fix: Gemfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-5851458 - https://snyk.io/vuln/SNYK-RUBY-RAILTIES-5851410
346design · Aug 23, 2023 · 1faa1c9 · 1faa1c9
1 parent cf3c8bb
commit 1faa1c9
Showing 1 changed file with 22 additions and 22 deletions.
diff --git a/Gemfile b/Gemfile
@@ -7,31 +7,31 @@ gem 'pkg-config', '~> 1.4'
 gem 'rexml', '~> 3.2'
 
 gem 'puma', '~> 5.6'
-gem 'rails', '~> 6.1.7'
+gem 'rails', '~> 6.1.7', '>= 6.1.7.5'
 gem 'sprockets', '~> 3.7.2'
 gem 'thor', '~> 1.2'
 gem 'rack', '~> 2.2.4'
 
 gem 'hamlit-rails', '~> 0.2'
 gem 'pg', '~> 1.4'
 gem 'makara', '~> 0.5'
-gem 'pghero', '~> 2.8'
+gem 'pghero', '~> 3.0', '>= 3.0.0'
 gem 'dotenv-rails', '~> 2.8'
 
 gem 'aws-sdk-s3', '~> 1.114', require: false
 gem 'fog-core', '<= 2.1.0'
 gem 'fog-openstack', '~> 0.3', require: false
-gem 'kt-paperclip', '~> 7.1'
+gem 'kt-paperclip', '~> 7.2', '>= 7.2.0'
 gem 'blurhash', '~> 0.1'
 
 gem 'active_model_serializers', '~> 0.10'
 gem 'addressable', '~> 2.8'
 gem 'bootsnap', '~> 1.13.0', require: false
 gem 'browser'
 gem 'charlock_holmes', '~> 0.7.7'
-gem 'chewy', '~> 7.2'
-gem 'devise', '~> 4.8'
-gem 'devise-two-factor', '~> 4.0'
+gem 'chewy', '~> 7.2', '>= 7.2.5'
+gem 'devise', '~> 4.9', '>= 4.9.0'
+gem 'devise-two-factor', '~> 4.1', '>= 4.1.0'
 
 group :pam_authentication, optional: true do
   gem 'devise_pam_authenticatable2', '~> 9.2'
@@ -40,13 +40,13 @@ end
 gem 'net-ldap', '~> 0.17'
 gem 'omniauth-cas', '~> 2.0'
 gem 'omniauth-saml', '~> 1.10'
-gem 'gitlab-omniauth-openid-connect', '~>0.10.0', require: 'omniauth_openid_connect'
+gem 'gitlab-omniauth-openid-connect', '~> 0.10.1', require: 'omniauth_openid_connect'
 gem 'omniauth', '~> 1.9'
-gem 'omniauth-rails_csrf_protection', '~> 0.1'
+gem 'omniauth-rails_csrf_protection', '~> 1.0', '>= 1.0.0'
 
 gem 'color_diff', '~> 0.1'
-gem 'discard', '~> 1.2'
-gem 'doorkeeper', '~> 5.6'
+gem 'discard', '~> 1.3', '>= 1.3.0'
+gem 'doorkeeper', '~> 5.6', '>= 5.6.1'
 gem 'ed25519', '~> 1.3'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
@@ -66,32 +66,32 @@ gem 'oj', '~> 3.13'
 gem 'ox', '~> 2.14'
 gem 'parslet'
 gem 'posix-spawn'
-gem 'pundit', '~> 2.2'
-gem 'premailer-rails'
+gem 'pundit', '~> 2.3', '>= 2.3.0'
+gem 'premailer-rails', '>= 1.12.0'
 gem 'rack-attack', '~> 6.6'
 gem 'rack-cors', '~> 1.1', require: 'rack/cors'
-gem 'rails-i18n', '~> 6.0'
-gem 'rails-settings-cached', '~> 0.6'
+gem 'rails-i18n', '~> 7.0', '>= 7.0.1'
+gem 'rails-settings-cached', '~> 0.7', '>= 0.7.0'
 gem 'redcarpet', '~> 3.5'
 gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']
 gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'rqrcode', '~> 2.1'
 gem 'ruby-progressbar', '~> 1.11'
 gem 'sanitize', '~> 6.0'
-gem 'scenic', '~> 1.6'
+gem 'scenic', '~> 1.7', '>= 1.7.0'
 gem 'sidekiq', '~> 6.5'
 gem 'sidekiq-scheduler', '~> 4.0'
 gem 'sidekiq-unique-jobs', '~> 7.1'
 gem 'sidekiq-bulk', '~> 0.2.0'
 gem 'simple-navigation', '~> 4.4'
-gem 'simple_form', '~> 5.1'
+gem 'simple_form', '~> 5.2', '>= 5.2.0'
 gem 'sprockets-rails', '~> 3.4', require: 'sprockets/railtie'
 gem 'stoplight', '~> 3.0.0'
-gem 'strong_migrations', '~> 0.7'
+gem 'strong_migrations', '~> 0.8', '>= 0.8.0'
 gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
 gem 'tzinfo-data', '~> 1.2022'
-gem 'webpacker', '~> 5.4'
+gem 'webpacker', '~> 5.4', '>= 5.4.4'
 gem 'webpush', github: 'ClearlyClaire/webpush', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9'
 gem 'webauthn', '~> 2.5'
 
@@ -105,7 +105,7 @@ group :development, :test do
   gem 'i18n-tasks', '~> 1.0', require: false
   gem 'pry-byebug', '~> 3.10'
   gem 'pry-rails', '~> 0.3'
-  gem 'rspec-rails', '~> 5.1'
+  gem 'rspec-rails', '~> 6.0', '>= 6.0.0'
 end
 
 group :production, :test do
@@ -130,12 +130,12 @@ group :development do
   gem 'annotate', '~> 3.2'
   gem 'better_errors', '~> 2.9'
   gem 'binding_of_caller', '~> 1.0'
-  gem 'bullet', '~> 7.0'
+  gem 'bullet', '~> 7.0', '>= 7.0.4'
   gem 'letter_opener', '~> 1.8'
   gem 'letter_opener_web', '~> 2.0'
   gem 'memory_profiler'
   gem 'rubocop', '~> 1.30', require: false
-  gem 'rubocop-rails', '~> 2.15', require: false
+  gem 'rubocop-rails', '~> 2.15', '>= 2.15.1', require: false
   gem 'brakeman', '~> 5.3', require: false
   gem 'bundler-audit', '~> 0.9', require: false
 
@@ -148,7 +148,7 @@ group :development do
 end
 
 group :production do
-  gem 'lograge', '~> 0.12'
+  gem 'lograge', '~> 0.13', '>= 0.13.0'
 end
 
 gem 'concurrent-ruby', require: false