Paul Mather requested to merge upgrade_gems into master Aug 03, 2018

Created by: pmather

Upgrade Gems (mostly due to security vulnerabilities)

JIRA Ticket: LIBTD-1482

What does this Pull Request do?

The current application is flagged as having several Gems with security vulnerabilities:

loofah (CVE-2018-8048)
rails-html-sanitizer (CVE-2018-3741)
sinatra (CVE-2018-7212 and CVE-2018-11627)
sprockets (CVE-2018-3760)

This change updates all the above Gems to (currently) non-vulnerable versions.

It also upgrades the Rails Gem to version 5.1.6, which is the latest Rails 5.1.x release.

What's the changes?

Updates Gemfile to require at least version 5.1.6 of the Rails 5.1.x branch
Upgrades Gemfile.lock to reflect having upgraded the aforementioned vulnerable Gems

How should this be tested?

Deploy VTUL/iawa in production mode and verify the application starts up and is working.

Interested parties

@tingtingjh