fix: upgrade for latest rails vulns

8b91aad3 · John Harris · 1e26ee1b · 8b91aad3 · 8b91aad3 · 8b91aad3
Commit 8b91aad3 authored 2 years ago by John Harris
--- a/.gitignore
+++ b/.gitignore
 .idea/
 rubocop.html
+.yardoc
+doc
--- a/Gemfile
+++ b/Gemfile
@@ -4,7 +4,7 @@ source 'https://rubygems.org'
 ruby '2.7.5'

 # Core Gems
-gem 'rails', '7.0.2.4'
+gem 'rails', '7.0.3.1'
 gem 'puma', '5.6.4'
 gem 'sass-rails', '5.1.0'
 gem 'uglifier', '4.2.0'

--- a/Gemfile.lock
+++ b/Gemfile.lock
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (7.0.2.4)
-      actionpack (= 7.0.2.4)
-      activesupport (= 7.0.2.4)
+    actioncable (7.0.3.1)
+      actionpack (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.2.4)
-      actionpack (= 7.0.2.4)
-      activejob (= 7.0.2.4)
-      activerecord (= 7.0.2.4)
-      activestorage (= 7.0.2.4)
-      activesupport (= 7.0.2.4)
+    actionmailbox (7.0.3.1)
+      actionpack (= 7.0.3.1)
+      activejob (= 7.0.3.1)
+      activerecord (= 7.0.3.1)
+      activestorage (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
      mail (>= 2.7.1)
      net-imap
      net-pop
      net-smtp
-    actionmailer (7.0.2.4)
-      actionpack (= 7.0.2.4)
-      actionview (= 7.0.2.4)
-      activejob (= 7.0.2.4)
-      activesupport (= 7.0.2.4)
+    actionmailer (7.0.3.1)
+      actionpack (= 7.0.3.1)
+      actionview (= 7.0.3.1)
+      activejob (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
      mail (~> 2.5, >= 2.5.4)
      net-imap
      net-pop
      net-smtp
      rails-dom-testing (~> 2.0)
-    actionpack (7.0.2.4)
-      actionview (= 7.0.2.4)
-      activesupport (= 7.0.2.4)
+    actionpack (7.0.3.1)
+      actionview (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
      rack (~> 2.0, >= 2.2.0)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
    actionpack-cloudflare (1.1.0)
      actionpack (>= 3.2)
-    actiontext (7.0.2.4)
-      actionpack (= 7.0.2.4)
-      activerecord (= 7.0.2.4)
-      activestorage (= 7.0.2.4)
-      activesupport (= 7.0.2.4)
+    actiontext (7.0.3.1)
+      actionpack (= 7.0.3.1)
+      activerecord (= 7.0.3.1)
+      activestorage (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
      globalid (>= 0.6.0)
      nokogiri (>= 1.8.5)
-    actionview (7.0.2.4)
-      activesupport (= 7.0.2.4)
+    actionview (7.0.3.1)
+      activesupport (= 7.0.3.1)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
@@ -53,22 +53,22 @@ GEM
      activemodel (>= 4.1, < 7.1)
      case_transform (>= 0.2)
      jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
-    activejob (7.0.2.4)
-      activesupport (= 7.0.2.4)
+    activejob (7.0.3.1)
+      activesupport (= 7.0.3.1)
      globalid (>= 0.3.6)
-    activemodel (7.0.2.4)
-      activesupport (= 7.0.2.4)
-    activerecord (7.0.2.4)
-      activemodel (= 7.0.2.4)
-      activesupport (= 7.0.2.4)
-    activestorage (7.0.2.4)
-      actionpack (= 7.0.2.4)
-      activejob (= 7.0.2.4)
-      activerecord (= 7.0.2.4)
-      activesupport (= 7.0.2.4)
+    activemodel (7.0.3.1)
+      activesupport (= 7.0.3.1)
+    activerecord (7.0.3.1)
+      activemodel (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
+    activestorage (7.0.3.1)
+      actionpack (= 7.0.3.1)
+      activejob (= 7.0.3.1)
+      activerecord (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
      marcel (~> 1.0)
      mini_mime (>= 1.1.0)
-    activesupport (7.0.2.4)
+    activesupport (7.0.3.1)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
@@ -79,13 +79,13 @@ GEM
    autoprefixer-rails (10.4.7.0)
      execjs (~> 2)
    aws-eventstream (1.2.0)
-    aws-partitions (1.587.0)
-    aws-sdk-core (3.130.2)
