From d0a3658ddb3a6b7043824f8dc49705c9ced442e3 Mon Sep 17 00:00:00 2001
From: Jesus Federico <jesus@123it.ca>
Date: Thu, 5 Jan 2023 19:58:47 +0100
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#4023)
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
---
Gemfile | 2 +-
Gemfile.lock | 73 +++++++++++++++++++++++++++++++++-------------------
2 files changed, 47 insertions(+), 28 deletions(-)
diff --git a/Gemfile b/Gemfile
index 10e3aabc..1991b3df 100644
--- a/Gemfile
+++ b/Gemfile
@@ -10,7 +10,7 @@ end
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'aws-sdk-s3', '~> 1.88.1'
gem 'bcrypt', '~> 3.1.7'
-gem 'bigbluebutton-api-ruby', '~> 1.9'
+gem 'bigbluebutton-api-ruby', '~> 1.9', '>= 1.9.0'
gem 'bn-ldap-authentication', '~> 0.1.4'
gem 'bootsnap', '~> 1.7.2', require: false
gem 'bootstrap', '~> 4.3.1'
diff --git a/Gemfile.lock b/Gemfile.lock
index 61f03a74..0d47c13f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -52,8 +52,8 @@ GEM
i18n (>= 0.7, < 2)
minitest (~> 5.1)
tzinfo (~> 1.1)
- addressable (2.8.0)
- public_suffix (>= 2.0.2, < 5.0)
+ addressable (2.8.1)
+ public_suffix (>= 2.0.2, < 6.0)
aes_key_wrap (1.1.0)
arel (9.0.0)
ast (2.4.2)
@@ -85,7 +85,7 @@ GEM
rack (>= 1.6.11)
rubyzip (>= 1.3.0)
xml-simple (~> 1.1)
- bindata (2.4.10)
+ bindata (2.4.13)
bindex (0.8.1)
bn-ldap-authentication (0.1.4)
net-ldap (~> 0)
@@ -114,11 +114,11 @@ GEM
digest-crc (0.6.4)
rake (>= 12.0.0, < 14.0.0)
docile (1.4.0)
- dotenv (2.7.6)
- dotenv-rails (2.7.6)
- dotenv (= 2.7.6)
+ dotenv (2.8.1)
+ dotenv-rails (2.8.1)
+ dotenv (= 2.8.1)
railties (>= 3.2)
- erubi (1.10.0)
+ erubi (1.11.0)
execjs (2.8.1)
factory_bot (6.2.1)
activesupport (>= 5.0.0)
@@ -127,7 +127,7 @@ GEM
railties (>= 5.0.0)
faker (2.21.0)
i18n (>= 1.8.11, < 2)
- faraday (1.10.0)
+ faraday (1.10.2)
faraday-em_http (~> 1.0)
faraday-em_synchrony (~> 1.0)
faraday-excon (~> 1.1)
@@ -143,8 +143,8 @@ GEM
faraday-em_synchrony (1.0.0)
faraday-excon (1.1.0)
faraday-httpclient (1.0.1)
- faraday-multipart (1.0.3)
- multipart-post (>= 1.2, < 3)
+ faraday-multipart (1.0.4)
+ multipart-post (~> 2)
faraday-net_http (1.0.1)
faraday-net_http_persistent (1.2.0)
faraday-patron (1.0.0)
@@ -206,11 +206,12 @@ GEM
railties (>= 4.2.0)
thor (>= 0.14, < 2.0)
json (2.6.2)
- json-jwt (1.14.0)
+ json-jwt (1.15.3)
activesupport (>= 4.2)
aes_key_wrap
bindata
- jwt (2.3.0)
+ httpclient
+ jwt (2.5.0)
listen (3.7.1)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
@@ -230,23 +231,32 @@ GEM
method_source (1.0.0)
mini_mime (1.1.2)
mini_portile2 (2.8.0)
- minitest (5.16.2)
+ minitest (5.16.3)
msgpack (1.5.1)
multi_json (1.15.0)
multi_xml (0.6.0)
- multipart-post (2.1.1)
+ multipart-post (2.2.3)
net-ldap (0.17.0)
+ net-protocol (0.1.3)
+ timeout
+ net-smtp (0.3.2)
+ net-protocol
nio4r (2.5.8)
nokogiri (1.13.10)
mini_portile2 (~> 2.8.0)
racc (~> 1.4)
- oauth (0.5.10)
- oauth2 (1.4.9)
+ oauth (1.1.0)
+ oauth-tty (~> 1.0, >= 1.0.1)
+ snaky_hash (~> 2.0)
+ version_gem (~> 1.1)
+ oauth-tty (1.0.5)
+ version_gem (~> 1.1, >= 1.1.1)
+ oauth2 (1.4.11)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
- rack (>= 1.2, < 3)
+ rack (>= 1.2, < 4)
omniauth (2.1.0)
hashie (>= 3.4.6)
rack (>= 2.2.3)
@@ -278,16 +288,17 @@ GEM
addressable (~> 2.5)
omniauth (>= 1.9, < 3)
openid_connect (~> 1.1)
- openid_connect (1.3.0)
+ openid_connect (1.4.2)
activemodel
attr_required (>= 1.0.0)
- json-jwt (>= 1.5.0)
- rack-oauth2 (>= 1.6.1)
- swd (>= 1.0.0)
+ json-jwt (>= 1.15.0)
+ net-smtp
+ rack-oauth2 (~> 1.21)
+ swd (~> 1.3)
tzinfo
validate_email
validate_url
- webfinger (>= 1.0.1)
+ webfinger (~> 1.2)
os (1.1.4)
pagy (3.11.0)
parallel (1.22.1)
@@ -297,19 +308,19 @@ GEM
pluck_to_hash (1.0.2)
activerecord (>= 4.0.2)
activesupport (>= 4.0.2)
- popper_js (1.16.0)
- public_suffix (4.0.7)
+ popper_js (1.16.1)
+ public_suffix (5.0.0)
puma (4.3.12)
nio4r (~> 2.0)
racc (1.6.1)
rack (2.2.4)
- rack-oauth2 (1.21.2)
+ rack-oauth2 (1.21.3)
activesupport
attr_required
httpclient
json-jwt (>= 1.11.0)
rack (>= 2.1.0)
- rack-protection (2.2.1)
+ rack-protection (3.0.2)
rack
rack-test (2.0.2)
rack (>= 1.3)
@@ -415,6 +426,9 @@ GEM
json (>= 1.8, < 3)
simplecov-html (~> 0.10.0)
simplecov-html (0.10.2)
+ snaky_hash (2.0.1)
+ hashie
+ version_gem (~> 1.1, >= 1.1.1)
spring (2.1.1)
spring-watcher-listen (2.0.1)
listen (>= 2.7, < 4.0)
@@ -438,6 +452,7 @@ GEM
thor (1.2.1)
thread_safe (0.3.6)
tilt (2.0.11)
+ timeout (0.3.0)
tins (1.31.1)
sync
trailblazer-option (0.1.2)
@@ -458,6 +473,7 @@ GEM
validate_url (1.0.15)
activemodel (>= 3.0.0)
public_suffix
+ version_gem (1.1.1)
web-console (3.7.0)
actionview (>= 5.0)
activemodel (>= 5.0)
@@ -484,7 +500,7 @@ DEPENDENCIES
action-cable-testing (~> 0.6, >= 0.6.1)
aws-sdk-s3 (~> 1.88.1)
bcrypt (~> 3.1.7)
- bigbluebutton-api-ruby (~> 1.9)
+ bigbluebutton-api-ruby (~> 1.9, >= 1.9.0)
bn-ldap-authentication (~> 0.1.4)
bootsnap (~> 1.7.2)
bootstrap (~> 4.3.1)
@@ -539,3 +555,6 @@ DEPENDENCIES
uglifier (~> 4.2.0)
web-console (~> 3.7, >= 3.7.0)
webmock (~> 3.11)
+
+BUNDLED WITH
+ 2.1.4
--
GitLab