[Snyk] Fix for 2 vulnerabilities (#5391)

* fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-5851458 - https://snyk.io/vuln/SNYK-RUBY-RAILTIES-5851410 * Update Gemfile.lock --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>

[Snyk] Fix for 2 vulnerabilities (#5391)
e7ba4e0c · Anton Georgiev · GitHub · fc3e9cf8 · e7ba4e0c · e7ba4e0c
Unverified Commit e7ba4e0c authored Oct 3, 2023 by Anton Georgiev Committed by GitHub Oct 3, 2023
--- a/Gemfile
+++ b/Gemfile
@@ -12,7 +12,7 @@ gem 'bcrypt', '~> 3.1.7'
 gem 'bigbluebutton-api-ruby', '1.9.1'
 gem 'bootsnap', require: false
 gem 'cssbundling-rails', '>= 1.2.0'
-gem 'data_migrate', '>= 9.0.0'
+gem 'data_migrate', '>= 9.1.0'
 gem 'dotenv-rails'
 gem 'google-cloud-storage', '~> 1.44', require: false
 gem 'hcaptcha'
@@ -24,12 +24,12 @@ gem 'jsbundling-rails', '>= 1.1.2'
 gem 'jwt'
 gem 'mini_magick', '>= 4.9.5'
 gem 'omniauth', '~> 2.1.0'
-gem 'omniauth_openid_connect'
+gem 'omniauth_openid_connect', '>= 0.6.1'
 gem 'omniauth-rails_csrf_protection', '~> 1.0.1'
-gem 'pagy', '~> 5.10', '>= 5.10.1'
+gem 'pagy', '~> 6.0', '>= 6.0.0'
 gem 'pg'
 gem 'puma', '~> 5.6'
-gem 'rails', '~> 7.0.5', '>= 7.0.5.1'
+gem 'rails', '~> 7.0.7', '>= 7.0.7.1'
 gem 'redis', '~> 4.0'
 gem 'sprockets-rails'
 gem 'tzinfo-data', platforms: %i[mingw mswin x64_mingw jruby]
@@ -41,7 +41,7 @@ end
 group :development do
  gem 'rubocop', '~> 1.26', require: false
  gem 'rubocop-performance', '~> 1.13', require: false
-  gem 'rubocop-rails', '~> 2.17', '>= 2.17.4', require: false
+  gem 'rubocop-rails', '~> 2.18', '>= 2.18.0', require: false
  gem 'rubocop-rspec', '~> 2.9.0', require: false
  gem 'web-console'
 end

--- a/Gemfile.lock
+++ b/Gemfile.lock
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (7.0.5.1)
+    actioncable (7.0.7.2)
-      actionpack (= 7.0.5.1)
+      actionpack (= 7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.5.1)
+    actionmailbox (7.0.7.2)
-      actionpack (= 7.0.5.1)
+      actionpack (= 7.0.7.2)
-      activejob (= 7.0.5.1)
+      activejob (= 7.0.7.2)
-      activerecord (= 7.0.5.1)
+      activerecord (= 7.0.7.2)
-      activestorage (= 7.0.5.1)
+      activestorage (= 7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
      mail (>= 2.7.1)
      net-imap
      net-pop
      net-smtp
-    actionmailer (7.0.5.1)
+    actionmailer (7.0.7.2)
-      actionpack (= 7.0.5.1)
+      actionpack (= 7.0.7.2)
-      actionview (= 7.0.5.1)
+      actionview (= 7.0.7.2)
-      activejob (= 7.0.5.1)
+      activejob (= 7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
      mail (~> 2.5, >= 2.5.4)
      net-imap
      net-pop
      net-smtp
      rails-dom-testing (~> 2.0)
-    actionpack (7.0.5.1)
+    actionpack (7.0.7.2)
-      actionview (= 7.0.5.1)
+      actionview (= 7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
      rack (~> 2.0, >= 2.2.4)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.5.1)
