From 79808d11b6ffb63a2462377788ca1d64c779f7c8 Mon Sep 17 00:00:00 2001 From: Anton Georgiev Date: Fri, 22 Sep 2023 10:53:12 -0400 Subject: [PATCH 01/13] [Snyk] Security upgrade activerecord-session_store from 2.0.0 to 2.1.0 (#168) * fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 * Update Gemfile.lock --------- Co-authored-by: snyk-bot Co-authored-by: Jesus Federico --- Gemfile | 2 +- Gemfile.lock | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index eb25097a..074ab82a 100644 --- a/Gemfile +++ b/Gemfile @@ -53,7 +53,7 @@ gem 'ims-lti', git: 'https://github.com/blindsidenetworks/ims-lti.git', tag: 'v2 gem 'simple_oauth', git: 'https://github.com/blindsidenetworks/simple_oauth.git', tag: 'v0.3.1.1' -gem 'activerecord-session_store' +gem 'activerecord-session_store', '>= 2.1.0' # frontend gem 'bootstrap', '~> 4.5.0' diff --git a/Gemfile.lock b/Gemfile.lock index 90f26b49..065067c9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -76,12 +76,13 @@ GEM activerecord (6.1.7.6) activemodel (= 6.1.7.6) activesupport (= 6.1.7.6) - activerecord-session_store (2.0.0) - actionpack (>= 5.2.4.1) - activerecord (>= 5.2.4.1) + activerecord-session_store (2.1.0) + actionpack (>= 6.1) + activerecord (>= 6.1) + cgi (>= 0.3.6) multi_json (~> 1.11, >= 1.11.2) - rack (>= 2.0.8, < 3) - railties (>= 5.2.4.1) + rack (>= 2.0.8, < 4) + railties (>= 6.1) activestorage (6.1.7.6) actionpack (= 6.1.7.6) activejob (= 6.1.7.6) @@ -114,6 +115,7 @@ GEM sassc-rails (>= 2.0.0) builder (3.2.4) byebug (11.1.3) + cgi (0.3.6) coffee-rails (5.0.0) coffee-script (>= 2.2.0) railties (>= 5.2.0) @@ -428,7 +430,7 @@ PLATFORMS x86_64-linux DEPENDENCIES - activerecord-session_store + activerecord-session_store (>= 2.1.0) addressable (~> 2.7) bootstrap (~> 4.5.0) bundler (>= 2.1.4) From c3f0d96eb31738898c5a3ba0fc5254f788300fbf Mon Sep 17 00:00:00 2001 From: Jesus Federico Date: Fri, 22 Sep 2023 11:02:30 -0400 Subject: [PATCH 02/13] [Snyk] Security upgrade web-console from 4.2.0 to 4.2.1 (#169) * fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 * Update Gemfile.lock --------- Co-authored-by: snyk-bot --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 074ab82a..e3807d92 100644 --- a/Gemfile +++ b/Gemfile @@ -75,7 +75,7 @@ group :development do gem 'rubocop-rails', '~> 2.20', '>= 2.20.2', require: false # Access an IRB console on exception pages or by using <%= console %> anywhere in the code. gem 'listen', '~> 3.0.5' - gem 'web-console', '>= 4.2.0' + gem 'web-console', '>= 4.2.1' # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring gem 'spring' gem 'spring-watcher-listen', '~> 2.0.0' diff --git a/Gemfile.lock b/Gemfile.lock index 065067c9..ff4b2728 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -232,7 +232,7 @@ GEM method_source (1.0.0) mini_mime (1.1.5) mini_portile2 (2.8.4) - minitest (5.19.0) + minitest (5.20.0) minitest-stub_any_instance (1.0.3) multi_json (1.15.0) multipart-post (2.3.0) @@ -411,7 +411,7 @@ GEM unf_ext unf_ext (0.0.8.2) unicode-display_width (2.4.2) - web-console (4.2.0) + web-console (4.2.1) actionview (>= 6.0.0) activemodel (>= 6.0.0) bindex (>= 0.4.0) @@ -472,5 +472,5 @@ DEPENDENCIES terser (~> 1.1.8) turbolinks (~> 5) tzinfo-data - web-console (>= 4.2.0) + web-console (>= 4.2.1) webmock From b381fec3f09f6f84eb68e5c1c637871bbdf3f6b0 Mon Sep 17 00:00:00 2001 From: Jesus Federico Date: Fri, 22 Sep 2023 11:20:55 -0400 Subject: [PATCH 03/13] [Snyk] Security upgrade rubocop-rails from 2.20.2 to 2.21.0 (#170) * fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 * Update Gemfile.lock --------- Co-authored-by: snyk-bot --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index e3807d92..afc29867 100644 --- a/Gemfile +++ b/Gemfile @@ -72,7 +72,7 @@ end group :development do gem 'rubocop', '~> 1.54', require: false - gem 'rubocop-rails', '~> 2.20', '>= 2.20.2', require: false + gem 'rubocop-rails', '~> 2.21', '>= 2.21.0', require: false # Access an IRB console on exception pages or by using <%= console %> anywhere in the code. gem 'listen', '~> 3.0.5' gem 'web-console', '>= 4.2.1' diff --git a/Gemfile.lock b/Gemfile.lock index ff4b2728..1250d7e4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -342,7 +342,7 @@ GEM rspec-mocks (~> 3.12) rspec-support (~> 3.12) rspec-support (3.12.1) - rubocop (1.56.1) + rubocop (1.56.2) base64 (~> 0.1.1) json (~> 2.3) language_server-protocol (>= 3.17.0) @@ -356,7 +356,7 @@ GEM unicode-display_width (>= 2.4.0, < 3.0) rubocop-ast (1.29.0) parser (>= 3.2.1.0) - rubocop-rails (2.20.2) + rubocop-rails (2.21.0) activesupport (>= 4.2.0) rack (>= 1.1) rubocop (>= 1.33.0, < 2.0) @@ -464,7 +464,7 @@ DEPENDENCIES rspec rspec-rails (>= 6.0.2) rubocop (~> 1.54) - rubocop-rails (~> 2.20, >= 2.20.2) + rubocop-rails (~> 2.21, >= 2.21.0) sass-rails (>= 6.0.0) simple_oauth! spring From 28d3b764855b44ab8a2efc885aed6db1fb5d268b Mon Sep 17 00:00:00 2001 From: Anton Georgiev Date: Fri, 22 Sep 2023 11:28:58 -0400 Subject: [PATCH 04/13] fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#155) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-DOORKEEPER-5702995 Co-authored-by: snyk-bot Co-authored-by: Jesus Federico --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index afc29867..0bd715c0 100644 --- a/Gemfile +++ b/Gemfile @@ -41,7 +41,7 @@ gem 'redis', '~> 4.2' gem 'jwt', '~> 2.2.2' gem 'oauth', '~> 0.5.1' -gem 'doorkeeper', '~> 5.5.0' +gem 'doorkeeper', '~> 5.6.6' gem 'repost', '~> 0.3.8' gem 'lodash-rails' diff --git a/Gemfile.lock b/Gemfile.lock index 1250d7e4..e6a36cba 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -139,7 +139,7 @@ GEM docile (1.4.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - doorkeeper (5.5.4) + doorkeeper (5.6.6) railties (>= 5) dotenv (2.8.1) dotenv-rails (2.8.1) @@ -437,7 +437,7 @@ DEPENDENCIES byebug coffee-rails (~> 5.0, >= 5.0.0) coveralls - doorkeeper (~> 5.5.0) + doorkeeper (~> 5.6.6) dotenv-rails faraday font-awesome-sass (~> 6.4.0) From 414af518b5a7acdbef09e868a74a35c991087eef Mon Sep 17 00:00:00 2001 From: Jesus Federico Date: Fri, 22 Sep 2023 14:35:54 -0400 Subject: [PATCH 05/13] Revert "fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#155)" (#171) This reverts commit 28d3b764855b44ab8a2efc885aed6db1fb5d268b. --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 0bd715c0..afc29867 100644 --- a/Gemfile +++ b/Gemfile @@ -41,7 +41,7 @@ gem 'redis', '~> 4.2' gem 'jwt', '~> 2.2.2' gem 'oauth', '~> 0.5.1' -gem 'doorkeeper', '~> 5.6.6' +gem 'doorkeeper', '~> 5.5.0' gem 'repost', '~> 0.3.8' gem 'lodash-rails' diff --git a/Gemfile.lock b/Gemfile.lock index e6a36cba..1250d7e4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -139,7 +139,7 @@ GEM docile (1.4.