fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-7577227 - https://snyk.io/vuln/SNYK-RUBY-REXML-7577228
NNRUG · Aug 2, 2024 · 000b810 · 000b810
1 parent 35d60e0
commit 000b810
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 45 deletions.
diff --git a/Gemfile b/Gemfile
@@ -129,14 +129,14 @@ group :development, :test do
   # Model factories
   gem 'factory_bot_rails', '>= 5.1.1'
   gem 'rspec-rails', '>= 3.9.0'
-  gem 'rubocop', require: false
+  gem 'rubocop', '>= 1.26.0', require: false
   gem 'rubocop-faker', require: false
   gem 'rubocop-i18n', require: false
-  gem 'rubocop-md', require: false
-  gem 'rubocop-performance', require: false
-  gem 'rubocop-rails', '>= 2.4.2', require: false
+  gem 'rubocop-md', '>= 1.1.0', require: false
+  gem 'rubocop-performance', '>= 1.13.3', require: false
+  gem 'rubocop-rails', '>= 2.14.0', require: false
   gem 'rubocop-rake', require: false
-  gem 'rubocop-rspec', require: false
+  gem 'rubocop-rspec', '>= 2.9.0', require: false
 end
 
 group :test do
@@ -145,7 +145,7 @@ group :test do
   gem 'shoulda-matchers', '>= 4.2.0', require: false
   gem 'simplecov', require: false
   gem 'test-prof', require: false
-  gem 'webmock', require: false
+  gem 'webmock', '>= 3.20.0', require: false
 end
 
