From 1d9abba08bd6eeedc00adfa6d46b5347fac3bb08 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 16 Oct 2024 22:58:28 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIONMAILER-8220269
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-8220162
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-8220268
- https://snyk.io/vuln/SNYK-RUBY-ACTIONTEXT-8220270
---
Gemfile | 4 +-
Gemfile.lock | 248 ++++++++++++++++++++++++++-------------------------
2 files changed, 128 insertions(+), 124 deletions(-)
diff --git a/Gemfile b/Gemfile
index 086c82c..e0e72f8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -4,7 +4,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
ruby '~> 3.0'
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 6.1.3'
+gem 'rails', '~> 7.0.0'
# Use sqlite3 as the database for Active Record
gem 'sqlite3', '~> 1.4'
# Use Puma as the app server
@@ -49,4 +49,4 @@ end
# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
gem "twilio-ruby", "~> 5.46"
-gem "bootstrap", "~> 4.5"
+gem "bootstrap", "~> 4.6", ">= 4.6.2.1"
diff --git a/Gemfile.lock b/Gemfile.lock
index e10b481..567b63b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,101 +1,106 @@
GEM
remote: https://rubygems.org/
specs:
- actioncable (6.1.3.1)
- actionpack (= 6.1.3.1)
- activesupport (= 6.1.3.1)
+ actioncable (7.0.8.5)
+ actionpack (= 7.0.8.5)
+ activesupport (= 7.0.8.5)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
- actionmailbox (6.1.3.1)
- actionpack (= 6.1.3.1)
- activejob (= 6.1.3.1)
- activerecord (= 6.1.3.1)
- activestorage (= 6.1.3.1)
- activesupport (= 6.1.3.1)
+ actionmailbox (7.0.8.5)
+ actionpack (= 7.0.8.5)
+ activejob (= 7.0.8.5)
+ activerecord (= 7.0.8.5)
+ activestorage (= 7.0.8.5)
+ activesupport (= 7.0.8.5)
mail (>= 2.7.1)
- actionmailer (6.1.3.1)
- actionpack (= 6.1.3.1)
- actionview (= 6.1.3.1)
- activejob (= 6.1.3.1)
- activesupport (= 6.1.3.1)
+ net-imap
+ net-pop
+ net-smtp
+ actionmailer (7.0.8.5)
+ actionpack (= 7.0.8.5)
+ actionview (= 7.0.8.5)
+ activejob (= 7.0.8.5)
+ activesupport (= 7.0.8.5)
mail (~> 2.5, >= 2.5.4)
+ net-imap
+ net-pop
+ net-smtp
rails-dom-testing (~> 2.0)
- actionpack (6.1.3.1)
- actionview (= 6.1.3.1)
- activesupport (= 6.1.3.1)
- rack (~> 2.0, >= 2.0.9)
+ actionpack (7.0.8.5)
+ actionview (= 7.0.8.5)
+ activesupport (= 7.0.8.5)
+ rack (~> 2.0, >= 2.2.4)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
- actiontext (6.1.3.1)
- actionpack (= 6.1.3.1)
- activerecord (= 6.1.3.1)
- activestorage (= 6.1.3.1)
- activesupport (= 6.1.3.1)
+ actiontext (7.0.8.5)
+ actionpack (= 7.0.8.5)
+ activerecord (= 7.0.8.5)
+ activestorage (= 7.0.8.5)
+ activesupport (= 7.0.8.5)
+ globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
- actionview (6.1.3.1)
- activesupport (= 6.1.3.1)
+ actionview (7.0.8.5)
+ activesupport (= 7.0.8.5)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
- activejob (6.1.3.1)
- activesupport (= 6.1.3.1)
+ activejob (7.0.8.5)
+ activesupport (= 7.0.8.5)
globalid (>= 0.3.6)
- activemodel (6.1.3.1)
- activesupport (= 6.1.3.1)