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - doorkeeper (5.6.6) + doorkeeper (5.5.4) railties (>= 5) dotenv (2.8.1) dotenv-rails (2.8.1) @@ -437,7 +437,7 @@ DEPENDENCIES byebug coffee-rails (~> 5.0, >= 5.0.0) coveralls - doorkeeper (~> 5.6.6) + doorkeeper (~> 5.5.0) dotenv-rails faraday font-awesome-sass (~> 6.4.0) From e99c695673253729d2e6a84c160c54a2cce5e0fb Mon Sep 17 00:00:00 2001 From: Jesus Federico Date: Wed, 27 Sep 2023 13:31:58 -0400 Subject: [PATCH 06/13] [Snyk] Security upgrade doorkeeper from 5.5.4 to 5.6.6 (#172) * fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-DOORKEEPER-5702995 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 * Update Gemfile.lock --------- Co-authored-by: snyk-bot --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index afc29867..0bd715c0 100644 --- a/Gemfile +++ b/Gemfile @@ -41,7 +41,7 @@ gem 'redis', '~> 4.2' gem 'jwt', '~> 2.2.2' gem 'oauth', '~> 0.5.1' -gem 'doorkeeper', '~> 5.5.0' +gem 'doorkeeper', '~> 5.6.6' gem 'repost', '~> 0.3.8' gem 'lodash-rails' diff --git a/Gemfile.lock b/Gemfile.lock index 1250d7e4..e6a36cba 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -139,7 +139,7 @@ GEM docile (1.4.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - doorkeeper (5.5.4) + doorkeeper (5.6.6) railties (>= 5) dotenv (2.8.1) dotenv-rails (2.8.1) @@ -437,7 +437,7 @@ DEPENDENCIES byebug coffee-rails (~> 5.0, >= 5.0.0) coveralls - doorkeeper (~> 5.5.0) + doorkeeper (~> 5.6.6) dotenv-rails faraday font-awesome-sass (~> 6.4.0) From 30513060e159c62d1413303e4b7501b804527b15 Mon Sep 17 00:00:00 2001 From: Jesus Federico Date: Fri, 24 Nov 2023 13:23:33 -0500 Subject: [PATCH 07/13] [Snyk] Security upgrade lograge from 0.13.0 to 0.14.0 (#176) * fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 * Update Gemfile.lock --------- Co-authored-by: snyk-bot --- Gemfile | 2 +- Gemfile.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index 0bd715c0..ce759f53 100644 --- a/Gemfile +++ b/Gemfile @@ -87,7 +87,7 @@ group :test do end group :production do - gem 'lograge', '~> 0.13.0' + gem 'lograge', '~> 0.14.0' gem 'remote_syslog_logger' end diff --git a/Gemfile.lock b/Gemfile.lock index e6a36cba..f10c05c3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -215,12 +215,12 @@ GEM rake (~> 13.0) lodash-rails (4.17.21) railties (>= 3.1) - lograge (0.13.0) + lograge (0.14.0) actionpack (>= 4) activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.21.3) + loofah (2.21.4) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.8.1) @@ -423,7 +423,7 @@ GEM websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.6.11) + zeitwerk (2.6.12) PLATFORMS ruby @@ -448,7 +448,7 @@ DEPENDENCIES jwt (~> 2.2.2) listen (~> 3.0.5) lodash-rails - lograge (~> 0.13.0) + lograge (~> 0.14.0) minitest-stub_any_instance oauth (~> 0.5.1) oauthenticator (~> 1.4, >= 1.4.1) From e4ed29be42264d4b8a4a14f82d83883e0a2fc109 Mon Sep 17 00:00:00 2001 From: Jesus Federico Date: Fri, 24 Nov 2023 13:27:34 -0500 Subject: [PATCH 08/13] fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#178) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 Co-authored-by: snyk-bot --- Gemfile | 2 +- Gemfile.lock | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Gemfile b/Gemfile index ce759f53..a0834ce7 100644 --- a/Gemfile +++ b/Gemfile @@ -67,7 +67,7 @@ group :development, :test do gem 'byebug', platform: :mri gem 'dotenv-rails' gem 'rspec' - gem 'rspec-rails', '>= 6.0.2' + gem 'rspec-rails', '>= 6.0.4' end group :development do diff --git a/Gemfile.lock b/Gemfile.lock index f10c05c3..f1c250a7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -220,7 +220,7 @@ GEM activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.21.4) + loofah (2.22.