fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-REXML-6861566

Gemfile

@@ -41,19 +41,19 @@ group :test, :development, :ci do
   gem 'pry'
   # Pinning teaspoon to 1.1.5 because of sprockets-rails 2.3.3
   gem 'teaspoon', '1.1.5'
-  gem "overcommit"
-  gem 'rubocop', '~> 0.88.0'
+  gem "overcommit", ">= 0.60.0"
+  gem 'rubocop', '~> 0.89.0'
   gem 'rubocop-ast', '~> 0.3.0'
   gem 'teaspoon-jasmine'
   gem 'simplecov', :require => false
   gem 'minitest'
   gem 'rails_best_practices'
-  gem 'webmock', '~> 2.3.1'
+  gem 'webmock', '~> 3.0.0'
   gem 'vcr'
   gem 'bundler-audit'
   gem 'colorize'
   gem 'brakeman'
-  gem 'selenium-webdriver'
+  gem 'selenium-webdriver', '>= 4.4.0'
   gem 'codecov', :require => false
   gem 'rails-controller-testing'
   gem 'debase'
@@ -95,4 +95,4 @@ gem 'browser'
 gem "reverse_markdown", "~> 2.0"
 gem "tinymce-rails"
 
-gem "devise_saml_authenticatable"
+gem "devise_saml_authenticatable", ">= 1.9.1"

