[Snyk] Fix for 1 vulnerabilities (#5294)

* fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-5741907 * Update Gemfile.lock * Update Gemfile.lock --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>

[Snyk] Fix for 1 vulnerabilities (#5294)
c52809d9 · Anton Georgiev · GitHub · fc8df881 · c52809d9 · c52809d9
Unverified Commit c52809d9 authored Jul 14, 2023 by Anton Georgiev Committed by GitHub Jul 14, 2023
--- a/Gemfile
+++ b/Gemfile
@@ -6,13 +6,13 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby '>= 3.0'

 gem 'active_model_serializers'
-gem 'active_storage_validations'
+gem 'active_storage_validations', '>= 1.0.4'
 gem 'aws-sdk-s3', require: false
 gem 'bcrypt', '~> 3.1.7'
 gem 'bigbluebutton-api-ruby', '1.9.1'
 gem 'bootsnap', require: false
-gem 'cssbundling-rails'
-gem 'data_migrate'
+gem 'cssbundling-rails', '>= 1.2.0'
+gem 'data_migrate', '>= 9.0.0'
 gem 'dotenv-rails'
 gem 'google-cloud-storage', '~> 1.44', require: false
 gem 'hcaptcha'
@@ -20,7 +20,7 @@ gem 'hiredis', '~> 0.6.0'
 gem 'i18n-language-mapping'
 gem 'image_processing', '~> 1.2'
 gem 'jbuilder'
-gem 'jsbundling-rails'
+gem 'jsbundling-rails', '>= 1.1.2'
 gem 'jwt'
 gem 'mini_magick', '>= 4.9.5'
 gem 'omniauth', '~> 2.1.0'
@@ -29,7 +29,7 @@ gem 'omniauth-rails_csrf_protection', '~> 1.0.1'
 gem 'pagy', '~> 5.10', '>= 5.10.1'
 gem 'pg'
 gem 'puma', '~> 5.0'
-gem 'rails', '~> 7.0.4', '>= 7.0.4.3'
+gem 'rails', '~> 7.0.5', '>= 7.0.5.1'
 gem 'redis', '~> 4.0'
 gem 'sprockets-rails'
 gem 'tzinfo-data', platforms: %i[mingw mswin x64_mingw jruby]
@@ -50,7 +50,7 @@ group :test do
  gem 'capybara'
  gem 'factory_bot_rails'
  gem 'faker'
-  gem 'rspec-rails'
+  gem 'rspec-rails', '>= 6.0.2'
  gem 'selenium-webdriver'
  gem 'shoulda-matchers', '~> 5.0'
  gem 'webdrivers'