 # Heroku compatibility

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -79,8 +79,8 @@ GEM
       zeitwerk (~> 2.3)
     acts-as-taggable-on (9.0.1)
       activerecord (>= 6.0, < 7.1)
-    addressable (2.8.5)
-      public_suffix (>= 2.0.2, < 6.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     airbrussh (1.4.0)
       sshkit (>= 1.6.1, != 1.7.0)
     annotate (3.2.0)
@@ -96,6 +96,7 @@ GEM
       execjs (~> 2)
     awesome_print (1.9.2)
     bcrypt (3.1.19)
+    bigdecimal (3.1.8)
     bindex (0.8.1)
     bootsnap (1.11.1)
       msgpack (~> 1.2)
@@ -123,9 +124,10 @@ GEM
     codecov (0.6.0)
       simplecov (>= 0.15, < 0.22)
     coderay (1.1.3)
-    concurrent-ruby (1.2.2)
+    concurrent-ruby (1.3.3)
     connection_pool (2.2.5)
-    crack (0.4.5)
+    crack (1.0.0)
+      bigdecimal
       rexml
     crass (1.0.6)
     database_cleaner (2.0.2)
@@ -198,7 +200,7 @@ GEM
     has_scope (0.8.0)
       actionpack (>= 5.2)
       activesupport (>= 5.2)
-    hashdiff (1.0.1)
+    hashdiff (1.1.0)
     hashie (5.0.0)
     high_voltage (3.1.2)
     hiredis (0.6.3)
@@ -211,7 +213,7 @@ GEM
     http-cookie (1.0.5)
       domain_name (~> 0.5)
     http-form_data (2.3.0)
-    i18n (1.14.1)
+    i18n (1.14.5)
       concurrent-ruby (~> 1.0)
     icalendar (2.7.1)
       ice_cube (~> 0.16)
@@ -239,6 +241,7 @@ GEM
       activerecord
       kaminari-core (= 1.2.2)
     kaminari-core (1.2.2)
+    language_server-protocol (3.17.0.3)
     launchy (2.5.0)
       addressable (~> 2.7)
     letter_opener (1.8.1)
@@ -269,7 +272,7 @@ GEM
     mini_magick (4.11.0)
     mini_mime (1.1.2)
     mini_portile2 (2.8.4)
-    minitest (5.20.0)
+    minitest (5.24.1)
     msgpack (1.5.1)
     multi_json (1.15.0)
     multi_xml (0.6.0)
@@ -328,9 +331,10 @@ GEM
       omniauth-oauth2 (>= 1.5, <= 1.6)
     orm_adapter (0.5.0)
     ox (2.14.17)
-    parallel (1.22.1)
-    parser (3.1.1.0)
+    parallel (1.25.1)
+    parser (3.3.4.0)
       ast (~> 2.4.1)
+      racc
     pg (1.5.4)
     postrank-uri (1.0.24)
       addressable (>= 2.4.0)
@@ -350,7 +354,7 @@ GEM
       puma
       rack
     racc (1.7.1)
-    rack (2.2.8)
+    rack (2.2.9)
     rack-proxy (0.7.7)
       rack
     rack-test (2.1.0)
@@ -400,7 +404,7 @@ GEM
       psych (>= 4.0.0)
     redcarpet (3.6.0)
     redis (4.6.0)
-    regexp_parser (2.8.1)
+    regexp_parser (2.9.2)
     request_store (1.5.1)
       rack (>= 1.4)
     responders (3.0.1)
@@ -411,7 +415,8 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rexml (3.2.6)
+    rexml (3.3.4)
+      strscan
     rollbar (3.3.0)
     rspec-core (3.12.2)
       rspec-support (~> 3.12.0)
@@ -430,36 +435,39 @@ GEM
       rspec-mocks (~> 3.12)
       rspec-support (~> 3.12)
     rspec-support (3.12.1)
-    rubocop (1.25.1)
+    rubocop (1.65.1)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.15.1, < 2.0)
+      regexp_parser (>= 2.4, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.16.0)
-      parser (>= 3.1.1.0)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.31.3)
+      parser (>= 3.3.1.0)
     rubocop-faker (1.1.0)
       faker (>= 2.12.0)
       rubocop (>= 0.82.0)
     rubocop-i18n (3.0.0)
       rubocop (~> 1.0)
-    rubocop-md (1.0.1)
+    rubocop-md (1.2.2)
       rubocop (>= 1.0)
-    rubocop-performance (1.13.2)
-      rubocop (>= 1.7.0, < 2.0)
-      rubocop-ast (>= 0.4.0)
-    rubocop-rails (2.13.2)
+    rubocop-performance (1.21.1)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rails (2.25.1)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
-      rubocop (>= 1.7.0, < 2.0)
+      rubocop (>= 1.33.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
     rubocop-rake (0.6.0)
       rubocop (~> 1.0)
-    rubocop-rspec (2.8.0)
-      rubocop (~> 1.19)
-    ruby-progressbar (1.11.0)
+    rubocop-rspec (3.0.3)
+      rubocop (~> 1.61)
+    ruby-progressbar (1.13.0)
     ruby-vips (2.1.4)
       ffi (~> 1.12)
     ruby2_keywords (0.0.5)
@@ -529,15 +537,15 @@ GEM
       unf_ext
     unf_ext (0.0.8.2)
     unicode (0.4.4.4)
-    unicode-display_width (2.4.2)
+    unicode-display_width (2.5.0)
     warden (1.2.9)
       rack (>= 2.0.9)
     web-console (4.2.1)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    webmock (3.19.1)
+    webmock (3.23.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -549,7 +557,7 @@ GEM
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.6.12)
+    zeitwerk (2.6.17)
 
 PLATFORMS
   ruby
@@ -615,14 +623,14 @@ DEPENDENCIES
   redis
   rollbar
   rspec-rails (>= 3.9.0)
-  rubocop
+  rubocop (>= 1.26.0)
   rubocop-faker
   rubocop-i18n
-  rubocop-md
-  rubocop-performance
-  rubocop-rails (>= 2.4.2)
+  rubocop-md (>= 1.1.0)
+  rubocop-performance (>= 1.13.3)
+  rubocop-rails (>= 2.14.0)
   rubocop-rake
-  rubocop-rspec
+  rubocop-rspec (>= 2.9.0)
   ruby-vips
   sassc-rails (>= 2.1.2)
   sdoc
@@ -640,11 +648,11 @@ DEPENDENCIES
   uglifier
   unicode
   web-console (>= 4.2.1)
-  webmock
+  webmock (>= 3.20.0)
   webpacker
 
 RUBY VERSION
    ruby 3.2.2p53
 
 BUNDLED WITH
-   2.3.26
+   2.4.6