+    actiontext (7.0.7.2)
-      actionpack (= 7.0.5.1)
+      actionpack (= 7.0.7.2)
-      activerecord (= 7.0.5.1)
+      activerecord (= 7.0.7.2)
-      activestorage (= 7.0.5.1)
+      activestorage (= 7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
      globalid (>= 0.6.0)
      nokogiri (>= 1.8.5)
-    actionview (7.0.5.1)
+    actionview (7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
@@ -56,22 +56,22 @@ GEM
      activemodel (>= 5.2.0)
      activestorage (>= 5.2.0)
      activesupport (>= 5.2.0)
-    activejob (7.0.5.1)
+    activejob (7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
      globalid (>= 0.3.6)
-    activemodel (7.0.5.1)
+    activemodel (7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
-    activerecord (7.0.5.1)
+    activerecord (7.0.7.2)
-      activemodel (= 7.0.5.1)
+      activemodel (= 7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
-    activestorage (7.0.5.1)
+    activestorage (7.0.7.2)
-      actionpack (= 7.0.5.1)
+      actionpack (= 7.0.7.2)
-      activejob (= 7.0.5.1)
+      activejob (= 7.0.7.2)
-      activerecord (= 7.0.5.1)
+      activerecord (= 7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
      marcel (~> 1.0)
      mini_mime (>= 1.1.0)
-    activesupport (7.0.5.1)
+    activesupport (7.0.7.2)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
@@ -97,6 +97,7 @@ GEM
      aws-sigv4 (~> 1.4)
    aws-sigv4 (1.5.2)
      aws-eventstream (~> 1, >= 1.0.2)
+    base64 (0.1.1)
    bcrypt (3.1.18)
    bigbluebutton-api-ruby (1.9.1)
      childprocess (>= 1.0.1)
@@ -129,7 +130,7 @@ GEM
    crass (1.0.6)
    cssbundling-rails (1.2.0)
      railties (>= 6.0.0)
-    data_migrate (9.0.0)
+    data_migrate (9.1.1)
      activerecord (>= 6.0)
      railties (>= 6.0)
    date (3.3.3)
@@ -152,7 +153,7 @@ GEM
      railties (>= 5.0.0)
    faker (3.1.1)
      i18n (>= 1.8.11, < 2)
-    faraday (2.7.4)
+    faraday (2.7.10)
      faraday-net_http (>= 2.0, < 3.1)
      ruby2_keywords (>= 0.0.4)
    faraday-follow_redirects (0.3.0)
@@ -225,6 +226,7 @@ GEM
      faraday-follow_redirects
    jsonapi-renderer (0.2.2)
    jwt (2.7.0)
+    language_server-protocol (3.17.0.3)
    lograge (0.13.0)
      actionpack (>= 4)
      activesupport (>= 4)
@@ -243,12 +245,12 @@ GEM
    memoist (0.16.2)
    method_source (1.0.0)
    mini_magick (4.12.0)
-    mini_mime (1.1.2)
+    mini_mime (1.1.5)
    mini_portile2 (2.8.4)
    minitest (5.19.0)
    msgpack (1.6.0)
    multi_json (1.15.0)
-    net-imap (0.3.6)
+    net-imap (0.3.7)
      date
      net-protocol
    net-pop (0.1.2)
@@ -258,10 +260,10 @@ GEM
    net-smtp (0.3.3)
      net-protocol
    nio4r (2.5.9)
-    nokogiri (1.15.3)
+    nokogiri (1.15.4)
      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
-    nokogiri (1.15.3-x86_64-linux)
+    nokogiri (1.15.4-x86_64-linux)
      racc (~> 1.4)
    omniauth (2.1.1)
      hashie (>= 3.4.6)
@@ -270,66 +272,69 @@ GEM
