From a098af3fc6b84d8b2917710e2e26d436ffd25a83 Mon Sep 17 00:00:00 2001
From: pwelch <pwelch@chef.io>
Date: Sun, 1 Jul 2018 10:51:42 -0400
Subject: [PATCH] Upgrade Sprockets [CVE-2018-3760]

Upgrade the Sprockets gem to patch for
[CVE-2018-3760](https://nvd.nist.gov/vuln/detail/CVE-2018-3760)

The actual sprockets CVE doesn't affect Supermarket because it does
not do asset compilation during the request/response cycle. However,
this will upgrade the gem to clear a bundle-audit failure.

Fixes #1742

Signed-off-by: pwelch <pwelch@chef.io>
---
 src/supermarket/Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/supermarket/Gemfile.lock b/src/supermarket/Gemfile.lock
index 18f420845f..acaa85c28f 100644
--- a/src/supermarket/Gemfile.lock
+++ b/src/supermarket/Gemfile.lock
@@ -412,7 +412,7 @@ GEM
     public_suffix (2.0.5)
     pundit (1.1.0)
       activesupport (>= 3.0.0)
-    rack (2.0.4)
+    rack (2.0.5)
     rack-protection (2.0.1)
       rack
     rack-test (0.6.3)
@@ -555,7 +555,7 @@ GEM
       activesupport (>= 4.2)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
-    sprockets (3.7.1)
+    sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.2.0)