From a90275731e7c5eea90bde0912ce4f2e65fb49534 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 12 Dec 2024 03:45:10 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-8496389
---
Gemfile | 2 +-
Gemfile.lock | 146 +++++++++++++++++++++++++++------------------------
2 files changed, 77 insertions(+), 71 deletions(-)
diff --git a/Gemfile b/Gemfile
index 3175105..d410b08 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby File.read('.ruby-version').chomp
gem 'pg', '~> 1.5.6'
gem 'puma'
-gem 'rails', '~> 7.1.4', '>= 7.1.4.1'
+gem 'rails', '~> 7.1.5', '>= 7.1.5.1'
gem 'grape', '~> 2.1.3'
gem 'grape-entity', '~> 1.0.1'
diff --git a/Gemfile.lock b/Gemfile.lock
index 5df5c7d..439c734 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -11,35 +11,35 @@ GIT
GEM
remote: https://rubygems.org/
specs:
- actioncable (7.1.4.1)
- actionpack (= 7.1.4.1)
- activesupport (= 7.1.4.1)
+ actioncable (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
zeitwerk (~> 2.6)
- actionmailbox (7.1.4.1)
- actionpack (= 7.1.4.1)
- activejob (= 7.1.4.1)
- activerecord (= 7.1.4.1)
- activestorage (= 7.1.4.1)
- activesupport (= 7.1.4.1)
+ actionmailbox (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ activejob (= 7.1.5.1)
+ activerecord (= 7.1.5.1)
+ activestorage (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
mail (>= 2.7.1)
net-imap
net-pop
net-smtp
- actionmailer (7.1.4.1)
- actionpack (= 7.1.4.1)
- actionview (= 7.1.4.1)
- activejob (= 7.1.4.1)
- activesupport (= 7.1.4.1)
+ actionmailer (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ actionview (= 7.1.5.1)
+ activejob (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
mail (~> 2.5, >= 2.5.4)
net-imap
net-pop
net-smtp
rails-dom-testing (~> 2.2)
- actionpack (7.1.4.1)
- actionview (= 7.1.4.1)
- activesupport (= 7.1.4.1)
+ actionpack (7.1.5.1)
+ actionview (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
nokogiri (>= 1.8.5)
racc
rack (>= 2.2.4)
@@ -47,43 +47,46 @@ GEM
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
- actiontext (7.1.4.1)
- actionpack (= 7.1.4.1)
- activerecord (= 7.1.4.1)
- activestorage (= 7.1.4.1)
- activesupport (= 7.1.4.1)
+ actiontext (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ activerecord (= 7.1.5.1)
+ activestorage (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
- actionview (7.1.4.1)
- activesupport (= 7.1.4.1)
+ actionview (7.1.5.1)
+ activesupport (= 7.1.5.1)
builder (~> 3.1)
erubi (~> 1.11)
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
- activejob (7.1.4.1)
- activesupport (= 7.1.4.1)
+ activejob (7.1.5.1)
+ activesupport (= 7.1.5.1)
globalid (>= 0.3.6)
- activemodel (7.1.4.1)
- activesupport (= 7.1.4.1)
- activerecord (7.1.4.1)
- activemodel (= 7.1.4.1)
- activesupport (= 7.1.4.1)
+ activemodel (7.1.5.1)
+ activesupport (= 7.1.5.1)
+ activerecord (7.1.5.1)
+ activemodel (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
timeout (>= 0.4.0)
- activestorage (7.1.4.1)
- actionpack (= 7.1.4.1)
- activejob (= 7.1.4.1)
- activerecord (= 7.1.4.1)
- activesupport (= 7.1.4.1)
+ activestorage (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ activejob (= 7.1.5.1)
+ activerecord (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
marcel (~> 1.0)
- activesupport (7.1.4.1)
+ activesupport (7.1.5.1)
base64
+ benchmark (>= 0.3)
bigdecimal
concurrent-ruby (~> 1.0, >= 1.0.2)
connection_pool (>= 2.2.5)
drb
i18n (>= 1.6, < 2)
+ logger (>= 1.4.2)
minitest (>= 5.1)
mutex_m
+ securerandom (>= 0.3)
tzinfo (~> 2.0)
addressable (2.8.7)
public_suffix (>= 2.0.2, < 7.0)
@@ -108,6 +111,7 @@ GEM
aws-sigv4 (1.8.0)
aws-eventstream (~> 1, >= 1.0.2)
base64 (0.2.0)
+ benchmark (0.4.0)
bigdecimal (3.1.8)
brakeman (6.1.2)
racc
@@ -120,7 +124,7 @@ GEM
bigdecimal
rexml
crass (1.0.6)
- date (3.3.4)
+ date (3.4.1)
debug (1.9.1)
irb (~> 1.10)
reline (>= 0.3.8)
@@ -182,7 +186,7 @@ GEM
i18n (1.14.6)
concurrent-ruby (~> 1.0)
ice_nine (0.11.2)
- io-console (0.7.2)
+ io-console (0.8.0)
irb (1.14.1)
rdoc (>= 4.0.0)
reline (>= 0.4.2)
@@ -197,6 +201,7 @@ GEM
kaminari-core (= 1.2.2)
kaminari-core (1.2.2)
language_server-protocol (3.17.0.3)
+ logger (1.6.2)
loofah (2.23.1)
crass (~> 1.0.2)
nokogiri (>= 1.12.0)
@@ -209,7 +214,7 @@ GEM
method_source (1.1.0)
mini_mime (1.1.5)
mini_portile2 (2.8.8)
- minitest (5.25.1)
+ minitest (5.25.4)
moj-simple-jwt-auth (0.1.0)
json
jwt
@@ -218,8 +223,8 @@ GEM
ruby2_keywords (~> 0.0.1)
mustermann-grape (1.1.0)
mustermann (>= 1.0.0)
- mutex_m (0.2.0)
- net-imap (0.4.17)
+ mutex_m (0.3.0)
+ net-imap (0.4.18)
date
net-protocol
net-pop (0.1.2)
@@ -228,8 +233,8 @@ GEM
timeout
net-smtp (0.5.0)
net-protocol
- nio4r (2.7.3)
- nokogiri (1.16.8)
+ nio4r (2.7.4)
+ nokogiri (1.15.7)
mini_portile2 (~> 2.8.2)
racc (~> 1.4)
parallel (1.25.1)
@@ -242,7 +247,8 @@ GEM
pry (0.14.2)
coderay (~> 1.1)
method_source (~> 1.0)
- psych (5.1.2)
+ psych (5.2.1)
+ date
stringio
public_suffix (6.0.1)
puma (6.4.3)
@@ -253,23 +259,22 @@ GEM
rack (>= 3.0.0)
rack-test (2.1.0)
rack (>= 1.3)
- rackup (2.1.0)
+ rackup (2.2.1)
rack (>= 3)
- webrick (~> 1.8)
- rails (7.1.4.1)
- actioncable (= 7.1.4.1)
- actionmailbox (= 7.1.4.1)
- actionmailer (= 7.1.4.1)
- actionpack (= 7.1.4.1)
- actiontext (= 7.1.4.1)
- actionview (= 7.1.4.1)
- activejob (= 7.1.4.1)
- activemodel (= 7.1.4.1)
- activerecord (= 7.1.4.1)
- activestorage (= 7.1.4.1)
- activesupport (= 7.1.4.1)
+ rails (7.1.5.1)
+ actioncable (= 7.1.5.1)
+ actionmailbox (= 7.1.5.1)
+ actionmailer (= 7.1.5.1)
+ actionpack (= 7.1.5.1)
+ actiontext (= 7.1.5.1)
+ actionview (= 7.1.5.1)
+ activejob (= 7.1.5.1)
+ activemodel (= 7.1.5.1)
+ activerecord (= 7.1.5.1)
+ activestorage (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
bundler (>= 1.15.0)
- railties (= 7.1.4.1)
+ railties (= 7.1.5.1)
rails-dom-testing (2.2.0)
activesupport (>= 5.0.0)
minitest
@@ -277,9 +282,9 @@ GEM
rails-html-sanitizer (1.6.1)
loofah (~> 2.21)
nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
- railties (7.1.4.1)
- actionpack (= 7.1.4.1)
- activesupport (= 7.1.4.1)
+ railties (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
irb
rackup (>= 1.0.0)
rake (>= 12.2)
@@ -287,10 +292,10 @@ GEM
zeitwerk (~> 2.6)
rainbow (3.1.1)
rake (13.2.1)
- rdoc (6.7.0)
+ rdoc (6.8.1)
psych (>= 4.0.0)
regexp_parser (2.9.2)
- reline (0.5.10)
+ reline (0.5.12)
io-console (~> 0.5)
rexml (3.3.9)
rspec-core (3.13.0)
@@ -341,6 +346,7 @@ GEM
rubocop-factory_bot (~> 2.22)
ruby-progressbar (1.13.0)
ruby2_keywords (0.0.5)
+ securerandom (0.3.2)
sentry-rails (5.18.1)
railties (>= 5.0)
sentry-ruby (~> 5.18.1)
@@ -354,9 +360,9 @@ GEM
simplecov-html (0.12.3)
simplecov_json_formatter (0.1.4)
stackprof (0.2.26)
- stringio (3.1.1)
+ stringio (3.1.2)
thor (1.3.2)
- timeout (0.4.1)
+ timeout (0.4.2)
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
unicode-display_width (2.5.0)
@@ -364,7 +370,7 @@ GEM
addressable (>= 2.8.0)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
- webrick (1.8.2)
+ webrick (1.9.1)
websocket-driver (0.7.6)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
@@ -390,7 +396,7 @@ DEPENDENCIES
prometheus_exporter
pry
puma
- rails (~> 7.1.4, >= 7.1.4.1)
+ rails (~> 7.1.5, >= 7.1.5.1)
rspec-rails (>= 6.1.1)
rubocop
rubocop-performance
@@ -403,7 +409,7 @@ DEPENDENCIES
webmock (>= 3.23.1)
RUBY VERSION
- ruby 3.3.5p100
+ ruby 2.7.8p225
BUNDLED WITH
2.3.17