fix: upgrade Ruby to 3.2.4 to address CVE (#16521)

* fix: upgrade Ruby to 3.2.4 to address CVE

* Update workflows for new ruby

.github/workflows/code_checks.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7
+      - uses: ruby/setup-ruby@1198b074305f9356bd56dd4b311757cc0dab2f1c
         with:
           bundler-cache: true
 

.github/workflows/income-limits-data-sync.yml

@@ -15,7 +15,7 @@ jobs:
   income_limits_data_sync:
     runs-on: self-hosted
     container:
-      image: public.ecr.aws/docker/library/ruby:3.2.2-bullseye
+      image: public.ecr.aws/docker/library/ruby:3.2.4-bullseye
       env:
         SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
         NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt

.ruby-version

@@ -1 +1 @@
-3.2.3
+3.2.4

Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:3.2.3-slim-bookworm as rubyimg
+FROM ruby:3.2.4-slim-bookworm as rubyimg
 
 # XXX: using stretch here for pdftk dep, which is not availible after
 #      stretch (or in alpine) and is switched automatically to pdftk-java in buster

Dockerfile-k8s

@@ -1,4 +1,4 @@
-FROM ruby:3.2.3-slim-bullseye AS rubyimg
+FROM ruby:3.2.4-slim-bullseye AS rubyimg
 FROM rubyimg AS modules
 
 WORKDIR /tmp

Gemfile

@@ -2,7 +2,7 @@
 
 source 'https://rubygems.org'
 
-ruby '~> 3.2.3'
+ruby '~> 3.2.4'
 
 # Modules
 path 'modules' do

Gemfile.lock

@@ -1280,7 +1280,7 @@ DEPENDENCIES
   yard
 
 RUBY VERSION
-   ruby 3.2.3p157
+   ruby 3.2.4p170
 
 BUNDLED WITH
    2.4.9

docs/setup/native.md

@@ -2,7 +2,7 @@
 
 Vets API requires:
 
-- Ruby 3.2.3
+- Ruby 3.2.4
 - PostgreSQL 15.x (including PostGIS 3)
 - Redis 6.2.x