From 09e1d8af6ab6689294939392c1964385185ee9d0 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 16 Oct 2024 20:24:08 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONMAILER-8220269 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-8220162 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-8220268 - https://snyk.io/vuln/SNYK-RUBY-ACTIONTEXT-8220270 --- Gemfile | 2 +- Gemfile.lock | 175 +++++++++++++++++++++++++-------------------------- 2 files changed, 88 insertions(+), 89 deletions(-) diff --git a/Gemfile b/Gemfile index d849344..f3fb5af 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" } ruby '3.2.2' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails', branch: 'main' -gem 'rails', '~> 7.1.0' +gem 'rails', '~> 7.1.4', '>= 7.1.4.1' # Use sqlite3 as the database for Active Record gem 'sqlite3', '~> 1.4' # Use Puma as the app server diff --git a/Gemfile.lock b/Gemfile.lock index 3d34ddb..c550e46 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,74 +1,75 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.1.0) - actionpack (= 7.1.0) - activesupport (= 7.1.0) + actioncable (7.1.4.1) + actionpack (= 7.1.4.1) + activesupport (= 7.1.4.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.0) - actionpack (= 7.1.0) - activejob (= 7.1.0) - activerecord (= 7.1.0) - activestorage (= 7.1.0) - activesupport (= 7.1.0) + actionmailbox (7.1.4.1) + actionpack (= 7.1.4.1) + activejob (= 7.1.4.1) + activerecord (= 7.1.4.1) + activestorage (= 7.1.4.1) + activesupport (= 7.1.4.1) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.1.0) - actionpack (= 7.1.0) - actionview (= 7.1.0) - activejob (= 7.1.0) - activesupport (= 7.1.0) + actionmailer (7.1.4.1) + actionpack (= 7.1.4.1) + actionview (= 7.1.4.1) + activejob (= 7.1.4.1) + activesupport (= 7.1.4.1) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.2) - actionpack (7.1.0) - actionview (= 7.1.0) - activesupport (= 7.1.0) + actionpack (7.1.4.1) + actionview (= 7.1.4.1) + activesupport (= 7.1.4.1) nokogiri (>= 1.8.5) + racc rack (>= 2.2.4) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.0) - actionpack (= 7.1.0) - activerecord (= 7.1.0) - activestorage (= 7.1.0) - activesupport (= 7.1.0) + actiontext (7.1.4.1) + actionpack (= 7.1.4.1) + activerecord (= 7.1.4.1) + activestorage (= 7.1.4.1) + activesupport (= 7.1.4.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.0) - activesupport (= 7.1.0) + actionview (7.1.4.1) + activesupport (= 7.1.4.1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.1.0) - activesupport (= 7.1.0) + activejob (7.1.4.1) + activesupport (= 7.1.4.1) globalid (>= 0.3.6) - activemodel (7.1.0) - activesupport (= 7.1.0) - activerecord (7.1.0) - activemodel (= 7.1.0) - activesupport (= 7.1.0) + activemodel (7.1.4.1) + activesupport (= 7.1.4.1) + activerecord (7.1.4.1) + activemodel (= 7.1.4.1) + activesupport (= 7.1.4.1) timeout (>= 0.4.0) activerecord-postgis-adapter (9.0.0) activerecord (~> 7.1.0) rgeo-activerecord (~> 7.0.0) activerecord-reset-pk-sequence (0.2.1) - activestorage (7.1.0) - actionpack (= 7.1.0) - activejob (= 7.1.0) - activerecord (= 7.1.0) - activesupport (= 7.1.0) + activestorage (7.1.4.1) + actionpack (= 7.1.4.1) + activejob (= 7.1.4.1) + activerecord (= 7.1.4.1) + activesupport (= 7.1.4.1) marcel (~> 1.0) - activesupport (7.1.0) + activesupport (7.1.4.1) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) @@ -91,44 +92,43 @@ GEM aws-sigv4 (~> 1.1) aws-sigv4 (1.6.0) aws-eventstream (~> 1, >= 1.0.2) - base64 (0.1.1) - bigdecimal (3.1.4) + base64 (0.1.2) + bigdecimal (3.1.8) bootsnap (1.16.0) msgpack (~> 