From 87d467086d89daacd0281ed7957d734345425f85 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 28 Jun 2025 08:32:38 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598 - https://snyk.io/vuln/SNYK-RUBY-GIT-2421270 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848599 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1293239 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056551 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056552 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056553 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056554 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056555 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-7164639 - https://snyk.io/vuln/SNYK-RUBY-RAKE-552000 - https://snyk.io/vuln/SNYK-RUBY-JSON-560838 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-8732769 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-8732779 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-534637 - https://snyk.io/vuln/SNYK-RUBY-RACK-10074187 - https://snyk.io/vuln/SNYK-RUBY-RACK-9398129 - https://snyk.io/vuln/SNYK-RUBY-RACK-572377 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2413994 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-459107 - https://snyk.io/vuln/SNYK-RUBY-RDOC-1279617 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 - https://snyk.io/vuln/SNYK-RUBY-GIT-3227617 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159 - https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-1316242 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1726792 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-72433 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848600 - https://snyk.io/vuln/SNYK-RUBY-RACK-3356639 - https://snyk.io/vuln/SNYK-RUBY-RACK-569066 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274385 - https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-9510795 - https://snyk.io/vuln/SNYK-RUBY-RACK-8720151 - https://snyk.io/vuln/SNYK-RUBY-RDOC-1316279 - https://snyk.io/vuln/SNYK-RUBY-RACK-9058602 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357693 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6228056 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028 - https://snyk.io/vuln/SNYK-RUBY-RACK-72567 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242 - https://snyk.io/vuln/SNYK-RUBY-RACK-3237233 - https://snyk.io/vuln/SNYK-RUBY-RACK-3237237 - https://snyk.io/vuln/SNYK-RUBY-RACK-3237240 - https://snyk.io/vuln/SNYK-RUBY-RACK-3360233 - https://snyk.io/vuln/SNYK-RUBY-RACK-538324 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274383 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274384 - https://snyk.io/vuln/SNYK-RUBY-RACK-72566 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-9510789 - https://snyk.io/vuln/SNYK-RUBY-RDOC-6476871 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-9789079 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1055008 - https://snyk.io/vuln/SNYK-RUBY-RACK-10074188 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-8453714 --- Gemfile | 4 +- Gemfile.lock | 130 ++++++++++++++++++++++++++++++++++----------------- 2 files changed, 90 insertions(+), 44 deletions(-) diff --git a/Gemfile b/Gemfile index e88f4ed..c3866c7 100644 --- a/Gemfile +++ b/Gemfile @@ -12,10 +12,10 @@ gem 'activesupport', '>= 3.0' # Include everything needed to run rake, tests, features, etc. group :development do gem 'rspec' - gem "shoulda", ">= 0" + gem "shoulda", ">= 3.6.0" gem "rdoc", "~> 3.12" gem "bundler", "~> 1.0" - gem "juwelier", "~> 2.1.0" + gem "juwelier", "~> 2.2.1" gem "simplecov", ">= 0" gem 'webmock' end diff --git a/Gemfile.lock b/Gemfile.lock index e62b012..031df6f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,15 +1,27 @@ GEM remote: https://rubygems.org/ specs: - activesupport (5.1.4) + activesupport (7.1.5.1) + base64 + benchmark (>= 0.3) + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) - minitest (~> 5.1) - tzinfo (~> 1.1) - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) - builder (3.2.3) - concurrent-ruby (1.0.5) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + logger (>= 1.4.2) + minitest (>= 5.1) + mutex_m + securerandom (>= 0.3) + tzinfo (~> 2.