From 93fb199d2ac6fdc8eb27505830f12ca824a03b20 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 4 Apr 2024 21:20:19 +0000 Subject: [PATCH] fix: Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-6274386 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-6274388 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6228056 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274383 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274384 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274385 --- Gemfile | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/Gemfile b/Gemfile index f8aba1518..34e16cd38 100644 --- a/Gemfile +++ b/Gemfile @@ -1,16 +1,16 @@ source 'https://rubygems.org' -gem 'rails', '5.2.8.1' +gem 'rails', '7.0.8.1' -gem 'sprockets' +gem 'sprockets', '>= 3.7.3' # Need to require sprockets-rails expicitly to get asset pipeline, at least untill we move to SASS # Pinning sprockets-rails to 2.3.3 so that everything doesn't blow up. It might be time to start thinking about webpack. -gem 'sprockets-rails', '2.3.3' +gem 'sprockets-rails', '3.0.0' # We need less-rails outside of the assets group so that assets will build in production gem 'less-rails' # We want non-digest versions of our assets for font-awesome -gem "non-stupid-digest-assets" +gem "non-stupid-digest-assets", ">= 1.0.10" gem 'cqm-models', '~>4.0.2' # gem 'cqm-reports', '~> 3.1.2' @@ -23,28 +23,28 @@ gem 'zip-zip' gem 'axlsx', git: 'https://github.com/randym/axlsx', branch: 'master' gem 'mongoid', '~> 6.4.2' -gem 'devise' +gem 'devise', '>= 4.9.0' gem 'systemu' gem 'multi_json' gem 'rest-client' # needed for parsing value sets (we need to use roo rather than rubyxl because the value sets are in xls rather than xlsx) -gem 'roo', '~> 2.7' +gem 'roo', '~> 2.10', '>= 2.10.0' gem 'oj' # Faster JSON -gem 'apipie-rails' +gem 'apipie-rails', '>= 0.8.2' gem 'maruku' # enable Markup for API documentation -gem 'doorkeeper', '~> 4.4.0' -gem "doorkeeper-mongodb", '~> 4.1.0' +gem 'doorkeeper', '~> 5.0.0' +gem "doorkeeper-mongodb", "~> 4.2.0" group :test, :development, :ci do gem 'pry' # Pinning teaspoon to 1.1.5 because of sprockets-rails 2.3.3 - gem 'teaspoon', '1.1.5' + gem 'teaspoon', '1.2.0' gem "overcommit" gem 'rubocop', '~> 0.88.0' gem 'rubocop-ast', '~> 0.3.0' - gem 'teaspoon-jasmine' + gem 'teaspoon-jasmine', '>= 2.4.1' gem 'simplecov', :require => false gem 'minitest' gem 'rails_best_practices' @@ -62,7 +62,7 @@ end group :test, :development do gem 'pry-byebug' - gem 'thin', '~> 1.7.2' + gem 'thin', '~> 1.8.0' gem 'capistrano-rails' gem 'capistrano-npm' gem 'rvm1-capistrano3', require: false @@ -86,13 +86,13 @@ end gem 'foreman' -gem 'handlebars_assets', '0.16' -gem 'jquery-rails' +gem 'handlebars_assets', '0.17' +gem 'jquery-rails', '>= 4.5.1' # Browser Detection gem 'browser' gem "reverse_markdown", "~> 2.0" -gem "tinymce-rails" +gem "tinymce-rails", ">= 5.8.2" -gem "devise_saml_authenticatable" +gem "devise_saml_authenticatable", ">= 1.9.1"