diff --git a/.bundler-audit.yml b/.bundler-audit.yml index 5426715..6704ea5 100644 --- a/.bundler-audit.yml +++ b/.bundler-audit.yml @@ -1,4 +1,3 @@ --- ignore: - CVE-2024-27456 # https://github.com/advisories/GHSA-785g-282q-pwvx (packaging issue with rack-cors) - - CVE-2024-54133 # https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v (We don’t generate CSP from user input) diff --git a/Gemfile b/Gemfile index 8bee6db..7e48d66 100644 --- a/Gemfile +++ b/Gemfile @@ -20,7 +20,7 @@ gem 'rack-accept', require: 'rack/accept' gem 'rack-canonical-host', '1.3.0' gem 'rack-cors', require: 'rack/cors' gem 'rack-ssl', require: 'rack/ssl' -gem 'rails', '6.1.7.9' +gem 'rails', '6.1.7.7' gem 'ranked-model' gem 'sass-rails', '~> 5.1' gem 'sentry-rails' diff --git a/Gemfile.lock b/Gemfile.lock index 4280d2e..71781e6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,63 +1,63 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.9) - actionpack (= 6.1.7.9) - activesupport (= 6.1.7.9) + actioncable (6.1.7.7) + actionpack (= 6.1.7.7) + activesupport (= 6.1.7.7) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.9) - actionpack (= 6.1.7.9) - activejob (= 6.1.7.9) - activerecord (= 6.1.7.9) - activestorage (= 6.1.7.9) - activesupport (= 6.1.7.9) + actionmailbox (6.1.7.7) + actionpack (= 6.1.7.7) + activejob (= 6.1.7.7) + activerecord (= 6.1.7.7) + activestorage (= 6.1.7.7) + activesupport (= 6.1.7.7) mail (>= 2.7.1) - actionmailer (6.1.7.9) - actionpack (= 6.1.7.9) - actionview (= 6.1.7.9) - activejob (= 6.1.7.9) - activesupport (= 6.1.7.9) + actionmailer (6.1.7.7) + actionpack (= 6.1.7.7) + actionview (= 6.1.7.7) + activejob (= 6.1.7.7) + activesupport (= 6.1.7.7) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.7.9) - actionview (= 6.1.7.9) - activesupport (= 6.1.7.9) + actionpack (6.1.7.7) + actionview (= 6.1.7.7) + activesupport (= 6.1.7.7) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.9) - actionpack (= 6.1.7.9) - activerecord (= 6.1.7.9) - activestorage (= 6.1.7.9) - activesupport (= 6.1.7.9) + actiontext (6.1.7.7) + actionpack (= 6.1.7.7) + activerecord (= 6.1.7.7) + activestorage (= 6.1.7.7) + activesupport (= 6.1.7.7) nokogiri (>= 1.8.5) - actionview (6.1.7.9) - activesupport (= 6.1.7.9) + actionview (6.1.7.7) + activesupport (= 6.1.7.7) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.9) - activesupport (= 6.1.7.9) + activejob (6.1.7.7) + activesupport (= 6.1.7.7) globalid (>= 0.3.6) - activemodel (6.1.7.9) - activesupport (= 6.1.7.9) - activerecord (6.1.7.9) - activemodel (= 6.1.7.9) - activesupport (= 6.1.7.9) + activemodel (6.1.7.7) + activesupport (= 6.1.7.7) + activerecord (6.1.7.7) + activemodel (= 6.1.7.7) + activesupport (= 6.1.7.7) activerecord_json_validator (2.1.5) activerecord (>= 4.2.0, < 8) json_schemer (~> 0.2.18) - activestorage (6.1.7.9) - actionpack (= 6.1.7.9) - activejob (= 6.1.7.9) - activerecord (= 6.1.7.9) - activesupport (= 6.1.7.9) + activestorage (6.1.7.7) + actionpack (= 6.1.7.7) + activejob (= 6.1.7.7) + activerecord (= 6.1.7.7) + activesupport (= 6.1.7.7) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.9) + activesupport (6.1.7.7) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -72,7 +72,6 @@ GEM babel-transpiler (0.7.0) babel-source (>= 4.0, < 6) execjs (~> 2.0) - base64 (0.2.0) bcrypt (3.1.19) bigdecimal (3.1.7) blockenspiel (0.5.0) @@ -83,7 +82,7 @@ GEM activemodel (>= 3.0.0) brakeman (6.1.2) racc - builder (3.3.0) + builder (3.2.4) bundler-audit (0.9.1) bundler (>= 1.2.0, < 3) thor (~> 1.0) @@ -91,13 +90,13 @@ GEM activerecord (>= 3.0.0) activesupport (>= 3.0.0) cancancan (3.5.0) - concurrent-ruby (1.3.4) + concurrent-ruby (1.2.3) crass (1.0.6) database_cleaner-active_record (2.1.0) activerecord (>= 5.a) database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) - date (3.4.1) + date (3.3.4) devise (4.9.