    omniauth-rails_csrf_protection (1.0.1)
      actionpack (>= 4.2)
      omniauth (~> 2.0)
-    omniauth_openid_connect (0.6.0)
+    omniauth_openid_connect (0.7.1)
      omniauth (>= 1.9, < 3)
-      openid_connect (~> 1.1)
+      openid_connect (~> 2.2)
-    openid_connect (1.4.2)
+    openid_connect (2.2.0)
      activemodel
      attr_required (>= 1.0.0)
-      json-jwt (>= 1.15.0)
+      faraday (~> 2.0)
+      faraday-follow_redirects
+      json-jwt (>= 1.16)
      net-smtp
-      rack-oauth2 (~> 1.21)
+      rack-oauth2 (~> 2.2)
-      swd (~> 1.3)
+      swd (~> 2.0)
      tzinfo
      validate_email
      validate_url
-      webfinger (~> 1.2)
+      webfinger (~> 2.0)
    os (1.1.4)
-    pagy (5.10.1)
+    pagy (6.0.4)
-      activesupport
+    parallel (1.23.0)
-    parallel (1.22.1)
+    parser (3.2.2.3)
-    parser (3.2.0.0)
      ast (~> 2.4.1)
+      racc
    pg (1.4.5)
-    public_suffix (5.0.1)
+    public_suffix (5.0.3)
    puma (5.6.7)
      nio4r (~> 2.0)
    racc (1.7.1)
-    rack (2.2.7)
+    rack (2.2.8)
-    rack-oauth2 (1.21.3)
+    rack-oauth2 (2.2.0)
      activesupport
      attr_required
-      httpclient
+      faraday (~> 2.0)
+      faraday-follow_redirects
      json-jwt (>= 1.11.0)
      rack (>= 2.1.0)
-    rack-protection (3.0.5)
+    rack-protection (3.1.0)
-      rack
+      rack (~> 2.2, >= 2.2.4)
    rack-test (2.1.0)
      rack (>= 1.3)
-    rails (7.0.5.1)
+    rails (7.0.7.2)
-      actioncable (= 7.0.5.1)
+      actioncable (= 7.0.7.2)
-      actionmailbox (= 7.0.5.1)
+      actionmailbox (= 7.0.7.2)
-      actionmailer (= 7.0.5.1)
+      actionmailer (= 7.0.7.2)
-      actionpack (= 7.0.5.1)
+      actionpack (= 7.0.7.2)
-      actiontext (= 7.0.5.1)
+      actiontext (= 7.0.7.2)
-      actionview (= 7.0.5.1)
+      actionview (= 7.0.7.2)
-      activejob (= 7.0.5.1)
+      activejob (= 7.0.7.2)
-      activemodel (= 7.0.5.1)
+      activemodel (= 7.0.7.2)
-      activerecord (= 7.0.5.1)
+      activerecord (= 7.0.7.2)
-      activestorage (= 7.0.5.1)
+      activestorage (= 7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
      bundler (>= 1.15.0)
-      railties (= 7.0.5.1)
+      railties (= 7.0.7.2)
-    rails-dom-testing (2.1.1)
+    rails-dom-testing (2.2.0)
      activesupport (>= 5.0.0)
      minitest
      nokogiri (>= 1.6)
    rails-html-sanitizer (1.6.0)
      loofah (~> 2.21)
      nokogiri (~> 1.14)
-    railties (7.0.5.1)
+    railties (7.0.7.2)
-      actionpack (= 7.0.5.1)
+      actionpack (= 7.0.7.2)
-      activesupport (= 7.0.5.1)
+      activesupport (= 7.0.7.2)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
@@ -337,7 +342,7 @@ GEM
    rainbow (3.1.1)
    rake (13.0.6)
    redis (4.8.0)
-    regexp_parser (2.7.0)
+    regexp_parser (2.8.1)
    reline (0.3.2)
      io-console (~> 0.5)
    remote_syslog_logger (1.0.4)
@@ -349,7 +354,7 @@ GEM
    request_store (1.5.1)
      rack (>= 1.4)