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.8.1) @@ -231,7 +231,7 @@ GEM marcel (1.0.2) method_source (1.0.0) mini_mime (1.1.5) - mini_portile2 (2.8.4) + mini_portile2 (2.8.5) minitest (5.20.0) minitest-stub_any_instance (1.0.3) multi_json (1.15.0) @@ -246,10 +246,10 @@ GEM net-smtp (0.3.3) net-protocol nio4r (2.5.9) - nokogiri (1.15.4) + nokogiri (1.15.5) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.15.4-x86_64-linux) + nokogiri (1.15.5-x86_64-linux) racc (~> 1.4) oauth (0.5.14) oauthenticator (1.4.1) @@ -268,7 +268,7 @@ GEM public_suffix (5.0.3) puma (6.3.1) nio4r (~> 2.0) - racc (1.7.1) + racc (1.7.3) rack (2.2.8) rack-test (2.1.0) rack (>= 1.3) @@ -301,7 +301,7 @@ GEM rake (>= 12.2) thor (~> 1.0) rainbow (3.1.1) - rake (13.0.6) + rake (13.1.0) rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) @@ -333,7 +333,7 @@ GEM rspec-mocks (3.12.6) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) - rspec-rails (6.0.3) + rspec-rails (6.1.0) actionpack (>= 6.1) activesupport (>= 6.1) railties (>= 6.1) @@ -395,7 +395,7 @@ GEM tins (~> 1.0) terser (1.1.17) execjs (>= 0.3.0, < 3) - thor (1.2.2) + thor (1.3.0) tilt (2.2.0) timeout (0.4.0) tins (1.32.1) @@ -462,7 +462,7 @@ DEPENDENCIES remote_syslog_logger repost (~> 0.3.8) rspec - rspec-rails (>= 6.0.2) + rspec-rails (>= 6.0.4) rubocop (~> 1.54) rubocop-rails (~> 2.21, >= 2.21.0) sass-rails (>= 6.0.0) From ecdbf8d7f0aa3082bc22f943a5169ba94dea0612 Mon Sep 17 00:00:00 2001 From: Jesus Federico Date: Fri, 24 Nov 2023 13:31:12 -0500 Subject: [PATCH 09/13] [Snyk] Security upgrade doorkeeper from 5.6.6 to 5.6.7 (#179) * fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 * Update Gemfile.lock --------- Co-authored-by: snyk-bot --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index a0834ce7..18692325 100644 --- a/Gemfile +++ b/Gemfile @@ -41,7 +41,7 @@ gem 'redis', '~> 4.2' gem 'jwt', '~> 2.2.2' gem 'oauth', '~> 0.5.1' -gem 'doorkeeper', '~> 5.6.6' +gem 'doorkeeper', '~> 5.6.7' gem 'repost', '~> 0.3.8' gem 'lodash-rails' diff --git a/Gemfile.lock b/Gemfile.lock index f1c250a7..d73f1ee5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -139,7 +139,7 @@ GEM docile (1.4.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - doorkeeper (5.6.6) + doorkeeper (5.6.7) railties (>= 5) dotenv (2.8.1) dotenv-rails (2.8.1) @@ -437,7 +437,7 @@ DEPENDENCIES byebug coffee-rails (~> 5.0, >= 5.0.0) coveralls - doorkeeper (~> 5.6.6) + doorkeeper (~> 5.6.7) dotenv-rails faraday font-awesome-sass (~> 6.4.0) From f5508528de46b78cefb9e56a711932a13b89e611 Mon Sep 17 00:00:00 2001 From: Jesus Federico Date: Tue, 19 Dec 2023 13:16:44 -0500 Subject: [PATCH 10/13] LTI-283: added variable for prefixing redis cache (#182) --- config/cable.yml | 3 +-- dotenv | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/cable.yml b/config/cable.yml index 109773e1..ea27a1d5 100755 --- a/config/cable.yml +++ b/config/cable.yml @@ -6,5 +6,4 @@ test: production: adapter: <%= ENV['CABLE_ADAPTER'] || 'async' %> - # adapter: redis - # url: redis://localhost:6379/1 + channel_prefix: <%= ENV.fetch("REDIS_PREFIX") { "bbb-lti-broker" } %> \ No newline at end of file diff --git a/dotenv b/dotenv index c3023251..3a446b4f 100644 --- a/dotenv +++ b/dotenv @@ -33,6 +33,7 @@ RAILS_SERVE_STATIC_FILES=true ## Enable redis for actioncable # REDIS_URL=redis://myuser:mypass@localhost +REDIS_PREFIX=bbb-lti-broker # Only needed for Docker Compose. ## Change DOCKER_REPO when using a repo other than bigbluebutton From 7de927e2942fa37d02cc4b3431ead17e00546de8 Mon Sep 17 00:00:00 2001 From: Mariam A Date: Tue, 19 Dec 2023 13:44:19 -0500 Subject: [PATCH 11/13] LTI-282: fix app:delete rake task (#181) * LTI-282: fix app:delete rake task * change allowed ip --------- Co-authored-by: Jesus Federico --- config/environments/development.rb | 2 +- lib/tasks/db_apps.rake | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/config/environments/development.rb b/config/environments/development.rb index 49d246d7..3e9dd8fe 100755 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -27,7 +27,7 @@ config.cache_classes = false # Whitelist IPs - config.web_console.whitelisted_ips = '10.0.0.0/16' + config.web_console.allowed_ips = '0.0.0.0/0' # Do not eager load code on boot. config.eager_load = false diff --git a/lib/tasks/db_apps.rake b/lib/tasks/db_apps.rake index 58cfd8a3..28b2dde4 100644 --- a/lib/tasks/db_apps.rake +++ b/lib/tasks/db_apps.rake @@ -81,10 +81,8 @@ namespace :db do puts("App '#{args[:name]}' does not exist, it can not be deleted") exit(1) end - blti_apps.each do |app| - app.delete - puts("App '#{args[:name]}' was deleted") - end + blti_apps.each(&:destroy) + puts("Apps with name '#{args[:name]}' were successfully destroyed") rescue StandardError => e puts(e.backtrace) exit(1) From ab548872004db5f17602b4c331999a3fc8d8d0eb Mon Sep 17 00:00:00 2001 From: Anton Georgiev Date: Tue, 19 Dec 2023 14:05:36 -0500 Subject: [PATCH 12/13] [Snyk] Security upgrade doorkeeper from 5.6.7 to 5.6.8 (#180) * fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 * Update Gemfile.lock --------- Co-authored-by: snyk-bot Co-authored-by: Jesus Federico --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 18692325..8dc32579 100644 --- a/Gemfile +++ b/Gemfile @@ -41,7 +41,7 @@ gem 'redis', '~> 4.2' gem 'jwt', '~> 2.2.2' gem 'oauth', '~> 0.5.1' -gem 'doorkeeper', '~> 5.6.7' +gem 'doorkeeper', '~> 5.6.8' gem 'repost', '~> 0.3.8' gem 'lodash-rails' diff --git a/Gemfile.lock b/Gemfile.lock index d73f1ee5..48e77916 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -139,7 +139,7 @@ GEM docile (1.4.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - doorkeeper (5.6.7) + doorkeeper (5.6.8) railties (>= 5) dotenv (2.8.1) dotenv-rails (2.8.1) @@ -437,7 +437,7 @@ DEPENDENCIES byebug coffee-rails (~> 5.0, >= 5.0.0) coveralls - doorkeeper (~> 5.6.7) + doorkeeper (~> 5.6.8) dotenv-rails faraday font-awesome-sass (~> 6.4.0) From ae299d5102b3a8a9d09866b51f0b422eb8643386 Mon Sep 17 00:00:00 2001 From: Anton Georgiev Date: Mon, 22 Jan 2024 15:29:53 -0500 Subject: [PATCH 13/13] [Snyk] Security upgrade puma from 6.3.1 to 6.4.2 (#183) * fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-PUMA-6146928 * Update Gemfile.lock --------- Co-authored-by: snyk-bot Co-authored-by: Jesus Federico --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 8dc32579..6fd1d6b7 100644 --- a/Gemfile +++ b/Gemfile @@ -10,7 +10,7 @@ gem 'rails', '~> 6.1', '>= 6.1.7.5' # Use postgres as the database for Active Record gem 'pg', '>= 0.4.4' # Use Puma as the app server -gem 'puma', '>= 6.3.1' +gem 'puma', '>= 6.4.2' # Use SCSS for stylesheets gem 'sass-rails', '>= 6.0.0' # Use Uglifier as compressor for JavaScript assets diff --git a/Gemfile.lock b/Gemfile.lock index 48e77916..0f1a47e2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -245,7 +245,7 @@ GEM timeout net-smtp (0.3.3) net-protocol - nio4r (2.5.9) + nio4r (2.7.0) nokogiri (1.15.5) mini_portile2 (~> 2.8.2) racc (~> 1.4) @@ -266,7 +266,7 @@ GEM psych (5.1.0) stringio public_suffix (5.0.3) - puma (6.3.1) + puma (6.4.2) nio4r (~> 2.0) racc (1.7.3) rack (2.2.8) @@ -453,7 +453,7 @@ DEPENDENCIES oauth (~> 0.5.1) oauthenticator (~> 1.4, >= 1.4.1) pg (>= 0.4.4) - puma (>= 6.3.1) + puma (>= 6.4.2) rails (~> 6.1, >= 6.1.7.5) rails_lti2_provider! rdoc