--- a/Gemfile.lock
+++ b/Gemfile.lock
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actioncable (7.0.5.1)
+      actionpack (= 7.0.5.1)
+      activesupport (= 7.0.5.1)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activestorage (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actionmailbox (7.0.5.1)
+      actionpack (= 7.0.5.1)
+      activejob (= 7.0.5.1)
+      activerecord (= 7.0.5.1)
+      activestorage (= 7.0.5.1)
+      activesupport (= 7.0.5.1)
      mail (>= 2.7.1)
      net-imap
      net-pop
      net-smtp
-    actionmailer (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      actionview (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actionmailer (7.0.5.1)
+      actionpack (= 7.0.5.1)
+      actionview (= 7.0.5.1)
+      activejob (= 7.0.5.1)
+      activesupport (= 7.0.5.1)
      mail (~> 2.5, >= 2.5.4)
      net-imap
      net-pop
      net-smtp
      rails-dom-testing (~> 2.0)
-    actionpack (7.0.4.3)
-      actionview (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (7.0.5.1)
+      actionview (= 7.0.5.1)
+      activesupport (= 7.0.5.1)
+      rack (~> 2.0, >= 2.2.4)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activestorage (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actiontext (7.0.5.1)
+      actionpack (= 7.0.5.1)
+      activerecord (= 7.0.5.1)
+      activestorage (= 7.0.5.1)
+      activesupport (= 7.0.5.1)
      globalid (>= 0.6.0)
      nokogiri (>= 1.8.5)
-    actionview (7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actionview (7.0.5.1)
+      activesupport (= 7.0.5.1)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
@@ -51,27 +51,27 @@ GEM
      activemodel (>= 4.1, < 7.1)
      case_transform (>= 0.2)
      jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
-    active_storage_validations (1.0.3)
+    active_storage_validations (1.0.4)
      activejob (>= 5.2.0)
      activemodel (>= 5.2.0)
      activestorage (>= 5.2.0)
      activesupport (>= 5.2.0)
-    activejob (7.0.4.3)
-      activesupport (= 7.0.4.3)
+    activejob (7.0.5.1)
+      activesupport (= 7.0.5.1)
      globalid (>= 0.3.6)
-    activemodel (7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activerecord (7.0.4.3)
-      activemodel (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activestorage (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    activemodel (7.0.5.1)
+      activesupport (= 7.0.5.1)
+    activerecord (7.0.5.1)
+      activemodel (= 7.0.5.1)
+      activesupport (= 7.0.5.1)
+    activestorage (7.0.5.1)
+      actionpack (= 7.0.5.1)
+      activejob (= 7.0.5.1)
+      activerecord (= 7.0.5.1)
+      activesupport (= 7.0.5.1)
      marcel (~> 1.0)
      mini_mime (>= 1.1.0)
-    activesupport (7.0.4.3)
+    activesupport (7.0.5.1)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
@@ -127,11 +127,11 @@ GEM
    crack (0.4.5)
      rexml
    crass (1.0.6)
-    cssbundling-rails (1.1.2)
+    cssbundling-rails (1.2.0)
      railties (>= 6.0.0)
-    data_migrate (8.5.0)
-      activerecord (>= 5.0)
-      railties (>= 5.0)
+    data_migrate (9.0.0)
+      activerecord (>= 6.0)
+      railties (>= 6.0)
    date (3.3.3)
    debug (1.7.1)
      irb (>= 1.5.0)
@@ -214,7 +214,7 @@ GEM
      actionview (>= 5.0.0)
      activesupport (>= 5.0.0)
    jmespath (1.6.2)
-    jsbundling-rails (1.1.1)
+    jsbundling-rails (1.1.2)
      railties (>= 6.0.0)
    json (2.6.3)
    json-jwt (1.16.3)
@@ -245,10 +245,10 @@ GEM
    mini_magick (4.12.0)
    mini_mime (1.1.2)
    mini_portile2 (2.8.2)
-    minitest (5.18.0)
+    minitest (5.18.1)
    msgpack (1.6.0)
    multi_json (1.15.0)
-    net-imap (0.3.4)
+    net-imap (0.3.6)
      date
      net-protocol
    net-pop (0.1.2)
@@ -257,7 +257,7 @@ GEM
      timeout
    net-smtp (0.3.3)
      net-protocol
-    nio4r (2.5.8)
+    nio4r (2.5.9)
    nokogiri (1.15.2)
      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
@@ -294,7 +294,7 @@ GEM
    public_suffix (5.0.1)
    puma (5.6.5)
      nio4r (~> 2.0)
-    racc (1.6.2)
+    racc (1.7.1)
    rack (2.2.7)
    rack-oauth2 (1.21.3)
      activesupport
@@ -306,29 +306,29 @@ GEM
      rack
    rack-test (2.1.0)
      rack (>= 1.3)
-    rails (7.0.4.3)
-      actioncable (= 7.0.4.3)
-      actionmailbox (= 7.0.4.3)
-      actionmailer (= 7.0.4.3)
-      actionpack (= 7.0.4.3)
-      actiontext (= 7.0.4.3)
-      actionview (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activemodel (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activestorage (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    rails (7.0.5.1)
+      actioncable (= 7.0.5.1)
+      actionmailbox (= 7.0.5.1)
+      actionmailer (= 7.0.5.1)
+      actionpack (= 7.0.5.1)
+      actiontext (= 7.0.5.1)
+      actionview (= 7.0.5.1)
+      activejob (= 7.0.5.1)
+      activemodel (= 7.0.5.1)
+      activerecord (= 7.0.5.1)
+      activestorage (= 7.0.5.1)
+      activesupport (= 7.0.5.1)
      bundler (>= 1.15.0)
-      railties (= 7.0.4.3)
+      railties (= 7.0.5.1)
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
    rails-html-sanitizer (1.6.0)
      loofah (~> 2.21)
      nokogiri (~> 1.14)
-    railties (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    railties (7.0.5.1)
+      actionpack (= 7.0.5.1)
+      activesupport (= 7.0.5.1)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
@@ -349,23 +349,23 @@ GEM
      rack (>= 1.4)
    retriable (3.1.2)
    rexml (3.2.5)
-    rspec-core (3.12.1)
+    rspec-core (3.12.2)
      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.2)
+    rspec-expectations (3.12.3)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.3)
+    rspec-mocks (3.12.5)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.12.0)
-    rspec-rails (6.0.1)
+    rspec-rails (6.0.3)
      actionpack (>= 6.1)
      activesupport (>= 6.1)
      railties (>= 6.1)
-      rspec-core (~> 3.11)
-      rspec-expectations (~> 3.11)
-      rspec-mocks (~> 3.11)
-      rspec-support (~> 3.11)
-    rspec-support (3.12.0)
+      rspec-core (~> 3.12)
+      rspec-expectations (~> 3.12)
+      rspec-mocks (~> 3.12)
+      rspec-support (~> 3.12)
+    rspec-support (3.12.1)
    rubocop (1.45.1)
      json (~> 2.3)
      parallel (~> 1.10)
@@ -416,7 +416,7 @@ GEM
      httpclient (>= 2.4)
    syslog_protocol (0.9.2)
    thor (1.2.2)
-    timeout (0.3.2)
+    timeout (0.4.0)
    trailblazer-option (0.1.2)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
@@ -461,14 +461,14 @@ PLATFORMS

 DEPENDENCIES
  active_model_serializers
-  active_storage_validations
+  active_storage_validations (>= 1.0.4)
  aws-sdk-s3
  bcrypt (~> 3.1.7)
  bigbluebutton-api-ruby (= 1.9.1)
  bootsnap
  capybara
-  cssbundling-rails
-  data_migrate
+  cssbundling-rails (>= 1.2.0)
+  data_migrate (>= 9.0.0)
  debug
  dotenv-rails
  factory_bot_rails
@@ -479,7 +479,7 @@ DEPENDENCIES
  i18n-language-mapping
  image_processing (~> 1.2)
  jbuilder
-  jsbundling-rails
+  jsbundling-rails (>= 1.1.2)
  jwt
  lograge (~> 0.12.0)
  mini_magick (>= 4.9.5)
@@ -489,10 +489,10 @@ DEPENDENCIES
  pagy (~> 5.10, >= 5.10.1)
  pg
  puma (~> 5.0)
-  rails (~> 7.0.4, >= 7.0.4.3)
+  rails (~> 7.0.5, >= 7.0.5.1)
  redis (~> 4.0)
  remote_syslog_logger
-  rspec-rails
+  rspec-rails (>= 6.0.2)
  rubocop (~> 1.26)
  rubocop-performance (~> 1.13)
  rubocop-rails (~> 2.17, >= 2.17.4)