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) + base64 (0.3.0) + benchmark (0.4.1) + bigdecimal (3.2.2) + builder (3.3.0) + concurrent-ruby (1.3.5) + connection_pool (2.5.3) crack (0.4.3) safe_yaml (~> 1.0.0) descendants_tracker (0.0.4) @@ -18,6 +30,7 @@ GEM docile (1.1.5) domain_name (0.5.20170404) unf (>= 0.0.5, < 1.0.0) + drb (2.2.3) dry-configurable (0.7.0) concurrent-ruby (~> 1.0) dry-container (0.6.0) @@ -46,18 +59,41 @@ GEM dry-equalizer (~> 0.2) dry-logic (~> 0.4, >= 0.4.0) dry-types (~> 0.12.0) - faraday (0.12.2) - multipart-post (>= 1.2, < 3) - git (1.3.0) - github_api (0.18.2) + faraday (1.10.4) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) + faraday-excon (~> 1.1) + faraday-httpclient (~> 1.0) + faraday-multipart (~> 1.0) + faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.0) + faraday-patron (~> 1.0) + faraday-rack (~> 1.0) + faraday-retry (~> 1.0) + ruby2_keywords (>= 0.0.4) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.1) + faraday-excon (1.1.0) + faraday-httpclient (1.0.1) + faraday-multipart (1.1.1) + multipart-post (~> 2.0) + faraday-net_http (1.0.2) + faraday-net_http_persistent (1.2.0) + faraday-patron (1.0.0) + faraday-rack (1.0.0) + faraday-retry (1.0.3) + git (1.19.1) + addressable (~> 2.8) + rchardet (~> 1.8) + github_api (0.19.0) addressable (~> 2.4) descendants_tracker (~> 0.0.4) - faraday (~> 0.8) + faraday (>= 0.8, < 2) hashie (~> 3.5, >= 3.5.2) oauth2 (~> 1.0) hashdiff (0.3.7) - hashie (3.5.7) - highline (1.7.10) + hashie (3.6.0) + highline (2.1.0) http (3.0.0) addressable (~> 2.3) http-cookie (~> 1.0) @@ -67,37 +103,45 @@ GEM domain_name (~> 0.5) http-form_data (2.0.0) http_parser.rb (0.6.0) - i18n (0.9.3) + i18n (1.14.7) concurrent-ruby (~> 1.0) inflecto (0.0.2) json (1.8.6) - juwelier (2.1.3) + juwelier (2.2.3) builder bundler (>= 1.13) git (>= 1.2.5) github_api highline (>= 1.6.15) nokogiri (>= 1.5.10) + psych (~> 2.2) rake rdoc semver - jwt (1.5.6) - mini_portile2 (2.3.0) - minitest (5.11.3) - multi_json (1.13.1) + jwt (2.10.1) + base64 + logger (1.7.0) + mini_portile2 (2.8.9) + minitest (5.25.5) + multi_json (1.15.0) multi_xml (0.6.0) - multipart-post (2.0.0) - nokogiri (1.8.2) - mini_portile2 (~> 2.3.0) - oauth2 (1.4.0) - faraday (>= 0.8, < 0.13) - jwt (~> 1.0) + multipart-post (2.4.1) + mutex_m (0.3.0) + nokogiri (1.15.7) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + oauth2 (1.4.11) + faraday (>= 0.17.3, < 3.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) - rack (>= 1.2, < 3) - public_suffix (3.0.1) - rack (2.0.4) - rake (12.3.0) + rack (>= 1.2, < 4) + psych (2.2.4) + public_suffix (5.1.1) + racc (1.8.1) + rack (3.1.16) + rake (13.3.0) + rchardet (1.8.0) rdoc (3.12.2) json (~> 1.4) rspec (3.7.0) @@ -113,22 +157,24 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.7.0) rspec-support (3.7.1) + ruby2_keywords (0.0.5) safe_yaml (1.0.4) + securerandom (0.3.2) semver (1.0.1) - shoulda (3.5.0) - shoulda-context (~> 1.0, >= 1.0.1) - shoulda-matchers (>= 1.4.1, < 3.0) - shoulda-context (1.2.2) - shoulda-matchers (2.8.0) - activesupport (>= 3.0.0) + shoulda (4.0.0) + shoulda-context (~> 2.0) + shoulda-matchers (~> 4.0) + shoulda-context (2.0.0) + shoulda-matchers (4.5.1) + activesupport (>= 4.2.0) simplecov (0.15.1) docile (~> 1.1.0) json (>= 1.8, < 3) simplecov-html (~> 0.10.0) simplecov-html (0.10.2) thread_safe (0.3.6) - tzinfo (1.2.4) - thread_safe (~> 0.1) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) unf (0.1.4) unf_ext unf_ext (0.0.7.4) @@ -146,12 +192,12 @@ DEPENDENCIES dry-initializer (~> 2.4) dry-validation (~> 0.11) http (~> 3.0) - juwelier (~> 2.1.0) + juwelier (~> 2.2.1) rdoc (~> 3.12) rspec - shoulda + shoulda (>= 3.6.0) simplecov webmock BUNDLED WITH - 1.16.1 + 1.17.3