Gemfile.lock

@@ -84,16 +84,17 @@ GEM
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.6)
+      public_suffix (>= 2.0.2, < 6.0)
     airbrussh (1.4.0)
       sshkit (>= 1.6.1, != 1.7.0)
     apipie-rails (0.8.1)
       actionpack (>= 5.0)
       activesupport (>= 5.0)
     arel (9.0.0)
     ast (2.4.2)
-    bcrypt (3.1.18)
+    bcrypt (3.1.20)
+    bigdecimal (3.1.8)
     brakeman (5.2.3)
     browser (5.3.1)
     bson (4.15.0)
@@ -114,7 +115,7 @@ GEM
     capistrano-rails (1.6.2)
       capistrano (~> 3.1)
       capistrano-bundler (>= 1.1, < 3)
-    childprocess (4.1.0)
+    childprocess (5.0.0)
     code_analyzer (0.5.5)
       sexp_processor
     codecov (0.6.0)
@@ -129,22 +130,23 @@ GEM
     coffee-script-source (1.12.2)
     colorize (0.8.1)
     commonjs (0.2.7)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.3)
     cqm-models (4.0.2)
-    crack (0.4.5)
+    crack (1.0.0)
+      bigdecimal
       rexml
     crass (1.0.6)
     daemons (1.4.1)
     debase (0.2.4.1)
       debase-ruby_core_source (>= 0.10.2)
     debase-ruby_core_source (0.10.12)
-    devise (4.8.1)
+    devise (4.9.4)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
-    devise_saml_authenticatable (1.9.0)
+    devise_saml_authenticatable (1.9.1)
       devise (> 2.0.0)
       ruby-saml (~> 1.7)
     docile (1.4.0)
@@ -154,7 +156,7 @@ GEM
       railties (>= 4.2)
     doorkeeper-mongodb (4.1.0)
       doorkeeper (>= 4.0.0, < 5.0)
-    erubi (1.10.0)
+    erubi (1.12.0)
     erubis (2.7.0)
     ethon (0.16.0)
       ffi (>= 1.15.0)
@@ -169,13 +171,13 @@ GEM
       multi_json
       sprockets (>= 2.0.3)
       tilt
-    hashdiff (1.0.1)
+    hashdiff (1.1.0)
     highline (1.7.10)
     htmlentities (4.3.4)
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
-    i18n (1.12.0)
+    i18n (1.14.5)
       concurrent-ruby (~> 1.0)
     iniparse (1.5.0)
     jquery-rails (4.5.0)
@@ -191,26 +193,26 @@ GEM
       sprockets (~> 3.0)
     libv8 (3.16.14.19)
     log4r (1.1.10)
-    loofah (2.18.0)
+    loofah (2.22.0)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
     macaddr (1.7.2)
       systemu (~> 2.6.5)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
     marcel (1.0.2)
     maruku (0.7.3)
     memoist (0.9.3)
-    method_source (1.0.0)
+    method_source (1.1.0)
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2022.0105)
     mimemagic (0.4.3)
       nokogiri (~> 1)
       rake
     mini_mime (1.1.2)
-    mini_portile2 (2.8.0)
-    minitest (5.16.2)
+    mini_portile2 (2.8.6)
+    minitest (5.23.0)
     mongo (2.17.1)
       bson (>= 4.8.2, < 5.0.0)
     mongoid (6.4.8)
@@ -226,30 +228,31 @@ GEM
     netrc (0.11.0)
     newrelic_rpm (8.9.0)
     nio4r (2.5.8)
-    nokogiri (1.13.7)
-      mini_portile2 (~> 2.8.0)
+    nokogiri (1.15.6)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     non-stupid-digest-assets (1.0.9)
       sprockets (>= 2.0)
     oj (3.13.16)
     orm_adapter (0.5.0)
-    overcommit (0.59.1)
-      childprocess (>= 0.6.3, < 5)
+    overcommit (0.63.0)
+      childprocess (>= 0.6.3, < 6)
       iniparse (~> 1.4)
       rexml (~> 3.2)
-    parallel (1.22.1)
-    parser (3.1.2.0)
+    parallel (1.24.0)
+    parser (3.3.1.0)
       ast (~> 2.4.1)
+      racc
     pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
     pry-byebug (3.8.0)
       byebug (~> 11.0)
       pry (~> 0.10)
-    public_suffix (4.0.7)
-    racc (1.6.0)
-    rack (2.2.4)
-    rack-test (2.0.2)
+    public_suffix (5.0.5)
+    racc (1.7.3)
+    rack (2.2.9)
+    rack-test (2.1.0)
       rack (>= 1.3)
     rails (5.2.8.1)
       actioncable (= 5.2.8.1)
@@ -268,11 +271,13 @@ GEM
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
       activesupport (>= 5.0.1.rc1)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
     rails_best_practices (1.23.1)
       activesupport
       code_analyzer (~> 0.5.5)
@@ -288,47 +293,47 @@ GEM
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
     rainbow (3.1.1)
-    rake (13.0.6)
+    rake (13.2.1)
     ref (2.0.0)
-    regexp_parser (2.5.0)
+    regexp_parser (2.9.2)
     require_all (3.0.0)
-    responders (3.0.1)
-      actionpack (>= 5.0)
-      railties (>= 5.0)
+    responders (3.1.1)
+      actionpack (>= 5.2)
+      railties (>= 5.2)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
     reverse_markdown (2.1.1)
       nokogiri
-    rexml (3.2.5)
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
     roo (2.9.0)
       nokogiri (~> 1)
       rubyzip (>= 1.3.0, < 3.0.0)
-    rubocop (0.88.0)
+    rubocop (0.89.1)
       parallel (~> 1.10)
       parser (>= 2.7.1.1)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.7)
       rexml
-      rubocop-ast (>= 0.1.0, < 1.0)
+      rubocop-ast (>= 0.3.0, < 1.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
     rubocop-ast (0.3.0)
       parser (>= 2.7.1.4)
     ruby-debug-ide (0.7.3)
       rake (>= 0.8.1)
-    ruby-progressbar (1.11.0)
-    ruby-saml (1.12.2)
-      nokogiri (>= 1.10.5)
+    ruby-progressbar (1.13.0)
+    ruby-saml (1.16.0)
+      nokogiri (>= 1.13.10)
       rexml
     rubyzip (1.3.0)
     rvm1-capistrano3 (1.4.0)
       capistrano (~> 3.0)
       sshkit (>= 1.2)
-    selenium-webdriver (4.3.0)
-      childprocess (>= 0.5, < 5.0)
+    selenium-webdriver (4.9.0)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
       websocket (~> 1.0)
@@ -349,6 +354,7 @@ GEM
     sshkit (1.21.2)
       net-scp (>= 1.1.2)
       net-ssh (>= 2.8.0)
+    strscan (3.1.0)
     systemu (2.6.5)
     teaspoon (1.1.5)
       railties (>= 3.2.5, < 6)
@@ -361,14 +367,14 @@ GEM
       daemons (~> 1.0, >= 1.0.9)
       eventmachine (~> 1.0, >= 1.0.4)
       rack (>= 1, < 3)
-    thor (1.2.1)
+    thor (1.3.1)
     thread_safe (0.3.6)
     tilt (2.0.10)
     tinymce-rails (5.8.1)
       railties (>= 3.1.1)
     typhoeus (1.4.0)
       ethon (>= 0.9.0)
-    tzinfo (1.2.9)
+    tzinfo (1.2.11)
       thread_safe (~> 0.1)
     uglifier (4.1.20)
       execjs (>= 0.3.0, < 3)
@@ -381,11 +387,11 @@ GEM
     vcr (6.1.0)
     warden (1.2.9)
       rack (>= 2.0.9)
-    webmock (2.3.2)
+    webmock (3.0.1)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff
-    websocket (1.2.9)
+    websocket (1.2.10)
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -410,7 +416,7 @@ DEPENDENCIES
   cqm-parsers!
   debase
   devise
-  devise_saml_authenticatable
+  devise_saml_authenticatable (>= 1.9.1)
   doorkeeper (~> 4.4.0)
   doorkeeper-mongodb (~> 4.1.0)
   exception_notification!
@@ -425,7 +431,7 @@ DEPENDENCIES
   newrelic_rpm
   non-stupid-digest-assets
   oj
-  overcommit
+  overcommit (>= 0.60.0)
   pry
   pry-byebug
   rails (= 5.2.8.1)
@@ -434,12 +440,12 @@ DEPENDENCIES
   rest-client
   reverse_markdown (~> 2.0)
   roo (~> 2.7)
-  rubocop (~> 0.88.0)
+  rubocop (~> 0.89.0)
   rubocop-ast (~> 0.3.0)
   ruby-debug-ide (~> 0.7.3)
   rubyzip (>= 1.3.0)
   rvm1-capistrano3
-  selenium-webdriver
+  selenium-webdriver (>= 4.4.0)
   simplecov
   sprockets
   sprockets-rails (= 2.3.3)
@@ -451,7 +457,7 @@ DEPENDENCIES
   tinymce-rails
   uglifier (~> 4.1.20)
   vcr
-  webmock (~> 2.3.1)
+  webmock (~> 3.0.0)
   zip-zip
 
 BUNDLED WITH