From 55e2fd2999387c86a67079c3404b03d77da06927 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 23 Jul 2025 02:17:04 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674179 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674176 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674184 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674192 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674188 --- Gemfile | 2 +- Gemfile.lock | 83 ++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 58 insertions(+), 27 deletions(-) diff --git a/Gemfile b/Gemfile index e88f4ed..c0b7ba1 100644 --- a/Gemfile +++ b/Gemfile @@ -15,7 +15,7 @@ group :development do gem "shoulda", ">= 0" gem "rdoc", "~> 3.12" gem "bundler", "~> 1.0" - gem "juwelier", "~> 2.1.0" + gem "juwelier", "~> 2.2.1" gem "simplecov", ">= 0" gem 'webmock' end diff --git a/Gemfile.lock b/Gemfile.lock index e62b012..7634fe7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -6,9 +6,10 @@ GEM i18n (~> 0.7) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) - builder (3.2.3) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) + base64 (0.3.0) + builder (3.3.0) concurrent-ruby (1.0.5) crack (0.4.3) safe_yaml (~> 1.0.0) @@ -46,18 +47,41 @@ GEM dry-equalizer (~> 0.2) dry-logic (~> 0.4, >= 0.4.0) dry-types (~> 0.12.0) - faraday (0.12.2) - multipart-post (>= 1.2, < 3) - git (1.3.0) - github_api (0.18.2) + faraday (1.10.4) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) + faraday-excon (~> 1.1) + faraday-httpclient (~> 1.0) + faraday-multipart (~> 1.0) + faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.0) + faraday-patron (~> 1.0) + faraday-rack (~> 1.0) + faraday-retry (~> 1.0) + ruby2_keywords (>= 0.0.4) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.1) + faraday-excon (1.1.0) + faraday-httpclient (1.0.1) + faraday-multipart (1.1.1) + multipart-post (~> 2.0) + faraday-net_http (1.0.2) + faraday-net_http_persistent (1.2.0) + faraday-patron (1.0.0) + faraday-rack (1.0.0) + faraday-retry (1.0.3) + git (1.19.1) + addressable (~> 2.8) + rchardet (~> 1.8) + github_api (0.19.0) addressable (~> 2.4) descendants_tracker (~> 0.0.4) - faraday (~> 0.8) + faraday (>= 0.8, < 2) hashie (~> 3.5, >= 3.5.2) oauth2 (~> 1.0) hashdiff (0.3.7) - hashie (3.5.7) - highline (1.7.10) + hashie (3.6.0) + highline (2.1.0) http (3.0.0) addressable (~> 2.3) http-cookie (~> 1.0) @@ -71,33 +95,39 @@ GEM concurrent-ruby (~> 1.0) inflecto (0.0.2) json (1.8.6) - juwelier (2.1.3) + juwelier (2.2.3) builder bundler (>= 1.13) git (>= 1.2.5) github_api highline (>= 1.6.15) nokogiri (>= 1.5.10) + psych (~> 2.2) rake rdoc semver - jwt (1.5.6) - mini_portile2 (2.3.0) + jwt (2.10.2) + base64 + mini_portile2 (2.8.9) minitest (5.11.3) - multi_json (1.13.1) + multi_json (1.15.0) multi_xml (0.6.0) - multipart-post (2.0.0) - nokogiri (1.8.2) - mini_portile2 (~> 2.3.0) - oauth2 (1.4.0) - faraday (>= 0.8, < 0.13) - jwt (~> 1.0) + multipart-post (2.4.1) + nokogiri (1.15.7) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + oauth2 (1.4.11) + faraday (>= 0.17.3, < 3.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) - rack (>= 1.2, < 3) - public_suffix (3.0.1) - rack (2.0.4) - rake (12.3.0) + rack (>= 1.2, < 4) + psych (2.2.4) + public_suffix (5.1.1) + racc (1.8.1) + rack (3.1.16) + rake (13.3.0) + rchardet (1.8.0) rdoc (3.12.2) json (~> 1.4) rspec (3.7.0) @@ -113,6 +143,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.7.0) rspec-support (3.7.1) + ruby2_keywords (0.0.5) safe_yaml (1.0.4) semver (1.0.1) shoulda (3.5.0) @@ -146,7 +177,7 @@ DEPENDENCIES dry-initializer (~> 2.4) dry-validation (~> 0.11) http (~> 3.0) - juwelier (~> 2.1.0) + juwelier (~> 2.2.1) rdoc (~> 3.12) rspec shoulda @@ -154,4 +185,4 @@ DEPENDENCIES webmock BUNDLED WITH - 1.16.1 + 1.17.3