fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-8454495 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-8453714 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-8447886 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-8448218 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-8448407 - https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-8448516
GSA · Dec 5, 2024 · dc8f4b0 · dc8f4b0
1 parent 2ca257d
commit dc8f4b0
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 62 deletions.
diff --git a/Gemfile b/Gemfile
@@ -48,7 +48,7 @@ gem "rubocop-rails"
 gem "rubocop-rspec"
 gem 'active_model_serializers'
 gem 'acts-as-list'
-gem 'aws-sdk-rails', '>= 3.8.0'
+gem 'aws-sdk-rails', '>= 4.2.0'
 gem 'aws-sdk-s3'
 gem 'carrierwave', '>= 2.2.1'
 gem 'devise', '>= 4.8.1'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -102,51 +102,22 @@ GEM
     aes_key_wrap (1.1.0)
     ast (2.4.2)
     aws-eventstream (1.3.0)
-    aws-partitions (1.997.0)
-    aws-record (2.13.2)
-      aws-sdk-dynamodb (~> 1, >= 1.85.0)
-    aws-sdk-core (3.211.0)
+    aws-partitions (1.1018.0)
+    aws-sdk-core (3.214.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-dynamodb (1.126.0)
+    aws-sdk-kms (1.96.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-kms (1.95.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
-      aws-sigv4 (~> 1.5)
-    aws-sdk-rails (4.1.0)
-      actionmailbox (>= 7.0.0)
-      aws-record (~> 2)
-      aws-sdk-s3 (~> 1, >= 1.123.0)
-      aws-sdk-ses (~> 1, >= 1.50.0)
-      aws-sdk-sesv2 (~> 1, >= 1.34.0)
-      aws-sdk-sns (~> 1, >= 1.61.0)
-      aws-sdk-sqs (~> 1, >= 1.56.0)
-      aws-sessionstore-dynamodb (~> 2)
-      concurrent-ruby (~> 1.3, >= 1.3.1)
-      railties (>= 7.0.0)
-    aws-sdk-s3 (1.169.0)
+    aws-sdk-rails (5.0.0)
+      aws-sdk-core (~> 3)
+      railties (>= 7.1.0)
+    aws-sdk-s3 (1.176.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sdk-ses (1.76.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
-      aws-sigv4 (~> 1.5)
-    aws-sdk-sesv2 (1.65.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
-      aws-sigv4 (~> 1.5)
-    aws-sdk-sns (1.89.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
-      aws-sigv4 (~> 1.5)
-    aws-sdk-sqs (1.87.0)
-      aws-sdk-core (~> 3, >= 3.210.0)
-      aws-sigv4 (~> 1.5)
-    aws-sessionstore-dynamodb (2.2.0)
-      aws-sdk-dynamodb (~> 1, >= 1.85.0)
-      rack (>= 2, < 4)
-      rack-session (>= 1, < 3)
     aws-sigv4 (1.10.1)
       aws-eventstream (~> 1, >= 1.0.2)
     axe-core-api (4.10.1)
@@ -209,7 +180,7 @@ GEM
       activerecord (>= 5.a)
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
-    date (3.3.4)
+    date (3.4.1)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
     devise (4.9.4)
@@ -278,7 +249,7 @@ GEM
       actionpack (>= 6.0.0)
       activesupport (>= 6.0.0)
       railties (>= 6.0.0)
-    io-console (0.7.2)
+    io-console (0.8.0)
     irb (1.14.1)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
@@ -319,7 +290,7 @@ GEM
     listen (3.9.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    logger (1.6.1)
+    logger (1.6.2)
     logstop (0.3.1)
     loofah (2.23.1)
       crass (~> 1.0.2)
@@ -338,14 +309,14 @@ GEM
     mime-types-data (3.2024.1001)
     mini_magick (4.13.2)
     mini_mime (1.1.5)
-    minitest (5.25.1)
+    minitest (5.25.4)
     msgpack (1.7.3)
