Skip to content

[Snyk] Fix for 96 vulnerabilities #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rubybrowncoat wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 96 vulnerabilities #83

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,25 +7,25 @@ end


# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '~> 5.1.6', '>= 5.1.6.1'
gem 'rails', '~> 7.1.0'
Copy link

Copilot AI Jul 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a major version upgrade from Rails 5.1.x to 7.1.x which introduces significant breaking changes. Consider upgrading incrementally through Rails 6.x first, or ensure comprehensive testing is performed as this change will likely require substantial application code updates.

Suggested change
gem 'rails', '~> 7.1.0'
gem 'rails', '~> 6.1.0'

Copilot uses AI. Check for mistakes.
# Use postgresql as the database for Active Record
gem 'pg', '>= 0.18', '< 2.0'
# Use Puma as the app server
gem 'puma', '~> 3.7'
Copy link

Copilot AI Jul 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Puma 3.7 has known security vulnerabilities that should be addressed. The PR description mentions Puma vulnerabilities but this line wasn't updated. Consider updating to a more recent secure version like '> 5.0' or '> 6.0'.

Suggested change
gem 'puma', '~> 3.7'
gem 'puma', '~> 6.0'

Copilot uses AI. Check for mistakes.
# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
gem 'jbuilder', '~> 2.5'
gem 'jbuilder', '~> 2.8', '>= 2.8.0'
# Use Redis adapter to run Action Cable in production
gem 'redis', '~> 4.0'
# Use ActiveModel has_secure_password
gem 'bcrypt', '~> 3.1.7'

# Use Capistrano for deployment
group :development do
gem 'capistrano', require: false
gem 'capistrano', '>= 3.10.2', require: false
gem 'capistrano-rvm', require: false
gem 'capistrano-rails', require: false
gem 'capistrano-bundler', require: false
gem 'capistrano3-puma', require: false
gem 'capistrano-rails', '>= 1.4.0', require: false
gem 'capistrano-bundler', '>= 1.4.0', require: false
gem 'capistrano3-puma', '>= 5.0.0', require: false
end

# Use Rack CORS for handling Cross-Origin Resource Sharing (CORS), making cross-origin AJAX possible
Expand All @@ -48,8 +48,8 @@ gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]

# Active Admin
gem 'activeadmin', github: 'activeadmin'
Copy link

Copilot AI Jul 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a GitHub reference without specifying a branch, tag, or commit hash can lead to unpredictable builds. Consider pinning to a specific version or at least a stable branch to ensure reproducible deployments.

Suggested change
gem 'activeadmin', github: 'activeadmin'
gem 'activeadmin', github: 'activeadmin', tag: 'v2.9.0'

Copilot uses AI. Check for mistakes.
gem 'devise', '>= 4.4.1'
gem 'draper', '>= 3.0.1'
gem 'devise', '>= 4.7.0'
gem 'draper', '>= 3.1.0'
gem 'inherited_resources', git: 'https://github.com/activeadmin/inherited_resources'
Copy link

Copilot AI Jul 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a Git reference without specifying a branch, tag, or commit hash can lead to unpredictable builds. Consider pinning to a specific version or commit to ensure reproducible deployments.

Suggested change
gem 'inherited_resources', git: 'https://github.com/activeadmin/inherited_resources'
gem 'inherited_resources', git: 'https://github.com/activeadmin/inherited_resources', ref: 'a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0'

Copilot uses AI. Check for mistakes.

# PNG
Expand Down