1.2) - builder (3.2.4) + builder (3.3.0) byebug (11.1.3) cgi (0.3.6) - concurrent-ruby (1.2.2) + concurrent-ruby (1.3.4) connection_pool (2.4.1) crass (1.0.6) database_cleaner (1.99.0) - date (3.3.3) + date (3.3.4) dotenv (2.8.1) dotenv-rails (2.8.1) dotenv (= 2.8.1) railties (>= 3.2) - drb (2.1.1) - ruby2_keywords + drb (2.2.1) erb (2.2.3) cgi - erubi (1.12.0) + erubi (1.13.0) ffi (1.15.5) globalid (1.2.1) activesupport (>= 6.1) hirb (0.7.3) - i18n (1.14.1) + i18n (1.14.6) concurrent-ruby (~> 1.0) - io-console (0.6.0) - irb (1.8.1) - rdoc - reline (>= 0.3.8) + io-console (0.7.2) + irb (1.14.1) + rdoc (>= 4.0.0) + reline (>= 0.4.2) jmespath (1.6.2) json (2.6.3) language_server-protocol (3.17.0.3) listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.21.3) + loofah (2.22.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.8.1) @@ -136,34 +136,34 @@ GEM net-imap net-pop net-smtp - marcel (1.0.2) + marcel (1.0.4) mini_mime (1.1.5) - minitest (5.20.0) + minitest (5.25.1) msgpack (1.7.2) - mutex_m (0.1.2) - net-imap (0.4.0) + mutex_m (0.2.0) + net-imap (0.4.17) date net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.2.1) + net-protocol (0.2.2) timeout - net-smtp (0.4.0) + net-smtp (0.5.0) net-protocol - nio4r (2.5.9) - nokogiri (1.15.4-x86_64-linux) + nio4r (2.7.3) + nokogiri (1.16.7-x86_64-linux) racc (~> 1.4) parallel (1.23.0) parser (3.2.2.3) ast (~> 2.4.1) racc pg (1.5.4) - psych (5.1.0) + psych (5.1.2) stringio puma (5.6.7) nio4r (~> 2.0) - racc (1.7.1) - rack (3.0.8) + racc (1.8.1) + rack (3.1.8) rack-cors (2.0.1) rack (>= 2.0.0) rack-session (2.0.0) @@ -173,20 +173,20 @@ GEM rackup (2.1.0) rack (>= 3) webrick (~> 1.8) - rails (7.1.0) - actioncable (= 7.1.0) - actionmailbox (= 7.1.0) - actionmailer (= 7.1.0) - actionpack (= 7.1.0) - actiontext (= 7.1.0) - actionview (= 7.1.0) - activejob (= 7.1.0) - activemodel (= 7.1.0) - activerecord (= 7.1.0) - activestorage (= 7.1.0) - activesupport (= 7.1.0) + rails (7.1.4.1) + actioncable (= 7.1.4.1) + actionmailbox (= 7.1.4.1) + actionmailer (= 7.1.4.1) + actionpack (= 7.1.4.1) + actiontext (= 7.1.4.1) + actionview (= 7.1.4.1) + activejob (= 7.1.4.1) + activemodel (= 7.1.4.1) + activerecord (= 7.1.4.1) + activestorage (= 7.1.4.1) + activesupport (= 7.1.4.1) bundler (>= 1.15.0) - railties (= 7.1.0) + railties (= 7.1.4.1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -194,23 +194,23 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.1.0) - actionpack (= 7.1.0) - activesupport (= 7.1.0) + railties (7.1.4.1) + actionpack (= 7.1.4.1) + activesupport (= 7.1.4.1) irb rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) zeitwerk (~> 2.6) rainbow (3.1.1) - rake (13.0.6) + rake (13.2.1) rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - rdoc (6.5.0) + rdoc (6.7.0) psych (>= 4.0.0) regexp_parser (2.8.1) - reline (0.3.9) + reline (0.5.10) io-console (~> 0.5) rexml (3.2.6) rgeo (3.0.0) @@ -248,21 +248,20 @@ GEM rubocop-capybara (~> 2.17) rubocop-factory_bot (~> 2.22) ruby-progressbar (1.13.0) - ruby2_keywords (0.0.5) site24x7_apminsight (1.8.7) spring (4.1.1) sqlite3 (1.6.4-x86_64-linux) - stringio (3.0.8) - thor (1.2.2) - timeout (0.4.0) + stringio (3.1.1) + thor (1.3.2) + timeout (0.4.1) tzinfo (2.0.6) concurrent-ruby (~> 1.0) unicode-display_width (2.4.2) - webrick (1.8.1) + webrick (1.8.2) websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.6.12) + zeitwerk (2.7.0) PLATFORMS x86_64-linux @@ -281,7 +280,7 @@ DEPENDENCIES pg (~> 1.1) puma (~> 5.6, >= 5.6.7) rack-cors - rails (~> 7.1.0) + rails (~> 7.1.4, >= 7.1.4.1) rollbar rubocop rubocop-performance