    retriable (3.1.2)
-    rexml (3.2.5)
+    rexml (3.2.6)
    rspec-core (3.12.2)
      rspec-support (~> 3.12.0)
    rspec-expectations (3.12.3)
@@ -367,28 +372,30 @@ GEM
      rspec-mocks (~> 3.12)
      rspec-support (~> 3.12)
    rspec-support (3.12.1)
-    rubocop (1.45.1)
+    rubocop (1.56.1)
+      base64 (~> 0.1.1)
      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
      parallel (~> 1.10)
-      parser (>= 3.2.0.0)
+      parser (>= 3.2.2.3)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.24.1, < 2.0)
+      rubocop-ast (>= 1.28.1, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.24.1)
+    rubocop-ast (1.29.0)
-      parser (>= 3.1.1.0)
+      parser (>= 3.2.1.0)
    rubocop-performance (1.16.0)
      rubocop (>= 1.7.0, < 2.0)
      rubocop-ast (>= 0.4.0)
-    rubocop-rails (2.17.4)
+    rubocop-rails (2.20.2)
      activesupport (>= 4.2.0)
      rack (>= 1.1)
      rubocop (>= 1.33.0, < 2.0)
    rubocop-rspec (2.9.0)
      rubocop (~> 1.19)
-    ruby-progressbar (1.11.0)
+    ruby-progressbar (1.13.0)
    ruby-vips (2.1.4)
      ffi (~> 1.12)
    ruby2_keywords (0.0.5)
@@ -411,10 +418,11 @@ GEM
      actionpack (>= 5.2)
      activesupport (>= 5.2)
      sprockets (>= 3.0.0)
-    swd (1.3.0)
+    swd (2.0.2)
      activesupport (>= 3)
      attr_required (>= 0.0.5)
-      httpclient (>= 2.4)
+      faraday (~> 2.0)
+      faraday-follow_redirects
    syslog_protocol (0.9.2)
    thor (1.2.2)
    timeout (0.4.0)
@@ -438,23 +446,24 @@ GEM
      nokogiri (~> 1.6)
      rubyzip (>= 1.3.0)
      selenium-webdriver (~> 4.0)
-    webfinger (1.2.0)
+    webfinger (2.1.2)
      activesupport
-      httpclient (>= 2.4)
+      faraday (~> 2.0)
+      faraday-follow_redirects
    webmock (3.18.1)
      addressable (>= 2.8.0)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
    webrick (1.8.1)
    websocket (1.2.9)
-    websocket-driver (0.7.5)
+    websocket-driver (0.7.6)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    xml-simple (1.1.9)
      rexml
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    zeitwerk (2.6.9)
+    zeitwerk (2.6.11)
 PLATFORMS
  ruby
@@ -469,7 +478,7 @@ DEPENDENCIES
  bootsnap
  capybara
  cssbundling-rails (>= 1.2.0)
-  data_migrate (>= 9.0.0)
+  data_migrate (>= 9.1.0)
  debug
  dotenv-rails
  factory_bot_rails
@@ -486,17 +495,17 @@ DEPENDENCIES
  mini_magick (>= 4.9.5)
  omniauth (~> 2.1.0)
  omniauth-rails_csrf_protection (~> 1.0.1)
-  omniauth_openid_connect
+  omniauth_openid_connect (>= 0.6.1)
-  pagy (~> 5.10, >= 5.10.1)
+  pagy (~> 6.0, >= 6.0.0)
  pg
  puma (~> 5.6)
-  rails (~> 7.0.5, >= 7.0.5.1)
+  rails (~> 7.0.7, >= 7.0.7.1)
  redis (~> 4.0)
  remote_syslog_logger
  rspec-rails (>= 6.0.2)
  rubocop (~> 1.26)
  rubocop-performance (~> 1.13)
-  rubocop-rails (~> 2.17, >= 2.17.4)
+  rubocop-rails (~> 2.18, >= 2.18.0)
  rubocop-rspec (~> 2.9.0)
  selenium-webdriver
  shoulda-matchers (~> 5.0)