From 1653485ed9a9acb0d94914e28acfe61969997b96 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 11 Oct 2025 05:15:44 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-13524628
---
 Gemfile      |   6 +-
 Gemfile.lock | 225 +--------------------------------------------------
 2 files changed, 4 insertions(+), 227 deletions(-)

diff --git a/Gemfile b/Gemfile
index f4691a9..2b9e951 100644
--- a/Gemfile
+++ b/Gemfile
@@ -16,13 +16,13 @@ end
 
 lockfile "activerecord-7.2" do
   gem "activerecord", "~> 7.2.0"
-  gem "rack", "~> 3.1.0"
+  gem "rack", "~> 3.2.3"
   gem "railties", "~> 7.2.0"
 end
 
 lockfile do
   gem "activerecord", "~> 8.0.0"
-  gem "rack", "~> 3.2"
+  gem "rack", "~> 3.2", ">= 3.2.3"
   gem "railties", "~> 8.0.0"
 end
 
@@ -31,7 +31,7 @@ group :development, :test do
   gem "pg", "~> 1.2"
   gem "rake", "~> 13.0"
   gem "rspec-mocks", "~> 3.5"
-  gem "rspec-rails", "~> 7.0"
+  gem "rspec-rails", "~> 8.0", ">= 8.0.0"
   gem "rubocop", "~> 1.10"
   gem "rubocop-inst",  "~> 1"
   gem "rubocop-rake",  "~> 0.5"
diff --git a/Gemfile.lock b/Gemfile.lock
index af95466..d4bdca4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,214 +1,6 @@
-PATH
-  remote: .
-  specs:
-    switchman (4.2.2)
-      activerecord (>= 7.1, < 8.1)
-      guardrail (~> 3.1.0)
-      parallel (~> 1.22)
-      railties (>= 7.1, < 8.1)
-
 GEM
   remote: http://rubygems.org/
   specs:
-    actionpack (8.0.3)
-      actionview (= 8.0.3)
-      activesupport (= 8.0.3)
-      nokogiri (>= 1.8.5)
-      rack (>= 2.2.4)
-      rack-session (>= 1.0.1)
-      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.6)
-      useragent (~> 0.16)
-    actionview (8.0.3)
-      activesupport (= 8.0.3)
-      builder (~> 3.1)
-      erubi (~> 1.11)
-      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.6)
-    activemodel (8.0.3)
-      activesupport (= 8.0.3)
-    activerecord (8.0.3)
-      activemodel (= 8.0.3)
-      activesupport (= 8.0.3)
-      timeout (>= 0.4.0)
-    activesupport (8.0.3)
-      base64
-      benchmark (>= 0.3)
-      bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.3.1)
-      connection_pool (>= 2.2.5)
-      drb
-      i18n (>= 1.6, < 2)
-      logger (>= 1.4.2)
-      minitest (>= 5.1)
-      securerandom (>= 0.3)
-      tzinfo (~> 2.0, >= 2.0.5)
-      uri (>= 0.13.1)
-    ast (2.4.3)
-    base64 (0.3.0)
-    benchmark (0.4.1)
-    bigdecimal (3.2.3)
-    builder (3.3.0)
-    concurrent-ruby (1.3.5)
-    connection_pool (2.5.4)
-    crass (1.0.6)
-    date (3.4.1)
-    debug (1.11.0)
-      irb (~> 1.10)
-      reline (>= 0.3.8)
-    diff-lcs (1.6.2)
-    docile (1.4.1)
-    drb (2.2.3)
-    erb (5.0.2)
-    erubi (1.13.1)
-    guardrail (3.1.0)
-      activerecord (>= 6.1, < 8.1)
-      railties (>= 6.1, < 8.1)
-    i18n (1.14.7)
-      concurrent-ruby (~> 1.0)
-    io-console (0.8.1)
-    irb (1.15.2)
-      pp (>= 0.6.0)
-      rdoc (>= 4.0.0)
-      reline (>= 0.4.2)
-    json (2.15.0)
-    language_server-protocol (3.17.0.5)
-    lint_roller (1.1.0)
-    logger (1.7.0)
-    loofah (2.24.1)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.12.0)
-    mini_portile2 (2.8.9)
-    minitest (5.25.5)
-    nokogiri (1.18.10)
-      mini_portile2 (~> 2.8.2)
-      racc (~> 1.4)
-    nokogiri (1.18.10-aarch64-linux-gnu)
-      racc (~> 1.4)
-    nokogiri (1.18.10-arm64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.18.10-x86_64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.18.10-x86_64-linux-gnu)
-      racc (~> 1.4)
