From 4b2b258d3ab4816d963c1e79786f9c121dd2da7c Mon Sep 17 00:00:00 2001 From: Jesus Federico <jesus@123it.ca> Date: Tue, 3 Oct 2023 13:13:50 -0400 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#5408) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-5851458 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 - https://snyk.io/vuln/SNYK-RUBY-RAILTIES-5851410 Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com> --- Gemfile | 4 ++-- Gemfile.lock | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index 37bd25ff..62cc19a4 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ gem 'aws-sdk-s3', require: false gem 'bcrypt', '~> 3.1.7' gem 'bigbluebutton-api-ruby', '1.9.1' gem 'bootsnap', require: false -gem 'cssbundling-rails', '>= 1.2.0' +gem 'cssbundling-rails', '>= 1.3.0' gem 'data_migrate', '>= 9.1.0' gem 'dotenv-rails' gem 'google-cloud-storage', '~> 1.44', require: false @@ -20,7 +20,7 @@ gem 'hiredis', '~> 0.6.0' gem 'i18n-language-mapping' gem 'image_processing', '~> 1.2' gem 'jbuilder' -gem 'jsbundling-rails', '>= 1.1.2' +gem 'jsbundling-rails', '>= 1.2.0' gem 'jwt' gem 'mini_magick', '>= 4.9.5' gem 'omniauth', '~> 2.1.0' diff --git a/Gemfile.lock b/Gemfile.lock index ad9ba164..6d78b7f5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -128,7 +128,7 @@ GEM crack (0.4.5) rexml crass (1.0.6) - cssbundling-rails (1.2.0) + cssbundling-rails (1.3.0) railties (>= 6.0.0) data_migrate (9.1.1) activerecord (>= 6.0) @@ -215,7 +215,7 @@ GEM actionview (>= 5.0.0) activesupport (>= 5.0.0) jmespath (1.6.2) - jsbundling-rails (1.1.2) + jsbundling-rails (1.2.0) railties (>= 6.0.0) json (2.6.3) json-jwt (1.16.3) @@ -247,7 +247,7 @@ GEM mini_magick (4.12.0) mini_mime (1.1.5) mini_portile2 (2.8.4) - minitest (5.19.0) + minitest (5.20.0) msgpack (1.6.0) multi_json (1.15.0) net-imap (0.3.7) @@ -477,7 +477,7 @@ DEPENDENCIES bigbluebutton-api-ruby (= 1.9.1) bootsnap capybara - cssbundling-rails (>= 1.2.0) + cssbundling-rails (>= 1.3.0) data_migrate (>= 9.1.0) debug dotenv-rails @@ -489,7 +489,7 @@ DEPENDENCIES i18n-language-mapping image_processing (~> 1.2) jbuilder - jsbundling-rails (>= 1.1.2) + jsbundling-rails (>= 1.2.0) jwt lograge (~> 0.13.0) mini_magick (>= 4.9.5) -- GitLab