+    aws-partitions (1.605.0)
+    aws-sdk-core (3.131.2)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.525.0)
      aws-sigv4 (~> 1.1)
-      jmespath (~> 1.0)
-    aws-sdk-kms (1.56.0)
+      jmespath (~> 1, >= 1.6.1)
+    aws-sdk-kms (1.57.0)
      aws-sdk-core (~> 3, >= 3.127.0)
      aws-sigv4 (~> 1.1)
    aws-sdk-s3 (1.113.0)
@@ -154,7 +154,7 @@ GEM
    httparty (0.18.1)
      mime-types (~> 3.0)
      multi_xml (>= 0.5.2)
-    i18n (1.10.0)
+    i18n (1.12.0)
      concurrent-ruby (~> 1.0)
    ibsciss-middleware (0.4.2)
    jmespath (1.6.1)
@@ -162,7 +162,7 @@ GEM
      rails-dom-testing (>= 1, < 3)
      railties (>= 4.2.0)
      thor (>= 0.14, < 2.0)
-    json (2.6.1)
+    json (2.6.2)
    jsonapi-renderer (0.2.2)
    jwt (2.3.0)
    libv8 (8.4.255.0)
@@ -183,8 +183,8 @@ GEM
    mini_portile2 (2.8.0)
    mini_racer (0.3.1)
      libv8 (~> 8.4.255)
-    minitest (5.15.0)
-    msgpack (1.5.1)
+    minitest (5.16.2)
+    msgpack (1.5.3)
    multi_xml (0.6.0)
    mysql2 (0.5.3)
    net-imap (0.2.3)
@@ -212,7 +212,7 @@ GEM
      activesupport
      bunny
    nio4r (2.5.8)
-    nokogiri (1.13.6)
+    nokogiri (1.13.7)
      mini_portile2 (~> 2.8.0)
      racc (~> 1.4)
    pg (1.3.5)
@@ -225,27 +225,27 @@ GEM
    pundit-matchers (1.7.0)
      rspec-rails (>= 3.0.0)
    racc (1.6.0)
-    rack (2.2.3)
+    rack (2.2.4)
    rack-attack (6.6.1)
      rack (>= 1.0, < 3)
    rack-cors (1.1.1)
      rack (>= 2.0.0)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (7.0.2.4)
-      actioncable (= 7.0.2.4)
-      actionmailbox (= 7.0.2.4)
-      actionmailer (= 7.0.2.4)
-      actionpack (= 7.0.2.4)
-      actiontext (= 7.0.2.4)
-      actionview (= 7.0.2.4)
-      activejob (= 7.0.2.4)
-      activemodel (= 7.0.2.4)
-      activerecord (= 7.0.2.4)
-      activestorage (= 7.0.2.4)
-      activesupport (= 7.0.2.4)
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rails (7.0.3.1)
+      actioncable (= 7.0.3.1)
+      actionmailbox (= 7.0.3.1)
+      actionmailer (= 7.0.3.1)
+      actionpack (= 7.0.3.1)
+      actiontext (= 7.0.3.1)
+      actionview (= 7.0.3.1)
+      activejob (= 7.0.3.1)
+      activemodel (= 7.0.3.1)
+      activerecord (= 7.0.3.1)
+      activestorage (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
      bundler (>= 1.15.0)
-      railties (= 7.0.2.4)
+      railties (= 7.0.3.1)
    rails-controller-testing (1.0.5)
      actionpack (>= 5.0.1.rc1)
      actionview (>= 5.0.1.rc1)
@@ -253,11 +253,11 @@ GEM
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
+    rails-html-sanitizer (1.4.3)
      loofah (~> 2.3)
-    railties (7.0.2.4)
-      actionpack (= 7.0.2.4)
-      activesupport (= 7.0.2.4)
+    railties (7.0.3.1)
+      actionpack (= 7.0.3.1)
+      activesupport (= 7.0.3.1)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
@@ -349,7 +349,7 @@ GEM
    thor (1.2.1)
    thread_safe (0.3.6)
    tilt (2.0.10)
-    timeout (0.2.0)
+    timeout (0.3.0)
    turbolinks (5.2.1)
      turbolinks-source (~> 5.2)
    turbolinks-source (5.2.0)
@@ -365,7 +365,7 @@ GEM
    websocket-driver (0.7.5)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
-    zeitwerk (2.5.4)
+    zeitwerk (2.6.0)

 PLATFORMS
  ruby
@@ -400,7 +400,7 @@ DEPENDENCIES
  pundit-matchers (= 1.7.0)
  rack-attack (= 6.6.1)
  rack-cors (= 1.1.1)
-  rails (= 7.0.2.4)
+  rails (= 7.0.3.1)
  rails-controller-testing (= 1.0.5)
  redis (= 4.6.0)
  rspec-rails (= 5.1.1)

--- a/gem-update.sh
+++ b/gem-update.sh
@@ -7,5 +7,6 @@ docker run -it -v "$(pwd)":/app \
      apt-get install -y cmake build-essential; \
      cd /app; \
      gem install bundler:2.1; \
+      bundle outdated; \
      bundle update; \
      bundle install;"