From b5db886d007eaf2f693c4a2f38039dcad44fee1d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 8 Oct 2025 05:12:22 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-13378928 - https://snyk.io/vuln/SNYK-RUBY-RACK-13378930 - https://snyk.io/vuln/SNYK-RUBY-RACK-13378932 --- Gemfile | 2 +- Gemfile.lock | 168 ++++++++++++++++++++++++++------------------------- 2 files changed, 88 insertions(+), 82 deletions(-) diff --git a/Gemfile b/Gemfile index ce19368..309c346 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" } ruby '3.1.4' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 7.1', '>= 7.1.5.1' +gem 'rails', '~> 7.2', '>= 7.2.2.2' # Use sqlite3 as the database for Active Record gem 'sqlite3' # Use Puma as the app server diff --git a/Gemfile.lock b/Gemfile.lock index 0b387ef..a605d47 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,29 +1,29 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.2.2.1) - actionpack (= 7.2.2.1) - activesupport (= 7.2.2.1) + actioncable (7.2.2.2) + actionpack (= 7.2.2.2) + activesupport (= 7.2.2.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.2.2.1) - actionpack (= 7.2.2.1) - activejob (= 7.2.2.1) - activerecord (= 7.2.2.1) - activestorage (= 7.2.2.1) - activesupport (= 7.2.2.1) + actionmailbox (7.2.2.2) + actionpack (= 7.2.2.2) + activejob (= 7.2.2.2) + activerecord (= 7.2.2.2) + activestorage (= 7.2.2.2) + activesupport (= 7.2.2.2) mail (>= 2.8.0) - actionmailer (7.2.2.1) - actionpack (= 7.2.2.1) - actionview (= 7.2.2.1) - activejob (= 7.2.2.1) - activesupport (= 7.2.2.1) + actionmailer (7.2.2.2) + actionpack (= 7.2.2.2) + actionview (= 7.2.2.2) + activejob (= 7.2.2.2) + activesupport (= 7.2.2.2) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.2.2.1) - actionview (= 7.2.2.1) - activesupport (= 7.2.2.1) + actionpack (7.2.2.2) + actionview (= 7.2.2.2) + activesupport (= 7.2.2.2) nokogiri (>= 1.8.5) racc rack (>= 2.2.4, < 3.2) @@ -32,35 +32,35 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (7.2.2.1) - actionpack (= 7.2.2.1) - activerecord (= 7.2.2.1) - activestorage (= 7.2.2.1) - activesupport (= 7.2.2.1) + actiontext (7.2.2.2) + actionpack (= 7.2.2.2) + activerecord (= 7.2.2.2) + activestorage (= 7.2.2.2) + activesupport (= 7.2.2.2) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.2.2.1) - activesupport (= 7.2.2.1) + actionview (7.2.2.2) + activesupport (= 7.2.2.2) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.2.2.1) - activesupport (= 7.2.2.1) + activejob (7.2.2.2) + activesupport (= 7.2.2.2) globalid (>= 0.3.6) - activemodel (7.2.2.1) - activesupport (= 7.2.2.1) - activerecord (7.2.2.1) - activemodel (= 7.2.2.1) - activesupport (= 7.2.2.1) + activemodel (7.2.2.2) + activesupport (= 7.2.2.2) + activerecord (7.2.2.2) + activemodel (= 7.2.2.2) + activesupport (= 7.2.2.2) timeout (>= 0.4.0) - activestorage (7.2.2.1) - actionpack (= 7.2.2.1) - activejob (= 7.2.2.1) - activerecord (= 7.2.2.1) - activesupport (= 7.2.2.1) + activestorage (7.2.2.2) + actionpack (= 7.2.2.2) + activejob (= 7.2.2.2) + activerecord (= 7.2.2.2) + activesupport (= 7.2.2.2) marcel (~> 1.0) - activesupport (7.2.2.1) + activesupport (7.2.2.2) base64 benchmark (>= 0.3) bigdecimal @@ -76,9 +76,9 @@ GEM public_suffix (>= 2.0.2, < 7.0) archive-zip (0.12.0) io-like (~> 0.3.0) - base64 (0.2.0) - benchmark (0.4.0) - bigdecimal (3.1.9) + base64 (0.3.0) + benchmark (0.4.1) + bigdecimal (3.3.0) bindex (0.8.1) bootsnap (1.18.4) msgpack (~> 1.2) @@ -93,6 +93,7 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) + cgi (0.5.0) chromedriver-helper (2.1.1) archive-zip (~> 0.10) nokogiri (~> 1.8) @@ -105,11 +106,13 @@ GEM execjs coffee-script-source (1.12.2) concurrent-ruby (1.3.5) - connection_pool (2.5.0) + connection_pool (2.5.4) crass (1.0.6) date (3.4.1) - drb (2.2.1) + drb (2.2.3) duktape (2.7.0.0) + erb (4.0.4) + cgi (>= 0.3.3) erubi (1.13.1) execjs (2.10.0) faraday (2.12.2) @@ -120,7 +123,7 @@ GEM net-http (>= 0.5.0) ffi (1.17.1) fiber-storage (1.0.0) - globalid (1.2.1) + globalid (1.3.0) activesupport (>= 6.1) graphlient (0.8.0) faraday (~> 2.0) @@ -134,9 +137,9 @@ GEM graphql (>= 1.13.0) i18n (1.14.7) concurrent-ruby (~> 1.0) - io-console (0.8.0) + io-console (0.8.1) io-like (0.3.1) - irb (1.15.1) + irb (1.15.2) pp (>= 0.6.0) rdoc (>= 4.0.0) reline (>= 0.4.2) @@ -145,7 +148,7 @@ GEM activesupport (>= 5.0.0) json (2.10.2) logger (1.7.0) - loofah (2.24.0) + loofah (2.24.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.8.1) @@ -153,16 +156,16 @@ GEM net-imap net-pop net-smtp - marcel (1.0.4) + marcel (1.1.0) matrix (0.4.2) method_source (1.1.0) mini_mime (1.1.5) - mini_portile2 (2.8.8) - minitest (5.25.5) + mini_portile2 (2.8.9) + minitest (5.26.0) msgpack (1.8.0) net-http (0.6.0) uri - net-imap (0.5.6) + net-imap (0.5.12) date net-protocol net-pop (0.1.2) @@ -172,12 +175,12 @@ GEM net-smtp (0.5.1) net-protocol nio4r (2.7.4) - nokogiri (1.18.6) + nokogiri (1.18.10) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.18.6-arm64-darwin) + nokogiri (1.18.10-arm64-darwin) racc (~> 1.4) - pp (0.6.2) + pp (0.6.3) prettyprint prettyprint (0.2.0) pry (0.14.2) @@ -188,55 +191,57 @@ GEM pry (>= 0.13, < 0.15) pry-rails (0.3.11) pry (>= 0.13.0) - psych (5.2.3) + psych (5.2.6) date stringio public_suffix (6.0.1) puma (6.4.3) nio4r (~> 2.0) racc (1.8.1) - rack (3.1.12) - rack-session (2.1.0) + rack (3.1.17) + rack-session (2.1.1) base64 (>= 0.1.0) rack (>= 3.0.0) rack-test (2.2.0) rack (>= 1.3) rackup (2.2.1) rack (>= 3) - rails (7.2.2.1) - actioncable (= 7.2.2.1) - actionmailbox (= 7.2.2.1) - actionmailer (= 7.2.2.1) - actionpack (= 7.2.2.1) - actiontext (= 7.2.2.1) - actionview (= 7.2.2.1) - activejob (= 7.2.2.1) - activemodel (= 7.2.2.1) - activerecord (= 7.2.2.1) - activestorage (= 7.2.2.1) - activesupport (= 7.2.2.1) + rails (7.2.2.2) + actioncable (= 7.2.2.2) + actionmailbox (= 7.2.2.2) + actionmailer (= 7.2.2.2) + actionpack (= 7.2.2.2) + actiontext (= 7.2.2.2) + actionview (= 7.2.2.2) + activejob (= 7.2.2.2) + activemodel (= 7.2.2.2) + activerecord (= 7.2.2.2) + activestorage (= 7.2.2.2) + activesupport (= 7.2.2.2) bundler (>= 1.15.0) - railties (= 7.2.2.1) - rails-dom-testing (2.2.0) + railties (= 7.2.2.2) + rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) rails-html-sanitizer (1.6.2) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (7.2.2.1) - actionpack (= 7.2.2.1) - activesupport (= 7.2.2.1) + railties (7.2.2.2) + actionpack (= 7.2.2.2) + activesupport (= 7.2.2.2) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) zeitwerk (~> 2.6) - rake (13.2.1) - rdoc (6.13.0) + rake (13.3.0) + rdoc (6.15.0) + erb psych (>= 4.0.0) + tsort regexp_parser (2.10.0) - reline (0.6.0) + reline (0.6.2) io-console (~> 0.5) rexml (3.4.1) rubyzip (2.4.1) @@ -269,10 +274,11 @@ GEM sqlite3 (2.6.0) mini_portile2 (~> 2.8.0) sqlite3 (2.6.0-arm64-darwin) - stringio (3.1.6) - thor (1.3.2) + stringio (3.1.7) + thor (1.4.0) tilt (2.6.0) timeout (0.4.3) + tsort (0.2.0) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) @@ -290,7 +296,7 @@ GEM bindex (>= 0.4.0) railties (>= 6.0.0) websocket (1.2.11) - websocket-driver (0.7.7) + websocket-driver (0.8.0) base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -317,7 +323,7 @@ DEPENDENCIES pry-byebug pry-rails puma (~> 6.4.3) - rails (~> 7.1, >= 7.1.5.1) + rails (~> 7.2, >= 7.2.2.2) sass-rails (~> 6.0) selenium-webdriver (>= 4.21.1) sqlite3 @@ -330,4 +336,4 @@ RUBY VERSION ruby 3.1.4p223 BUNDLED WITH - 2.3.13 + 2.3.27