From 19ea2f16ddd4090c2abf6b7e673ed99f8d88b071 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 30 Nov 2023 14:42:40 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-CARRIERWAVE-6095123
---
 Gemfile      |  2 +-
 Gemfile.lock | 23 +++++++++++------------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/Gemfile b/Gemfile
index 1f14f4af..e4ef2652 100644
--- a/Gemfile
+++ b/Gemfile
@@ -84,7 +84,7 @@ gem 'pry-rails'
 gem 'ruby-vips'
 
 gem 'asset_sync', '>= 2.9.0'
-gem 'carrierwave', '>= 2.0.2'
+gem 'carrierwave', '>= 2.2.5'
 gem 'carrierwave-vips', '>= 1.2.0'
 gem 'fog-aws', '< 3'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 7758495a..d3213f50 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -107,13 +107,12 @@ GEM
       i18n
       rake (>= 10.0.0)
       sshkit (>= 1.9.0)
-    carrierwave (2.2.2)
-      activemodel (>= 5.0.0)
-      activesupport (>= 5.0.0)
+    carrierwave (3.0.5)
+      activemodel (>= 6.0.0)
+      activesupport (>= 6.0.0)
       addressable (~> 2.6)
       image_processing (~> 1.1)
       marcel (~> 1.0.0)
-      mini_mime (>= 0.1.3)
       ssrf_filter (~> 1.0)
     carrierwave-vips (1.2.0)
       carrierwave (>= 0.11.0)
@@ -169,7 +168,7 @@ GEM
     fast_jsonapi (1.5)
       activesupport (>= 4.2)
     ffaker (2.23.0)
-    ffi (1.15.5)
+    ffi (1.16.3)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
@@ -216,7 +215,7 @@ GEM
     icalendar (2.7.1)
       ice_cube (~> 0.16)
     ice_cube (0.16.4)
-    image_processing (1.12.1)
+    image_processing (1.12.2)
       mini_magick (>= 4.9.5, < 5)
       ruby-vips (>= 2.0.17, < 3)
     io-wait (0.2.1)
@@ -266,8 +265,8 @@ GEM
     mime-types (3.5.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2023.0808)
-    mini_magick (4.11.0)
-    mini_mime (1.1.2)
+    mini_magick (4.12.0)
+    mini_mime (1.1.5)
     mini_portile2 (2.8.4)
     minitest (5.20.0)
     msgpack (1.5.1)
@@ -460,7 +459,7 @@ GEM
     rubocop-rspec (2.8.0)
       rubocop (~> 1.19)
     ruby-progressbar (1.11.0)
-    ruby-vips (2.1.4)
+    ruby-vips (2.2.0)
       ffi (~> 1.12)
     ruby2_keywords (0.0.5)
     sassc (2.4.0)
@@ -513,7 +512,7 @@ GEM
     sshkit (1.21.5)
       net-scp (>= 1.1.2)
       net-ssh (>= 2.8.0)
-    ssrf_filter (1.0.7)
+    ssrf_filter (1.1.2)
     stringio (3.0.8)
     strscan (3.0.1)
     temple (0.10.2)
@@ -566,7 +565,7 @@ DEPENDENCIES
   byebug
   cancancan
   capistrano
-  carrierwave (>= 2.0.2)
+  carrierwave (>= 2.2.5)
   carrierwave-vips (>= 1.2.0)
   codecov
   database_cleaner
@@ -647,4 +646,4 @@ RUBY VERSION
    ruby 3.2.2p53
 
 BUNDLED WITH
-   2.3.26
+   2.4.6