (= 5.2.4.1)
+      activerecord (= 5.2.4.1)
+      activestorage (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
       bundler (>= 1.3.0)
-      railties (= 5.2.3)
+      railties (= 5.2.4.1)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -403,19 +403,19 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
     rails-observers (0.1.5)
       activemodel (>= 4.0)
-    railties (5.2.3)
-      actionpack (= 5.2.3)
-      activesupport (= 5.2.3)
+    railties (5.2.4.1)
+      actionpack (= 5.2.4.1)
+      activesupport (= 5.2.4.1)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
     rainbow (3.0.0)
     raindrops (0.19.0)
-    rake (12.3.2)
+    rake (12.3.3)
     rb-fsevent (0.10.3)
     rb-inotify (0.10.0)
       ffi (~> 1.0)
@@ -511,7 +511,7 @@ GEM
       tins (~> 1.0)
     test-unit (3.3.3)
       power_assert
-    thor (0.20.3)
+    thor (1.0.1)
     thread_safe (0.3.6)
     tilt (2.0.9)
     tins (1.20.2)
@@ -626,7 +626,7 @@ DEPENDENCIES
   pry-stack_explorer
   puma (~> 3.12)
   rack-livereload
-  rails (= 5.2.3)
+  rails (= 5.2.4.1)
   rails-controller-testing
   rails-observers
   rb-fsevent
@@ -647,7 +647,7 @@ DEPENDENCIES
   spring
   spring-commands-rspec
   spring-commands-testunit
-  sprockets
+  sprockets (~> 3.7.2)
   tcr!
   telegramAPI
   telephone_number
diff --git a/spec/requests/integration/monitoring_spec.rb b/spec/requests/integration/monitoring_spec.rb
index 8612e5464..d451a29ad 100644
--- a/spec/requests/integration/monitoring_spec.rb
+++ b/spec/requests/integration/monitoring_spec.rb
@@ -522,6 +522,10 @@ RSpec.describe 'Monitoring', type: :request do
       prev_es_config = Setting.get('es_url')
       Setting.set('es_url', 'http://127.0.0.1:92001')
 
+      # delete all background jobs created while seeding
+      # to have a clean state for checking for failed ones
+      Delayed::Job.destroy_all
+
       # add a new object
       object = create(:object_manager_attribute_text)