     multi_json (1.15.0)
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
     net-http (0.4.1)
       uri
-    net-imap (0.5.0)
+    net-imap (0.5.1)
       date
       net-protocol
     net-pop (0.1.2)
@@ -356,17 +327,17 @@ GEM
       net-protocol
     newrelic_rpm (9.14.0)
     nio4r (2.7.3)
-    nokogiri (1.16.7-aarch64-linux)
+    nokogiri (1.16.8-aarch64-linux)
       racc (~> 1.4)
-    nokogiri (1.16.7-arm-linux)
+    nokogiri (1.16.8-arm-linux)
       racc (~> 1.4)
-    nokogiri (1.16.7-arm64-darwin)
+    nokogiri (1.16.8-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.7-x86-linux)
+    nokogiri (1.16.8-x86-linux)
       racc (~> 1.4)
-    nokogiri (1.16.7-x86_64-darwin)
+    nokogiri (1.16.8-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.7-x86_64-linux)
+    nokogiri (1.16.8-x86_64-linux)
       racc (~> 1.4)
     oauth2 (2.0.9)
       faraday (>= 0.17.3, < 3.0)
@@ -401,7 +372,8 @@ GEM
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    psych (5.1.2)
+    psych (5.2.1)
+      date
       stringio
     public_suffix (6.0.1)
     puma (6.4.3)
@@ -417,9 +389,8 @@ GEM
       rack (>= 3.0.0)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rackup (2.1.0)
+    rackup (2.2.1)
       rack (>= 3)
-      webrick (~> 1.8)
     rails (7.2.1.2)
       actioncable (= 7.2.1.2)
       actionmailbox (= 7.2.1.2)
@@ -447,9 +418,9 @@ GEM
       activesupport (>= 4.2)
       choice (~> 0.2.0)
       ruby-graphviz (~> 1.2)
-    rails-html-sanitizer (1.6.0)
+    rails-html-sanitizer (1.6.1)
       loofah (~> 2.21)
-      nokogiri (~> 1.14)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
     railties (7.2.1.2)
       actionpack (= 7.2.1.2)
       activesupport (= 7.2.1.2)
@@ -463,7 +434,7 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.11.1)
       ffi (~> 1.0)
-    rdoc (6.7.0)
+    rdoc (6.8.1)
       psych (>= 4.0.0)
     redis (5.3.0)
       redis-client (>= 0.22.0)
@@ -472,7 +443,7 @@ GEM
     redis-namespace (1.11.0)
       redis (>= 4)
     regexp_parser (2.9.2)
-    reline (0.5.10)
+    reline (0.5.12)
       io-console (~> 0.5)
     request_store (1.7.0)
       rack (>= 1.4)
@@ -536,7 +507,7 @@ GEM
       sprockets (> 3.0)
       sprockets-rails
       tilt
-    securerandom (0.3.1)
+    securerandom (0.4.0)
     selenium-webdriver (4.25.0)
       base64 (~> 0.2)
       logger (~> 1.4)
@@ -567,11 +538,11 @@ GEM
     ssrf_filter (1.1.2)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
-    stringio (3.1.1)
+    stringio (3.1.2)
     thor (1.3.2)
     thread_safe (0.3.6)
     tilt (2.4.0)
-    timeout (0.4.1)
+    timeout (0.4.2)
     turbo-rails (2.0.11)
       actionpack (>= 6.0.0)
       railties (>= 6.0.0)
@@ -580,7 +551,7 @@ GEM
     unicode-display_width (2.6.0)
     uniform_notifier (1.16.0)
     uri (0.13.1)
-    useragent (0.16.10)
+    useragent (0.16.11)
     version_gem (1.1.4)
     virtus (2.0.0)
       axiom-types (~> 0.1)
@@ -593,7 +564,6 @@ GEM
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    webrick (1.8.2)
     websocket (1.2.11)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
@@ -624,7 +594,7 @@ DEPENDENCIES
   active_model_serializers
   acts-as-list
   acts-as-taggable-on
-  aws-sdk-rails (>= 3.8.0)
+  aws-sdk-rails (>= 4.2.0)
   aws-sdk-s3
   axe-core-rspec
   bootsnap
@@ -683,4 +653,4 @@ RUBY VERSION
    ruby 3.2.4p170
 
 BUNDLED WITH
-   2.5.16
+   2.4.6