From d9e554f4ce6b297aeca642e3cc4e5adf778ac4c3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 23 Aug 2024 09:06:18 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-7814166 --- Gemfile | 8 +-- Gemfile.lock | 152 +++++++++++++++++++++++++++------------------------ 2 files changed, 86 insertions(+), 74 deletions(-) diff --git a/Gemfile b/Gemfile index 525929f9..400bca86 100644 --- a/Gemfile +++ b/Gemfile @@ -57,7 +57,7 @@ gem 'sentry-raven', group: [:production] group :development, :test do gem 'pry-rails' gem 'apollo-tracing' - gem 'solargraph' + gem 'solargraph', '>= 0.45.0' end group :development do @@ -69,7 +69,7 @@ group :development do # run some pre commit hooks gem 'pre-commit', require: false - gem 'rubocop', '>= 1.7.0', require: false + gem 'rubocop', '>= 1.27.0', require: false # https://github.com/tmm1/stackprof # sampling call-stack profiler for ruby @@ -84,8 +84,8 @@ group :test, :development do gem 'shoulda-matchers', '~> 5.1.0' gem 'simplecov', require: false gem 'factory_bot_rails', '>= 6.2.0' - gem 'rubocop-rails_config', '>= 1.9.1' - gem 'rubocop-rspec', '>= 2.1.0' + gem 'rubocop-rails_config', '>= 1.9.2' + gem 'rubocop-rspec', '>= 2.10.0' gem 'json-schema-rspec' end gem "kredis", "~> 1.3" diff --git a/Gemfile.lock b/Gemfile.lock index b1cdbee0..2ab636d2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -75,10 +75,10 @@ GEM graphql (>= 1.7.0, < 2) ast (2.4.2) backport (1.2.0) - benchmark (0.2.0) + benchmark (0.3.0) benchmark-ips (2.10.0) brotli (0.4.0) - builder (3.2.4) + builder (3.3.0) bullet (7.0.1) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) @@ -86,7 +86,7 @@ GEM cld3 (3.4.3) ffi (>= 1.1.0, < 1.16.0) coderay (1.1.3) - concurrent-ruby (1.1.10) + concurrent-ruby (1.3.4) connection_pool (2.3.0) crass (1.0.6) dead_end (3.1.1) @@ -102,7 +102,7 @@ GEM rake (> 10, < 14) ruby-statistics (>= 2.1) thor (>= 0.19, < 2) - diff-lcs (1.5.0) + diff-lcs (1.5.1) digest (3.1.0) docile (1.4.0) e2mmap (0.1.0) @@ -121,7 +121,7 @@ GEM elasticsearch-transport (7.17.1) faraday (~> 1) multi_json - erubi (1.10.0) + erubi (1.13.0) ethon (0.15.0) ffi (>= 1.15.0) factory_bot (6.2.1) @@ -165,33 +165,35 @@ GEM hashie (5.0.0) heapy (0.2.0) thor - i18n (1.10.0) + i18n (1.14.5) concurrent-ruby (~> 1.0) - jaro_winkler (1.5.4) + jaro_winkler (1.6.0) + json (2.7.2) json-schema (2.8.1) addressable (>= 2.4) json-schema-rspec (0.0.4) json-schema (~> 2.5) rspec - kramdown (2.3.2) + kramdown (2.4.0) rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) kredis (1.3.0.1) activesupport (>= 6.0.0) redis (>= 4.2, < 6) - loofah (2.19.1) + language_server-protocol (3.17.0.3) + loofah (2.22.0) crass (~> 1.0.2) - nokogiri (>= 1.5.9) + nokogiri (>= 1.12.0) mail (2.7.1) mini_mime (>= 0.1.1) marcel (1.0.2) memory_profiler (1.0.0) - method_source (1.0.0) + method_source (1.1.0) mini_histogram (0.3.1) mini_mime (1.1.2) - mini_portile2 (2.8.0) - minitest (5.15.0) + mini_portile2 (2.8.7) + minitest (5.25.1) multi_json (1.15.0) multipart-post (2.1.1) net-imap (0.2.3) @@ -209,16 +211,17 @@ GEM net-protocol timeout nio4r (2.5.8) - nokogiri (1.13.10) - mini_portile2 (~> 2.8.0) + nokogiri (1.16.7) + mini_portile2 (~> 2.8.2) racc (~> 1.4) oj (3.13.11) oj_mimic_json (1.0.1) pagy (5.10.1) activesupport - parallel (1.22.1) - parser (3.1.1.0) + parallel (1.26.3) + parser (3.3.4.2) ast (~> 2.4.1) + racc pg (1.3.5) pluginator (1.5.0) pre-commit (0.39.0) @@ -231,15 +234,15 @@ GEM public_suffix (4.0.6) puma (4.3.12) nio4r (~> 2.0) - racc (1.6.1) - rack (2.2.3) + racc (1.8.1) + rack (2.2.9) rack-brotli (1.2.0) brotli (>= 0.1.7) rack (>= 1.4) rack-cors (1.1.1) rack (>= 2.0.0) - rack-test (1.1.0) - rack (>= 1.0, < 3) + rack-test (2.1.0) + rack (>= 1.3) rails (7.0.2.3) actioncable (= 7.0.2.3) actionmailbox (= 7.0.2.3) @@ -254,11 +257,13 @@ GEM activesupport (= 7.0.2.3) bundler (>= 1.15.0) railties (= 7.0.2.3) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.4.4) - loofah (~> 2.19, >= 2.19.1) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) railties (7.0.2.3) actionpack (= 7.0.2.3) activesupport (= 7.0.2.3) @@ -267,15 +272,17 @@ GEM thor (~> 1.0) zeitwerk (~> 2.5) rainbow (3.1.1) - rake (13.0.6) + rake (13.2.1) + rbs (2.8.4) redis (5.0.6) redis-client (>= 0.9.0) redis-client (0.14.0) connection_pool - regexp_parser (2.2.1) + regexp_parser (2.9.2) reverse_markdown (2.1.1) nokogiri - rexml (3.2.5) + rexml (3.3.6) + strscan rspec (3.11.0) rspec-core (~> 3.11.0) rspec-expectations (~> 3.11.0) @@ -297,39 +304,45 @@ GEM rspec-mocks (~> 3.10) rspec-support (~> 3.10) rspec-support (3.11.0) - rubocop (1.26.1) + rubocop (1.65.1) + json (~> 2.3) + language_server-protocol (>= 3.17.0) parallel (~> 1.10) - parser (>= 3.1.0.0) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8, < 3.0) - rexml - rubocop-ast (>= 1.16.0, < 2.0) + regexp_parser (>= 2.4, < 3.0) + rexml (>= 3.2.5, < 4.0) + rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.16.0) - parser (>= 3.1.1.0) - rubocop-minitest (0.19.0) - rubocop (>= 0.90, < 2.0) - rubocop-packaging (0.5.1) - rubocop (>= 0.89, < 2.0) - rubocop-performance (1.13.3) - rubocop (>= 1.7.0, < 2.0) - rubocop-ast (>= 0.4.0) - rubocop-rails (2.14.2) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.32.1) + parser (>= 3.3.1.0) + rubocop-md (1.2.2) + rubocop (>= 1.0) + rubocop-minitest (0.35.1) + rubocop (>= 1.61, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) + rubocop-packaging (0.5.2) + rubocop (>= 1.33, < 2.0) + rubocop-performance (1.21.1) + rubocop (>= 1.48.1, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) + rubocop-rails (2.25.1) activesupport (>= 4.2.0) rack (>= 1.1) - rubocop (>= 1.7.0, < 2.0) - rubocop-rails_config (1.9.1) - railties (>= 5.0) - rubocop (>= 1.25.1) - rubocop-ast (>= 1.0.1) - rubocop-minitest (~> 0.15) + rubocop (>= 1.33.0, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) + rubocop-rails_config (1.16.0) + rubocop (>= 1.57.0) + rubocop-ast (>= 1.26.0) + rubocop-md + rubocop-minitest (~> 0.22) rubocop-packaging (~> 0.5) rubocop-performance (~> 1.11) rubocop-rails (~> 2.0) - rubocop-rspec (2.9.0) - rubocop (~> 1.19) - ruby-progressbar (1.11.0) + rubocop-rspec (3.0.4) + rubocop (~> 1.61) + ruby-progressbar (1.13.0) ruby-statistics (3.0.0) ruby2_keywords (0.0.5) sentry-raven (3.1.2) @@ -342,43 +355,42 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) - solargraph (0.44.3) + solargraph (0.50.0) backport (~> 1.2) benchmark - bundler (>= 1.17.2) + bundler (~> 2.0) diff-lcs (~> 1.4) e2mmap jaro_winkler (~> 1.5) kramdown (~> 2.3) kramdown-parser-gfm (~> 1.1) parser (~> 3.0) - reverse_markdown (>= 1.0.5, < 3) - rubocop (>= 0.52) + rbs (~> 2.0) + reverse_markdown (~> 2.0) + rubocop (~> 1.38) thor (~> 1.0) tilt (~> 2.0) yard (~> 0.9, >= 0.9.24) stackprof (0.2.19) strscan (3.0.1) - thor (1.2.1) - tilt (2.0.10) + thor (1.3.1) + tilt (2.4.0) timeout (0.2.0) turbostreamer (1.9.0) activesupport (>= 5.0.0) typhoeus (1.4.0) ethon (>= 0.9.0) - tzinfo (2.0.4) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) tzinfo-data (1.2022.1) tzinfo (>= 1.0.0) - unicode-display_width (2.1.0) + unicode-display_width (2.5.0) uniform_notifier (1.16.0) - webrick (1.7.0) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - yard (0.9.27) - webrick (~> 1.7.0) - zeitwerk (2.5.4) + yard (0.9.36) + zeitwerk (2.6.17) PLATFORMS ruby @@ -411,14 +423,14 @@ DEPENDENCIES rails (~> 7.0.2, >= 7.0.2.3) rails-html-sanitizer (>= 1.4.4) rspec-rails (= 5.0.2) - rubocop (>= 1.7.0) - rubocop-rails_config (>= 1.9.1) - rubocop-rspec (>= 2.1.0) + rubocop (>= 1.27.0) + rubocop-rails_config (>= 1.9.2) + rubocop-rspec (>= 2.10.0) ruby-progressbar sentry-raven shoulda-matchers (~> 5.1.0) simplecov - solargraph + solargraph (>= 0.45.0) stackprof turbostreamer (= 1.9) typhoeus @@ -428,4 +440,4 @@ RUBY VERSION ruby 3.1.0p0 BUNDLED WITH - 2.3.3 + 2.3.26