- activerecord (6.1.3.1)
- activemodel (= 6.1.3.1)
- activesupport (= 6.1.3.1)
- activestorage (6.1.3.1)
- actionpack (= 6.1.3.1)
- activejob (= 6.1.3.1)
- activerecord (= 6.1.3.1)
- activesupport (= 6.1.3.1)
- marcel (~> 1.0.0)
- mini_mime (~> 1.0.2)
- activesupport (6.1.3.1)
+ activemodel (7.0.8.5)
+ activesupport (= 7.0.8.5)
+ activerecord (7.0.8.5)
+ activemodel (= 7.0.8.5)
+ activesupport (= 7.0.8.5)
+ activestorage (7.0.8.5)
+ actionpack (= 7.0.8.5)
+ activejob (= 7.0.8.5)
+ activerecord (= 7.0.8.5)
+ activesupport (= 7.0.8.5)
+ marcel (~> 1.0)
+ mini_mime (>= 1.1.0)
+ activesupport (7.0.8.5)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
- zeitwerk (~> 2.3)
addressable (2.7.0)
public_suffix (>= 2.0.2, < 5.0)
- autoprefixer-rails (10.2.0.0)
- execjs
+ autoprefixer-rails (10.4.19.0)
+ execjs (~> 2)
bindex (0.8.1)
bootsnap (1.5.1)
msgpack (~> 1.0)
- bootstrap (4.5.3)
+ bootstrap (4.6.2.1)
autoprefixer-rails (>= 9.1.0)
- popper_js (>= 1.14.3, < 2)
- sassc-rails (>= 2.0.0)
- builder (3.2.4)
+ popper_js (>= 1.16.1, < 2)
+ builder (3.3.0)
byebug (11.1.3)
childprocess (3.0.0)
- concurrent-ruby (1.1.8)
+ concurrent-ruby (1.3.4)
crack (0.4.5)
rexml
crass (1.0.6)
+ date (3.3.4)
diff-lcs (1.4.4)
dotenv (2.7.6)
dotenv-rails (2.7.6)
dotenv (= 2.7.6)
railties (>= 3.2)
- erubi (1.10.0)
- execjs (2.7.0)
+ erubi (1.13.0)
+ execjs (2.9.1)
faraday (1.3.0)
faraday-net_http (~> 1.0)
multipart-post (>= 1.2, < 3)
ruby2_keywords
faraday-net_http (1.0.1)
- ffi (1.14.2)
- ffi (1.14.2-x64-mingw32)
- globalid (0.4.2)
- activesupport (>= 4.2.0)
+ ffi (1.17.0)
+ globalid (1.2.1)
+ activesupport (>= 6.1)
hashdiff (1.0.1)
- i18n (1.8.9)
+ i18n (1.14.6)
concurrent-ruby (~> 1.0)
jbuilder (2.10.1)
activesupport (>= 5.0.0)
@@ -103,71 +108,87 @@ GEM
listen (3.4.1)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
- loofah (2.9.0)
+ loofah (2.22.0)
crass (~> 1.0.2)
- nokogiri (>= 1.5.9)
- mail (2.7.1)
+ nokogiri (>= 1.12.0)
+ mail (2.8.1)
mini_mime (>= 0.1.1)
- marcel (1.0.0)
- method_source (1.0.0)
- mini_mime (1.0.3)
- mini_portile2 (2.5.0)
- minitest (5.14.4)
+ net-imap
+ net-pop
+ net-smtp
+ marcel (1.0.4)
+ method_source (1.1.0)
+ mini_mime (1.1.5)
+ mini_portile2 (2.8.7)
+ minitest (5.25.1)
msgpack (1.4.2)
multipart-post (2.1.1)
- nio4r (2.5.7)
- nokogiri (1.11.2)
- mini_portile2 (~> 2.5.0)
+ net-imap (0.4.17)
+ date
+ net-protocol
+ net-pop (0.1.2)
+ net-protocol
+ net-protocol (0.2.2)
+ timeout
+ net-smtp (0.5.0)
+ net-protocol
+ nio4r (2.7.3)
+ nokogiri (1.16.7)
+ mini_portile2 (~> 2.8.2)
racc (~> 1.4)
- nokogiri (1.11.2-arm64-darwin)
+ nokogiri (1.16.7-arm64-darwin)
racc (~> 1.4)
- nokogiri (1.11.2-x64-mingw32)
+ nokogiri (1.16.7-x64-mingw32)
racc (~> 1.4)
- nokogiri (1.11.2-x86_64-linux)
+ nokogiri (1.16.7-x86_64-darwin)
racc (~> 1.4)
- popper_js (1.16.0)
+ nokogiri (1.16.7-x86_64-linux)
+ racc (~> 1.4)
+ popper_js (1.16.1)
public_suffix (4.0.6)
puma (5.1.1)
nio4r (~> 2.0)
- racc (1.5.2)
- rack (2.2.3)
+ racc (1.8.1)
+ rack (2.2.10)
rack-mini-profiler (2.3.0)
rack (>= 1.2.0)
rack-proxy (0.6.5)
rack
- rack-test (1.1.0)
- rack (>= 1.0, < 3)
- rails (6.1.3.1)
- actioncable (= 6.1.3.1)
- actionmailbox (= 6.1.3.1)
- actionmailer (= 6.1.3.1)
- actionpack (= 6.1.3.1)
- actiontext (= 6.1.3.1)
- actionview (= 6.1.3.1)
- activejob (= 6.1.3.1)
- activemodel (= 6.1.3.1)
- activerecord (= 6.1.3.1)
- activestorage (= 6.1.3.1)
- activesupport (= 6.1.3.1)
+ rack-test (2.1.0)
+ rack (>= 1.3)
+ rails (7.0.8.5)
+ actioncable (= 7.0.8.5)
+ actionmailbox (= 7.0.8.5)
+ actionmailer (= 7.0.8.5)
+ actionpack (= 7.0.8.5)
+ actiontext (= 7.0.8.5)
+ actionview (= 7.0.8.5)
+ activejob (= 7.0.8.5)
+ activemodel (= 7.0.8.5)
+ activerecord (= 7.0.8.5)
+ activestorage (= 7.0.8.5)
+ activesupport (= 7.0.8.5)
bundler (>= 1.15.0)
- railties (= 6.1.3.1)
- sprockets-rails (>= 2.0.0)
+ railties (= 7.0.8.5)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
actionview (>= 5.0.1.rc1)
activesupport (>= 5.0.1.rc1)
- rails-dom-testing (2.0.3)
- activesupport (>= 4.2.0)
+ rails-dom-testing (2.2.0)
+ activesupport (>= 5.0.0)
+ minitest
nokogiri (>= 1.6)
- rails-html-sanitizer (1.3.0)
- loofah (~> 2.3)
- railties (6.1.3.1)
- actionpack (= 6.1.3.1)
- activesupport (= 6.1.3.1)
+ rails-html-sanitizer (1.6.0)
+ loofah (~> 2.21)
+ nokogiri (~> 1.14)
+ railties (7.0.8.5)
+ actionpack (= 7.0.8.5)
+ activesupport (= 7.0.8.5)
method_source
- rake (>= 0.8.7)
+ rake (>= 12.2)
thor (~> 1.0)
- rake (13.0.3)
+ zeitwerk (~> 2.5)
+ rake (13.2.1)
rb-fsevent (0.10.4)
rb-inotify (0.10.1)
ffi (~> 1.0)
@@ -191,31 +212,14 @@ GEM
rspec-support (3.10.1)
ruby2_keywords (0.0.4)
rubyzip (2.3.0)
- sassc (2.4.0)
- ffi (~> 1.9)
- sassc (2.4.0-x64-mingw32)
- ffi (~> 1.9)
- sassc-rails (2.1.2)
- railties (>= 4.0.0)
- sassc (>= 2.0)
- sprockets (> 3.0)
- sprockets-rails
- tilt
selenium-webdriver (3.142.7)
childprocess (>= 0.5, < 4.0)
rubyzip (>= 1.2.2)
semantic_range (2.3.1)
spring (2.1.1)
- sprockets (4.0.2)
- concurrent-ruby (~> 1.0)
- rack (> 1, < 3)
- sprockets-rails (3.2.2)
- actionpack (>= 4.0)
- activesupport (>= 4.0)
- sprockets (>= 3.0.0)
sqlite3 (1.4.2)
- thor (1.1.0)
- tilt (2.0.10)
+ thor (1.3.2)
+ timeout (0.4.1)
turbolinks (5.2.1)
turbolinks-source (~> 5.2)
turbolinks-source (5.2.0)
@@ -223,7 +227,7 @@ GEM
faraday (>= 0.9, < 2.0)
jwt (>= 1.5, <= 2.5)
nokogiri (>= 1.6, < 2.0)
- tzinfo (2.0.4)
+ tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
tzinfo-data (1.2020.6)
tzinfo (>= 1.0.0)
@@ -246,10 +250,10 @@ GEM
rack-proxy (>= 0.6.1)
railties (>= 5.2)
semantic_range (>= 2.3.0)
- websocket-driver (0.7.3)
+ websocket-driver (0.7.6)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
- zeitwerk (2.4.2)
+ zeitwerk (2.6.18)
PLATFORMS
ruby
@@ -259,14 +263,14 @@ PLATFORMS
DEPENDENCIES
bootsnap (>= 1.4.4)
- bootstrap (~> 4.5)
+ bootstrap (~> 4.6, >= 4.6.2.1)
byebug
dotenv-rails
jbuilder (~> 2.7)
listen (~> 3.3)
puma (~> 5.0)
rack-mini-profiler (~> 2.0)
- rails (~> 6.1.3)
+ rails (~> 7.0.0)
rails-controller-testing
rspec-rails
spring
@@ -284,4 +288,4 @@ RUBY VERSION
ruby 3.0.0p0
BUNDLED WITH
- 2.2.6
+ 2.2.3