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) @@ -107,7 +106,7 @@ GEM diff-lcs (1.5.1) ecma-re-validator (0.4.0) regexp_parser (~> 2.2) - erubi (1.13.1) + erubi (1.12.0) execjs (2.8.1) factory_bot (6.4.5) activesupport (>= 5.0.0) @@ -122,7 +121,7 @@ GEM globalid (1.2.1) activesupport (>= 6.1) hana (1.3.7) - i18n (1.14.6) + i18n (1.14.4) concurrent-ruby (~> 1.0) jquery-turbolinks (2.1.0) railties (>= 3.1.0) @@ -135,7 +134,7 @@ GEM simpleidn (~> 0.2) uri_template (~> 0.7) language_server-protocol (3.17.0.3) - loofah (2.24.0) + loofah (2.22.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.8.1) @@ -143,25 +142,25 @@ GEM net-imap net-pop net-smtp - marcel (1.0.4) - method_source (1.1.0) + marcel (1.0.2) + method_source (1.0.0) mini_check (0.3.0) json mini_mime (1.1.5) - mini_portile2 (2.8.8) - minitest (5.25.4) + mini_portile2 (2.8.5) + minitest (5.22.3) msgpack (1.7.2) - net-imap (0.5.5) + net-imap (0.4.10) date net-protocol net-pop (0.1.2) net-protocol net-protocol (0.2.2) timeout - net-smtp (0.5.0) + net-smtp (0.4.0.1) net-protocol - nio4r (2.7.4) - nokogiri (1.18.1) + nio4r (2.7.0) + nokogiri (1.16.3) mini_portile2 (~> 2.8.2) racc (~> 1.4) orm_adapter (0.5.0) @@ -174,10 +173,10 @@ GEM racc pg (1.5.6) public_suffix (5.0.4) - puma (6.5.0) + puma (6.4.2) nio4r (~> 2.0) - racc (1.8.1) - rack (2.2.10) + racc (1.7.3) + rack (2.2.9) rack-accept (0.4.5) rack (>= 0.4) rack-canonical-host (1.3.0) @@ -187,43 +186,43 @@ GEM rack (>= 2.0.0) rack-ssl (1.4.1) rack - rack-test (2.2.0) + rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.9) - actioncable (= 6.1.7.9) - actionmailbox (= 6.1.7.9) - actionmailer (= 6.1.7.9) - actionpack (= 6.1.7.9) - actiontext (= 6.1.7.9) - actionview (= 6.1.7.9) - activejob (= 6.1.7.9) - activemodel (= 6.1.7.9) - activerecord (= 6.1.7.9) - activestorage (= 6.1.7.9) - activesupport (= 6.1.7.9) + rails (6.1.7.7) + actioncable (= 6.1.7.7) + actionmailbox (= 6.1.7.7) + actionmailer (= 6.1.7.7) + actionpack (= 6.1.7.7) + actiontext (= 6.1.7.7) + actionview (= 6.1.7.7) + activejob (= 6.1.7.7) + activemodel (= 6.1.7.7) + activerecord (= 6.1.7.7) + activestorage (= 6.1.7.7) + activesupport (= 6.1.7.7) bundler (>= 1.15.0) - railties (= 6.1.7.9) + railties (= 6.1.7.7) sprockets-rails (>= 2.0.0) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.6.2) + rails-html-sanitizer (1.6.0) loofah (~> 2.21) - nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) + nokogiri (~> 1.14) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.3) - railties (6.1.7.9) - actionpack (= 6.1.7.9) - activesupport (= 6.1.7.9) + railties (6.1.7.7) + actionpack (= 6.1.7.7) + activesupport (= 6.1.7.7) method_source rake (>= 12.2) thor (~> 1.0) rainbow (3.1.1) - rake (13.2.1) + rake (13.1.0) ranked-model (0.4.9) activerecord (>= 5.2) regexp_parser (2.9.0) @@ -232,7 +231,7 @@ GEM responders (3.1.1) actionpack (>= 5.2) railties (>= 5.2) - rexml (3.4.0) + rexml (3.2.6) rspec-core (3.13.0) rspec-support (~> 3.13.0) rspec-expectations (3.13.0) @@ -287,21 +286,20 @@ GEM spring (4.1.3) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - sprockets (3.7.5) - base64 + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-es6 (0.9.2) babel-source (>= 5.8.11) babel-transpiler sprockets (>= 3.0.0) - sprockets-rails (3.5.2) - actionpack (>= 6.1) - activesupport (>= 6.1) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) - thor (1.3.2) + thor (1.3.1) tilt (2.0.10) - timeout (0.4.3) + timeout (0.4.1) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) @@ -318,11 +316,10 @@ GEM blockenspiel (~> 0.5) warden (1.2.9) rack (>= 2.0.9) - websocket-driver (0.7.7) - base64 + websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.7.1) + zeitwerk (2.6.13) PLATFORMS ruby @@ -352,7 +349,7 @@ DEPENDENCIES rack-canonical-host (= 1.3.0) rack-cors rack-ssl - rails (= 6.1.7.9) + rails (= 6.1.7.7) rails_12factor ranked-model rspec-rails (~> 6.1) diff --git a/Makefile b/Makefile index 4846d2e..72ee17b 100644 --- a/Makefile +++ b/Makefile @@ -102,7 +102,7 @@ check: check-dependencies-security check-code-security .PHONY: check-dependencies-security check-dependencies-security: bundle exec bundle-audit check --update - npm audit --production --audit-level=critical + npm audit --production .PHONY: check-code-security check-code-security: