From e7ba4e0cc798c4dd82c08e290f6178c0a15d21f7 Mon Sep 17 00:00:00 2001
From: Anton Georgiev <antobinary@users.noreply.github.com>
Date: Tue, 3 Oct 2023 11:14:18 -0400
Subject: [PATCH] [Snyk] Fix for 2 vulnerabilities (#5391)
* fix: Gemfile & Gemfile.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-5851458
- https://snyk.io/vuln/SNYK-RUBY-RAILTIES-5851410
* Update Gemfile.lock
---------
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
---
Gemfile | 10 +--
Gemfile.lock | 203 +++++++++++++++++++++++++++------------------------
2 files changed, 111 insertions(+), 102 deletions(-)
diff --git a/Gemfile b/Gemfile
index 78ab38c0..0c0a5c57 100644
--- a/Gemfile
+++ b/Gemfile
@@ -12,7 +12,7 @@ gem 'bcrypt', '~> 3.1.7'
gem 'bigbluebutton-api-ruby', '1.9.1'
gem 'bootsnap', require: false
gem 'cssbundling-rails', '>= 1.2.0'
-gem 'data_migrate', '>= 9.0.0'
+gem 'data_migrate', '>= 9.1.0'
gem 'dotenv-rails'
gem 'google-cloud-storage', '~> 1.44', require: false
gem 'hcaptcha'
@@ -24,12 +24,12 @@ gem 'jsbundling-rails', '>= 1.1.2'
gem 'jwt'
gem 'mini_magick', '>= 4.9.5'
gem 'omniauth', '~> 2.1.0'
-gem 'omniauth_openid_connect'
+gem 'omniauth_openid_connect', '>= 0.6.1'
gem 'omniauth-rails_csrf_protection', '~> 1.0.1'
-gem 'pagy', '~> 5.10', '>= 5.10.1'
+gem 'pagy', '~> 6.0', '>= 6.0.0'
gem 'pg'
gem 'puma', '~> 5.6'
-gem 'rails', '~> 7.0.5', '>= 7.0.5.1'
+gem 'rails', '~> 7.0.7', '>= 7.0.7.1'
gem 'redis', '~> 4.0'
gem 'sprockets-rails'
gem 'tzinfo-data', platforms: %i[mingw mswin x64_mingw jruby]
@@ -41,7 +41,7 @@ end
group :development do
gem 'rubocop', '~> 1.26', require: false
gem 'rubocop-performance', '~> 1.13', require: false
- gem 'rubocop-rails', '~> 2.17', '>= 2.17.4', require: false
+ gem 'rubocop-rails', '~> 2.18', '>= 2.18.0', require: false
gem 'rubocop-rspec', '~> 2.9.0', require: false
gem 'web-console'
end
diff --git a/Gemfile.lock b/Gemfile.lock
index e9505cdc..021df22e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,47 +1,47 @@
GEM
remote: https://rubygems.org/
specs:
- actioncable (7.0.5.1)
- actionpack (= 7.0.5.1)
- activesupport (= 7.0.5.1)
+ actioncable (7.0.7.2)
+ actionpack (= 7.0.7.2)
+ activesupport (= 7.0.7.2)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
- actionmailbox (7.0.5.1)
- actionpack (= 7.0.5.1)
- activejob (= 7.0.5.1)
- activerecord (= 7.0.5.1)
- activestorage (= 7.0.5.1)
- activesupport (= 7.0.5.1)
+ actionmailbox (7.0.7.2)
+ actionpack (= 7.0.7.2)
+ activejob (= 7.0.7.2)
+ activerecord (= 7.0.7.2)
+ activestorage (= 7.0.7.2)
+ activesupport (= 7.0.7.2)
mail (>= 2.7.1)
net-imap
net-pop
net-smtp
- actionmailer (7.0.5.1)
- actionpack (= 7.0.5.1)
- actionview (= 7.0.5.1)
- activejob (= 7.0.5.1)
- activesupport (= 7.0.5.1)
+ actionmailer (7.0.7.2)
+ actionpack (= 7.0.7.2)
+ actionview (= 7.0.7.2)
+ activejob (= 7.0.7.2)
+ activesupport (= 7.0.7.2)
mail (~> 2.5, >= 2.5.4)
net-imap
net-pop
net-smtp
rails-dom-testing (~> 2.0)
- actionpack (7.0.5.1)
- actionview (= 7.0.5.1)
- activesupport (= 7.0.5.1)
+ actionpack (7.0.7.2)
+ actionview (= 7.0.7.2)
+ activesupport (= 7.0.7.2)
rack (~> 2.0, >= 2.2.4)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
- actiontext (7.0.5.1)
- actionpack (= 7.0.5.1)
- activerecord (= 7.0.5.1)
- activestorage (= 7.0.5.1)
- activesupport (= 7.0.5.1)
+ actiontext (7.0.7.2)
+ actionpack (= 7.0.7.2)
+ activerecord (= 7.0.7.2)
+ activestorage (= 7.0.7.2)
+ activesupport (= 7.0.7.2)
globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
- actionview (7.0.5.1)
- activesupport (= 7.0.5.1)
+ actionview (7.0.7.2)
+ activesupport (= 7.0.7.2)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
@@ -56,22 +56,22 @@ GEM
activemodel (>= 5.2.0)
activestorage (>= 5.2.0)
activesupport (>= 5.2.0)
- activejob (7.0.5.1)
- activesupport (= 7.0.5.1)
+ activejob (7.0.7.2)
+ activesupport (= 7.0.7.2)
globalid (>= 0.3.6)
- activemodel (7.0.5.1)
- activesupport (= 7.0.5.1)
- activerecord (7.0.5.1)
- activemodel (= 7.0.5.1)
- activesupport (= 7.0.5.1)
- activestorage (7.0.5.1)
- actionpack (= 7.0.5.1)
- activejob (= 7.0.5.1)
- activerecord (= 7.0.5.1)
- activesupport (= 7.0.5.1)
+ activemodel (7.0.7.2)
+ activesupport (= 7.0.7.2)
+ activerecord (7.0.7.2)
+ activemodel (= 7.0.7.2)
+ activesupport (= 7.0.7.2)
+ activestorage (7.0.7.2)
+ actionpack (= 7.0.7.2)
+ activejob (= 7.0.7.2)
+ activerecord (= 7.0.7.2)
+ activesupport (= 7.0.7.2)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
- activesupport (7.0.5.1)
+ activesupport (7.0.7.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
@@ -97,6 +97,7 @@ GEM
aws-sigv4 (~> 1.4)
aws-sigv4 (1.5.2)
aws-eventstream (~> 1, >= 1.0.2)
+ base64 (0.1.1)
bcrypt (3.1.18)
bigbluebutton-api-ruby (1.9.1)
childprocess (>= 1.0.1)
@@ -129,7 +130,7 @@ GEM
crass (1.0.6)
cssbundling-rails (1.2.0)
railties (>= 6.0.0)
- data_migrate (9.0.0)
+ data_migrate (9.1.1)
activerecord (>= 6.0)
railties (>= 6.0)
date (3.3.3)
@@ -152,7 +153,7 @@ GEM
railties (>= 5.0.0)
faker (3.1.1)
i18n (>= 1.8.11, < 2)
- faraday (2.7.4)
+ faraday (2.7.10)
faraday-net_http (>= 2.0, < 3.1)
ruby2_keywords (>= 0.0.4)
faraday-follow_redirects (0.3.0)
@@ -225,6 +226,7 @@ GEM
faraday-follow_redirects
jsonapi-renderer (0.2.2)
jwt (2.7.0)
+ language_server-protocol (3.17.0.3)
lograge (0.13.0)
actionpack (>= 4)
activesupport (>= 4)
@@ -243,12 +245,12 @@ GEM
memoist (0.16.2)
method_source (1.0.0)
mini_magick (4.12.0)
- mini_mime (1.1.2)
+ mini_mime (1.1.5)
mini_portile2 (2.8.4)
minitest (5.19.0)
msgpack (1.6.0)
multi_json (1.15.0)
- net-imap (0.3.6)
+ net-imap (0.3.7)
date
net-protocol
net-pop (0.1.2)
@@ -258,10 +260,10 @@ GEM
net-smtp (0.3.3)
net-protocol
nio4r (2.5.9)
- nokogiri (1.15.3)
+ nokogiri (1.15.4)
mini_portile2 (~> 2.8.2)
racc (~> 1.4)
- nokogiri (1.15.3-x86_64-linux)
+ nokogiri (1.15.4-x86_64-linux)
racc (~> 1.4)
omniauth (2.1.1)
hashie (>= 3.4.6)
@@ -270,66 +272,69 @@ GEM
omniauth-rails_csrf_protection (1.0.1)
actionpack (>= 4.2)
omniauth (~> 2.0)
- omniauth_openid_connect (0.6.0)
+ omniauth_openid_connect (0.7.1)
omniauth (>= 1.9, < 3)
- openid_connect (~> 1.1)
- openid_connect (1.4.2)
+ openid_connect (~> 2.2)
+ openid_connect (2.2.0)
activemodel
attr_required (>= 1.0.0)
- json-jwt (>= 1.15.0)
+ faraday (~> 2.0)
+ faraday-follow_redirects
+ json-jwt (>= 1.16)
net-smtp
- rack-oauth2 (~> 1.21)
- swd (~> 1.3)
+ rack-oauth2 (~> 2.2)
+ swd (~> 2.0)
tzinfo
validate_email
validate_url
- webfinger (~> 1.2)
+ webfinger (~> 2.0)
os (1.1.4)
- pagy (5.10.1)
- activesupport
- parallel (1.22.1)
- parser (3.2.0.0)
+ pagy (6.0.4)
+ parallel (1.23.0)
+ parser (3.2.2.3)
ast (~> 2.4.1)
+ racc
pg (1.4.5)
- public_suffix (5.0.1)
+ public_suffix (5.0.3)
puma (5.6.7)
nio4r (~> 2.0)
racc (1.7.1)
- rack (2.2.7)
- rack-oauth2 (1.21.3)
+ rack (2.2.8)
+ rack-oauth2 (2.2.0)
activesupport
attr_required
- httpclient
+ faraday (~> 2.0)
+ faraday-follow_redirects
json-jwt (>= 1.11.0)
rack (>= 2.1.0)
- rack-protection (3.0.5)
- rack
+ rack-protection (3.1.0)
+ rack (~> 2.2, >= 2.2.4)
rack-test (2.1.0)
rack (>= 1.3)
- rails (7.0.5.1)
- actioncable (= 7.0.5.1)
- actionmailbox (= 7.0.5.1)
- actionmailer (= 7.0.5.1)
- actionpack (= 7.0.5.1)
- actiontext (= 7.0.5.1)
- actionview (= 7.0.5.1)
- activejob (= 7.0.5.1)
- activemodel (= 7.0.5.1)
- activerecord (= 7.0.5.1)
- activestorage (= 7.0.5.1)
- activesupport (= 7.0.5.1)
+ rails (7.0.7.2)
+ actioncable (= 7.0.7.2)
+ actionmailbox (= 7.0.7.2)
+ actionmailer (= 7.0.7.2)
+ actionpack (= 7.0.7.2)
+ actiontext (= 7.0.7.2)
+ actionview (= 7.0.7.2)
+ activejob (= 7.0.7.2)
+ activemodel (= 7.0.7.2)
+ activerecord (= 7.0.7.2)
+ activestorage (= 7.0.7.2)
+ activesupport (= 7.0.7.2)
bundler (>= 1.15.0)
- railties (= 7.0.5.1)
- rails-dom-testing (2.1.1)
+ railties (= 7.0.7.2)
+ rails-dom-testing (2.2.0)
activesupport (>= 5.0.0)
minitest
nokogiri (>= 1.6)
rails-html-sanitizer (1.6.0)
loofah (~> 2.21)
nokogiri (~> 1.14)
- railties (7.0.5.1)
- actionpack (= 7.0.5.1)
- activesupport (= 7.0.5.1)
+ railties (7.0.7.2)
+ actionpack (= 7.0.7.2)
+ activesupport (= 7.0.7.2)
method_source
rake (>= 12.2)
thor (~> 1.0)
@@ -337,7 +342,7 @@ GEM
rainbow (3.1.1)
rake (13.0.6)
redis (4.8.0)
- regexp_parser (2.7.0)
+ regexp_parser (2.8.1)
reline (0.3.2)
io-console (~> 0.5)
remote_syslog_logger (1.0.4)
@@ -349,7 +354,7 @@ GEM
request_store (1.5.1)
rack (>= 1.4)
retriable (3.1.2)
- rexml (3.2.5)
+ rexml (3.2.6)
rspec-core (3.12.2)
rspec-support (~> 3.12.0)
rspec-expectations (3.12.3)
@@ -367,28 +372,30 @@ GEM
rspec-mocks (~> 3.12)
rspec-support (~> 3.12)
rspec-support (3.12.1)
- rubocop (1.45.1)
+ rubocop (1.56.1)
+ base64 (~> 0.1.1)
json (~> 2.3)
+ language_server-protocol (>= 3.17.0)
parallel (~> 1.10)
- parser (>= 3.2.0.0)
+ parser (>= 3.2.2.3)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml (>= 3.2.5, < 4.0)
- rubocop-ast (>= 1.24.1, < 2.0)
+ rubocop-ast (>= 1.28.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 3.0)
- rubocop-ast (1.24.1)
- parser (>= 3.1.1.0)
+ rubocop-ast (1.29.0)
+ parser (>= 3.2.1.0)
rubocop-performance (1.16.0)
rubocop (>= 1.7.0, < 2.0)
rubocop-ast (>= 0.4.0)
- rubocop-rails (2.17.4)
+ rubocop-rails (2.20.2)
activesupport (>= 4.2.0)
rack (>= 1.1)
rubocop (>= 1.33.0, < 2.0)
rubocop-rspec (2.9.0)
rubocop (~> 1.19)
- ruby-progressbar (1.11.0)
+ ruby-progressbar (1.13.0)
ruby-vips (2.1.4)
ffi (~> 1.12)
ruby2_keywords (0.0.5)
@@ -411,10 +418,11 @@ GEM
actionpack (>= 5.2)
activesupport (>= 5.2)
sprockets (>= 3.0.0)
- swd (1.3.0)
+ swd (2.0.2)
activesupport (>= 3)
attr_required (>= 0.0.5)
- httpclient (>= 2.4)
+ faraday (~> 2.0)
+ faraday-follow_redirects
syslog_protocol (0.9.2)
thor (1.2.2)
timeout (0.4.0)
@@ -438,23 +446,24 @@ GEM
nokogiri (~> 1.6)
rubyzip (>= 1.3.0)
selenium-webdriver (~> 4.0)
- webfinger (1.2.0)
+ webfinger (2.1.2)
activesupport
- httpclient (>= 2.4)
+ faraday (~> 2.0)
+ faraday-follow_redirects
webmock (3.18.1)
addressable (>= 2.8.0)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
webrick (1.8.1)
websocket (1.2.9)
- websocket-driver (0.7.5)
+ websocket-driver (0.7.6)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
xml-simple (1.1.9)
rexml
xpath (3.2.0)
nokogiri (~> 1.8)
- zeitwerk (2.6.9)
+ zeitwerk (2.6.11)
PLATFORMS
ruby
@@ -469,7 +478,7 @@ DEPENDENCIES
bootsnap
capybara
cssbundling-rails (>= 1.2.0)
- data_migrate (>= 9.0.0)
+ data_migrate (>= 9.1.0)
debug
dotenv-rails
factory_bot_rails
@@ -486,17 +495,17 @@ DEPENDENCIES
mini_magick (>= 4.9.5)
omniauth (~> 2.1.0)
omniauth-rails_csrf_protection (~> 1.0.1)
- omniauth_openid_connect
- pagy (~> 5.10, >= 5.10.1)
+ omniauth_openid_connect (>= 0.6.1)
+ pagy (~> 6.0, >= 6.0.0)
pg
puma (~> 5.6)
- rails (~> 7.0.5, >= 7.0.5.1)
+ rails (~> 7.0.7, >= 7.0.7.1)
redis (~> 4.0)
remote_syslog_logger
rspec-rails (>= 6.0.2)
rubocop (~> 1.26)
rubocop-performance (~> 1.13)
- rubocop-rails (~> 2.17, >= 2.17.4)
+ rubocop-rails (~> 2.18, >= 2.18.0)
rubocop-rspec (~> 2.9.0)
selenium-webdriver
shoulda-matchers (~> 5.0)
--
GitLab