From 000b810f688cee80a1e71ca07b04be3b34c09d96 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 2 Aug 2024 07:53:20 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-7577227 - https://snyk.io/vuln/SNYK-RUBY-REXML-7577228 --- Gemfile | 12 ++++---- Gemfile.lock | 86 ++++++++++++++++++++++++++++------------------------ 2 files changed, 53 insertions(+), 45 deletions(-) diff --git a/Gemfile b/Gemfile index 1f14f4af..b98b80b7 100644 --- a/Gemfile +++ b/Gemfile @@ -129,14 +129,14 @@ group :development, :test do # Model factories gem 'factory_bot_rails', '>= 5.1.1' gem 'rspec-rails', '>= 3.9.0' - gem 'rubocop', require: false + gem 'rubocop', '>= 1.26.0', require: false gem 'rubocop-faker', require: false gem 'rubocop-i18n', require: false - gem 'rubocop-md', require: false - gem 'rubocop-performance', require: false - gem 'rubocop-rails', '>= 2.4.2', require: false + gem 'rubocop-md', '>= 1.1.0', require: false + gem 'rubocop-performance', '>= 1.13.3', require: false + gem 'rubocop-rails', '>= 2.14.0', require: false gem 'rubocop-rake', require: false - gem 'rubocop-rspec', require: false + gem 'rubocop-rspec', '>= 2.9.0', require: false end group :test do @@ -145,7 +145,7 @@ group :test do gem 'shoulda-matchers', '>= 4.2.0', require: false gem 'simplecov', require: false gem 'test-prof', require: false - gem 'webmock', require: false + gem 'webmock', '>= 3.20.0', require: false end # Heroku compatibility diff --git a/Gemfile.lock b/Gemfile.lock index 7758495a..e0e72a31 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -79,8 +79,8 @@ GEM zeitwerk (~> 2.3) acts-as-taggable-on (9.0.1) activerecord (>= 6.0, < 7.1) - addressable (2.8.5) - public_suffix (>= 2.0.2, < 6.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) airbrussh (1.4.0) sshkit (>= 1.6.1, != 1.7.0) annotate (3.2.0) @@ -96,6 +96,7 @@ GEM execjs (~> 2) awesome_print (1.9.2) bcrypt (3.1.19) + bigdecimal (3.1.8) bindex (0.8.1) bootsnap (1.11.1) msgpack (~> 1.2) @@ -123,9 +124,10 @@ GEM codecov (0.6.0) simplecov (>= 0.15, < 0.22) coderay (1.1.3) - concurrent-ruby (1.2.2) + concurrent-ruby (1.3.3) connection_pool (2.2.5) - crack (0.4.5) + crack (1.0.0) + bigdecimal rexml crass (1.0.6) database_cleaner (2.0.2) @@ -198,7 +200,7 @@ GEM has_scope (0.8.0) actionpack (>= 5.2) activesupport (>= 5.2) - hashdiff (1.0.1) + hashdiff (1.1.0) hashie (5.0.0) high_voltage (3.1.2) hiredis (0.6.3) @@ -211,7 +213,7 @@ GEM http-cookie (1.0.5) domain_name (~> 0.5) http-form_data (2.3.0) - i18n (1.14.1) + i18n (1.14.5) concurrent-ruby (~> 1.0) icalendar (2.7.1) ice_cube (~> 0.16) @@ -239,6 +241,7 @@ GEM activerecord kaminari-core (= 1.2.2) kaminari-core (1.2.2) + language_server-protocol (3.17.0.3) launchy (2.5.0) addressable (~> 2.7) letter_opener (1.8.1) @@ -269,7 +272,7 @@ GEM mini_magick (4.11.0) mini_mime (1.1.2) mini_portile2 (2.8.4) - minitest (5.20.0) + minitest (5.24.1) msgpack (1.5.1) multi_json (1.15.0) multi_xml (0.6.0) @@ -328,9 +331,10 @@ GEM omniauth-oauth2 (>= 1.5, <= 1.6) orm_adapter (0.5.0) ox (2.14.17) - parallel (1.22.1) - parser (3.1.1.0) + parallel (1.25.1) + parser (3.3.4.0) ast (~> 2.4.1) + racc pg (1.5.4) postrank-uri (1.0.24) addressable (>= 2.4.0) @@ -350,7 +354,7 @@ GEM puma rack racc (1.7.1) - rack (2.2.8) + rack (2.2.9) rack-proxy (0.7.7) rack rack-test (2.1.0) @@ -400,7 +404,7 @@ GEM psych (>= 4.0.0) redcarpet (3.6.0) redis (4.6.0) - regexp_parser (2.8.1) + regexp_parser (2.9.2) request_store (1.5.1) rack (>= 1.4) responders (3.0.1) @@ -411,7 +415,8 @@ GEM http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) - rexml (3.2.6) + rexml (3.3.4) + strscan rollbar (3.3.0) rspec-core (3.12.2) rspec-support (~> 3.12.0) @@ -430,36 +435,39 @@ GEM rspec-mocks (~> 3.12) rspec-support (~> 3.12) rspec-support (3.12.1) - rubocop (1.25.1) + rubocop (1.65.1) + json (~> 2.3) + language_server-protocol (>= 3.17.0) parallel (~> 1.10) - parser (>= 3.1.0.0) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) - rexml - rubocop-ast (>= 1.15.1, < 2.0) + regexp_parser (>= 2.4, < 3.0) + rexml (>= 3.2.5, < 4.0) + rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.16.0) - parser (>= 3.1.1.0) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.31.3) + parser (>= 3.3.1.0) rubocop-faker (1.1.0) faker (>= 2.12.0) rubocop (>= 0.82.0) rubocop-i18n (3.0.0) rubocop (~> 1.0) - rubocop-md (1.0.1) + rubocop-md (1.2.2) rubocop (>= 1.0) - rubocop-performance (1.13.2) - rubocop (>= 1.7.0, < 2.0) - rubocop-ast (>= 0.4.0) - rubocop-rails (2.13.2) + rubocop-performance (1.21.1) + rubocop (>= 1.48.1, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) + rubocop-rails (2.25.1) activesupport (>= 4.2.0) rack (>= 1.1) - rubocop (>= 1.7.0, < 2.0) + rubocop (>= 1.33.0, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) rubocop-rake (0.6.0) rubocop (~> 1.0) - rubocop-rspec (2.8.0) - rubocop (~> 1.19) - ruby-progressbar (1.11.0) + rubocop-rspec (3.0.3) + rubocop (~> 1.61) + ruby-progressbar (1.13.0) ruby-vips (2.1.4) ffi (~> 1.12) ruby2_keywords (0.0.5) @@ -529,7 +537,7 @@ GEM unf_ext unf_ext (0.0.8.2) unicode (0.4.4.4) - unicode-display_width (2.4.2) + unicode-display_width (2.5.0) warden (1.2.9) rack (>= 2.0.9) web-console (4.2.1) @@ -537,7 +545,7 @@ GEM activemodel (>= 6.0.0) bindex (>= 0.4.0) railties (>= 6.0.0) - webmock (3.19.1) + webmock (3.23.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -549,7 +557,7 @@ GEM websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.6.12) + zeitwerk (2.6.17) PLATFORMS ruby @@ -615,14 +623,14 @@ DEPENDENCIES redis rollbar rspec-rails (>= 3.9.0) - rubocop + rubocop (>= 1.26.0) rubocop-faker rubocop-i18n - rubocop-md - rubocop-performance - rubocop-rails (>= 2.4.2) + rubocop-md (>= 1.1.0) + rubocop-performance (>= 1.13.3) + rubocop-rails (>= 2.14.0) rubocop-rake - rubocop-rspec + rubocop-rspec (>= 2.9.0) ruby-vips sassc-rails (>= 2.1.2) sdoc @@ -640,11 +648,11 @@ DEPENDENCIES uglifier unicode web-console (>= 4.2.1) - webmock + webmock (>= 3.20.0) webpacker RUBY VERSION ruby 3.2.2p53 BUNDLED WITH - 2.3.26 + 2.4.6