From 5a6ffa14b44bc535fd0b0ecb10fc40096d89c77a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 6 Aug 2024 23:19:42 +0000
Subject: [PATCH] fix: ruby/rails-controller/Gemfile &
 ruby/rails-controller/Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-GRPC-7641067
---
 ruby/rails-controller/Gemfile      |  2 +-
 ruby/rails-controller/Gemfile.lock | 85 +++++++++++++++++-------------
 2 files changed, 50 insertions(+), 37 deletions(-)

diff --git a/ruby/rails-controller/Gemfile b/ruby/rails-controller/Gemfile
index 9d61f69..10b3d3b 100644
--- a/ruby/rails-controller/Gemfile
+++ b/ruby/rails-controller/Gemfile
@@ -53,4 +53,4 @@ gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
 
 gem "twilio-ruby"
 gem 'tubesock'
-gem "google-cloud-speech"
\ No newline at end of file
+gem "google-cloud-speech", ">= 1.0.0"
\ No newline at end of file
diff --git a/ruby/rails-controller/Gemfile.lock b/ruby/rails-controller/Gemfile.lock
index e1f22bc..d4cab74 100644
--- a/ruby/rails-controller/Gemfile.lock
+++ b/ruby/rails-controller/Gemfile.lock
@@ -38,8 +38,8 @@ GEM
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    addressable (2.6.0)
-      public_suffix (>= 2.0.2, < 4.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     arel (8.0.0)
     bindex (0.7.0)
     builder (3.2.3)
@@ -65,41 +65,55 @@ GEM
     crass (1.0.4)
     erubi (1.8.0)
     execjs (2.7.0)
-    faraday (0.15.4)
+    faraday (0.17.6)
       multipart-post (>= 1.2, < 3)
     ffi (1.11.1)
+    gapic-common (0.3.4)
+      google-protobuf (~> 3.12, >= 3.12.2)
+      googleapis-common-protos (>= 1.3.9, < 2.0)
+      googleapis-common-protos-types (>= 1.0.4, < 2.0)
+      googleauth (~> 0.9)
+      grpc (~> 1.25)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    google-cloud-speech (0.34.1)
-      google-gax (~> 1.3)
-    google-gax (1.5.0)
-      google-protobuf (~> 3.2)
-      googleapis-common-protos (>= 1.3.5, < 2.0)
-      googleauth (>= 0.6.2, < 0.10.0)
-      grpc (>= 1.7.2, < 2.0)
-      rly (~> 0.2.3)
-    google-protobuf (3.7.1)
-    googleapis-common-protos (1.3.9)
-      google-protobuf (~> 3.0)
-      googleapis-common-protos-types (~> 1.0)
-      grpc (~> 1.0)
-    googleapis-common-protos-types (1.0.4)
-      google-protobuf (~> 3.0)
-    googleauth (0.8.1)
-      faraday (~> 0.12)
+    google-cloud-core (1.7.1)
+      google-cloud-env (>= 1.0, < 3.a)
+      google-cloud-errors (~> 1.0)
+    google-cloud-env (1.6.0)
+      faraday (>= 0.17.3, < 3.0)
+    google-cloud-errors (1.4.0)
+    google-cloud-speech (1.2.3)
+      google-cloud-core (~> 1.6)
+      google-cloud-speech-v1 (>= 0.0, < 2.a)
+      google-cloud-speech-v1p1beta1 (>= 0.0, < 2.a)
+    google-cloud-speech-v1 (0.4.0)
+      gapic-common (~> 0.3)
+      google-cloud-errors (~> 1.0)
+    google-cloud-speech-v1p1beta1 (0.7.0)
+      gapic-common (~> 0.3)
+      google-cloud-errors (~> 1.0)
+    google-protobuf (3.25.4)
+    googleapis-common-protos (1.6.0)
+      google-protobuf (>= 3.18, < 5.a)
+      googleapis-common-protos-types (~> 1.7)
+      grpc (~> 1.41)
+    googleapis-common-protos-types (1.15.0)
+      google-protobuf (>= 3.18, < 5.a)
+    googleauth (0.17.1)
+      faraday (>= 0.17.3, < 2.0)
       jwt (>= 1.4, < 3.0)
       memoist (~> 0.16)
       multi_json (~> 1.11)
       os (>= 0.9, < 2.0)
-      signet (~> 0.7)
-    grpc (1.20.0)
-      google-protobuf (~> 3.7)
-      googleapis-common-protos-types (~> 1.0.0)
+      signet (~> 0.15)
+    grpc (1.65.2)
+      google-protobuf (>= 3.25, < 5.0)
+      googleapis-common-protos-types (~> 1.0)
     i18n (1.6.0)
       concurrent-ruby (~> 1.0)
     jbuilder (2.9.1)
       activesupport (>= 4.2.0)
-    jwt (2.1.0)
+    jwt (2.5.0)
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -109,18 +123,18 @@ GEM
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    memoist (0.16.0)
+    memoist (0.16.2)
     method_source (0.9.2)
     mini_mime (1.0.1)
     mini_portile2 (2.4.0)
     minitest (5.11.3)
-    multi_json (1.13.1)
-    multipart-post (2.0.0)
+    multi_json (1.15.0)
+    multipart-post (2.4.1)
     nio4r (2.3.1)
     nokogiri (1.10.3)
       mini_portile2 (~> 2.4.0)
-    os (1.0.1)
-    public_suffix (3.1.0)
+    os (1.1.4)
+    public_suffix (5.1.1)
     puma (3.12.1)
     rack (2.0.7)
     rack-test (1.1.0)
@@ -153,7 +167,6 @@ GEM
     rb-inotify (0.10.0)
       ffi (~> 1.0)
     regexp_parser (1.5.1)
-    rly (0.2.3)
     ruby_dep (1.5.0)
     rubyzip (1.3.0)
     sass (3.7.4)
@@ -170,9 +183,9 @@ GEM
     selenium-webdriver (3.142.3)
       childprocess (>= 0.5, < 2.0)
       rubyzip (~> 1.2, >= 1.2.2)
-    signet (0.11.0)
-      addressable (~> 2.3)
-      faraday (~> 0.9)
+    signet (0.19.0)
+      addressable (~> 2.8)
+      faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
       multi_json (~> 1.10)
     spring (2.0.2)
@@ -224,7 +237,7 @@ DEPENDENCIES
   byebug
   capybara (>= 2.15)
   coffee-rails (~> 4.2)
-  google-cloud-speech
+  google-cloud-speech (>= 1.0.0)
   jbuilder (~> 2.5)
   listen (>= 3.0.5, < 3.2)
   puma (~> 3.7)
@@ -242,4 +255,4 @@ DEPENDENCIES
   web-console (>= 3.3.0)
 
 BUNDLED WITH
-   1.14.6
+   1.17.3