-    parallel (1.27.0)
-    parser (3.3.9.0)
-      ast (~> 2.4.1)
-      racc
-    pg (1.6.2)
-    pg (1.6.2-aarch64-linux)
-    pg (1.6.2-arm64-darwin)
-    pg (1.6.2-x86_64-darwin)
-    pg (1.6.2-x86_64-linux)
-    pp (0.6.2)
-      prettyprint
-    prettyprint (0.2.0)
-    prism (1.5.1)
-    psych (5.2.6)
-      date
-      stringio
-    racc (1.8.1)
-    rack (3.2.1)
-    rack-session (2.1.1)
-      base64 (>= 0.1.0)
-      rack (>= 3.0.0)
-    rack-test (2.2.0)
-      rack (>= 1.3)
-    rackup (2.2.1)
-      rack (>= 3)
-    rails-dom-testing (2.3.0)
-      activesupport (>= 5.0.0)
-      minitest
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.2)
-      loofah (~> 2.21)
-      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
-    railties (8.0.3)
-      actionpack (= 8.0.3)
-      activesupport (= 8.0.3)
-      irb (~> 1.13)
-      rackup (>= 1.0.0)
-      rake (>= 12.2)
-      thor (~> 1.0, >= 1.2.2)
-      tsort (>= 0.2)
-      zeitwerk (~> 2.6)
-    rainbow (3.1.1)
-    rake (13.3.0)
-    rdoc (6.14.2)
-      erb
-      psych (>= 4.0.0)
-    regexp_parser (2.11.3)
-    reline (0.6.2)
-      io-console (~> 0.5)
-    rspec-core (3.13.5)
-      rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.5)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.5)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.13.0)
-    rspec-rails (7.1.1)
-      actionpack (>= 7.0)
-      activesupport (>= 7.0)
-      railties (>= 7.0)
-      rspec-core (~> 3.13)
-      rspec-expectations (~> 3.13)
-      rspec-mocks (~> 3.13)
-      rspec-support (~> 3.13)
-    rspec-support (3.13.6)
-    rubocop (1.81.1)
-      json (~> 2.3)
-      language_server-protocol (~> 3.17.0.2)
-      lint_roller (~> 1.1.0)
-      parallel (~> 1.10)
-      parser (>= 3.3.0.2)
-      rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.47.1, < 2.0)
-      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.47.1)
-      parser (>= 3.3.7.2)
-      prism (~> 1.4)
-    rubocop-inst (1.2.2)
-      rubocop (~> 1.72, >= 1.72.1)
-      rubocop-performance (~> 1.24)
-    rubocop-performance (1.26.0)
-      lint_roller (~> 1.1)
-      rubocop (>= 1.75.0, < 2.0)
-      rubocop-ast (>= 1.44.0, < 2.0)
-    rubocop-rake (0.7.1)
-      lint_roller (~> 1.1)
-      rubocop (>= 1.72.1)
-    rubocop-rspec (3.7.0)
-      lint_roller (~> 1.1)
-      rubocop (~> 1.72, >= 1.72.1)
-    rubocop-rspec_rails (2.31.0)
-      lint_roller (~> 1.1)
-      rubocop (~> 1.72, >= 1.72.1)
-      rubocop-rspec (~> 3.5)
-    ruby-progressbar (1.13.0)
-    securerandom (0.4.1)
-    simplecov (0.22.0)
-      docile (~> 1.1)
-      simplecov-html (~> 0.11)
-      simplecov_json_formatter (~> 0.1)
-    simplecov-html (0.13.2)
-    simplecov_json_formatter (0.1.4)
-    stringio (3.1.7)
-    thor (1.4.0)
-    timeout (0.4.3)
-    tsort (0.2.0)
-    tzinfo (2.0.6)
-      concurrent-ruby (~> 1.0)
-    unicode-display_width (3.2.0)
-      unicode-emoji (~> 4.1)
-    unicode-emoji (4.1.0)
-    uri (1.0.3)
-    useragent (0.16.11)
-    zeitwerk (2.7.3)
 
 PLATFORMS
   aarch64-linux
@@ -218,21 +10,6 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
-  activerecord (~> 8.0.0)
-  debug (~> 1.8)
-  pg (~> 1.2)
-  rack (~> 3.2)
-  railties (~> 8.0.0)
-  rake (~> 13.0)
-  rspec-mocks (~> 3.5)
-  rspec-rails (~> 7.0)
-  rubocop (~> 1.10)
-  rubocop-inst (~> 1)
-  rubocop-rake (~> 0.5)
-  rubocop-rspec (~> 3.0)
-  rubocop-rspec_rails (~> 2.29)
-  simplecov (~> 0.15)
-  switchman!
 
 BUNDLED WITH
-   2.4.19
+   2.3.27