From f7ee6ce6c57ab9cb8dfdc3b7badd77b948b29730 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Thu, 18 Jun 2020 14:31:50 +0000
Subject: [PATCH] [Security] Bump devise from 2.2.8 to 3.5.10

Bumps [devise](https://github.com/plataformatec/devise) from 2.2.8 to 3.5.10. **This update includes a security fix.**
- [Release notes](https://github.com/plataformatec/devise/releases)
- [Changelog](https://github.com/plataformatec/devise/blob/v3.5.10/CHANGELOG.md)
- [Commits](https://github.com/plataformatec/devise/compare/v2.2.8...v3.5.10)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 12 +++++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index 0c442ca2c6..13beb57c1e 100644
--- a/Gemfile
+++ b/Gemfile
@@ -49,7 +49,7 @@ gem 'stripe'
 # which is needed for Pin Payments (and possibly others).
 gem 'activemerchant', '~> 1.78.0'
 
-gem 'devise', '~> 3.0.1'
+gem 'devise', '~> 3.5.10'
 gem 'devise-encryptable'
 gem 'jwt', '~> 2.2'
 gem 'oauth2', '~> 1.4.4' # Used for Stripe Connect
diff --git a/Gemfile.lock b/Gemfile.lock
index fa904aedfc..68f8b9dfe1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -148,8 +148,6 @@ GEM
       nokogiri (>= 1.4.4)
       uuidtools (~> 2.1)
     bcrypt (3.1.13)
-    bcrypt-ruby (3.1.5)
-      bcrypt (>= 3.1.3)
     bugsnag (6.14.0)
       concurrent-ruby (~> 1.0)
     builder (3.1.4)
@@ -219,10 +217,12 @@ GEM
       delayed_job (> 2.0.3)
       rack-protection (>= 1.5.5)
       sinatra (>= 1.4.4)
-    devise (3.0.4)
-      bcrypt-ruby (~> 3.0)
+    devise (3.5.10)
+      bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
       warden (~> 1.2.3)
     devise-encryptable (0.2.0)
       devise (>= 2.1.0)
@@ -555,6 +555,8 @@ GEM
     redcarpet (3.5.0)
     request_store (1.4.1)
       rack (>= 1.4)
+    responders (1.1.2)
+      railties (>= 3.2, < 4.2)
     rexml (3.2.4)
     roadie (3.4.0)
       css_parser (~> 1.4)
@@ -735,7 +737,7 @@ DEPENDENCIES
   debugger-linecache
   delayed_job_active_record
   delayed_job_web
-  devise (~> 3.0.1)
+  devise (~> 3.5.10)
   devise-encryptable
   dfc_provider!
   diffy