From 3fdf88591a37dfe03e68b683f5c7709375910a55 Mon Sep 17 00:00:00 2001 From: Jesus Federico Date: Tue, 28 Nov 2023 16:28:04 -0500 Subject: [PATCH] [Snyk] Security upgrade factory_bot_rails from 6.2.0 to 6.3.0 (#252) * fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 * update gemfile.lock --------- Co-authored-by: snyk-bot Co-authored-by: Mariam05 --- Gemfile | 2 +- Gemfile.lock | 119 ++++++++++++++++++++++++--------------------------- 2 files changed, 57 insertions(+), 64 deletions(-) diff --git a/Gemfile b/Gemfile index 381a3453..c59c53fc 100644 --- a/Gemfile +++ b/Gemfile @@ -69,7 +69,7 @@ group :test do # Easy installation and use of chromedriver to run system tests with Chrome # gem 'chromedriver-helper' gem 'database_cleaner-active_record' - gem 'factory_bot_rails' + gem 'factory_bot_rails', '>= 6.3.0' gem 'faker' gem 'rails-controller-testing' gem 'webdrivers' diff --git a/Gemfile.lock b/Gemfile.lock index 186e497f..f7007b83 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -76,10 +76,10 @@ GEM minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) - addressable (2.8.4) + addressable (2.8.5) public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) - base64 (0.1.1) + base64 (0.2.0) bigbluebutton-api-ruby (1.9.1) childprocess (>= 1.0.1) ffi (>= 1.9.24) @@ -91,7 +91,7 @@ GEM bindex (0.8.1) builder (3.2.4) byebug (11.1.3) - capybara (3.39.0) + capybara (3.39.2) addressable matrix mini_mime (>= 0.1.3) @@ -100,7 +100,7 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) - cgi (0.3.6) + cgi (0.4.0) childprocess (4.1.0) concurrent-ruby (1.2.2) coveralls (0.8.23) @@ -116,31 +116,31 @@ GEM activerecord (>= 5.a) database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) - date (3.3.3) + date (3.3.4) diff-lcs (1.5.0) docile (1.4.0) - domain_name (0.5.20190701) - unf (>= 0.0.5, < 1.0.0) + domain_name (0.6.20231109) dotenv (2.8.1) dotenv-rails (2.8.1) dotenv (= 2.8.1) railties (>= 3.2) erubi (1.12.0) - execjs (2.8.1) - factory_bot (6.2.1) + execjs (2.9.1) + factory_bot (6.4.2) activesupport (>= 5.0.0) - factory_bot_rails (6.2.0) - factory_bot (~> 6.2.0) + factory_bot_rails (6.4.2) + factory_bot (~> 6.4) railties (>= 5.0.0) - faker (3.2.0) + faker (3.2.2) i18n (>= 1.8.11, < 2) - faraday (2.7.4) + faraday (2.7.12) + base64 faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) - ffi (1.15.5) - globalid (1.1.0) - activesupport (>= 5.0) + ffi (1.16.3) + globalid (1.2.1) + activesupport (>= 6.1) hashdiff (1.0.1) hashie (5.0.0) http-accept (1.7.0) @@ -152,7 +152,7 @@ GEM actionview (>= 5.0.0) activesupport (>= 5.0.0) json (2.6.3) - jwt (2.7.0) + jwt (2.7.1) language_server-protocol (3.17.0.3) listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) @@ -162,7 +162,7 @@ GEM activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.21.4) + loofah (2.22.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.8.1) @@ -173,29 +173,25 @@ GEM marcel (1.0.2) matrix (0.4.2) method_source (1.0.0) - mime-types (3.4.1) + mime-types (3.5.1) mime-types-data (~> 3.2015) - mime-types-data (3.2023.0218.1) + mime-types-data (3.2023.1003) mini_mime (1.1.5) - mini_portile2 (2.8.4) minitest (5.20.0) multi_json (1.15.0) multi_xml (0.6.0) - net-imap (0.3.7) + net-imap (0.4.6) date net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.2.1) + net-protocol (0.2.2) timeout - net-smtp (0.3.3) + net-smtp (0.4.0) net-protocol netrc (0.11.0) - nio4r (2.5.9) - nokogiri (1.15.4) - mini_portile2 (~> 2.8.2) - racc (~> 1.4) - nokogiri (1.15.4-x86_64-linux) + nio4r (2.6.1) + nokogiri (1.15.5-x86_64-linux) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -214,22 +210,22 @@ GEM omniauth-rails_csrf_protection (1.0.1) actionpack (>= 4.2) omniauth (~> 2.0) - pagy (6.0.4) + pagy (6.2.0) parallel (1.23.0) - parser (3.2.2.3) + parser (3.2.2.4) ast (~> 2.4.1) racc - pg (1.5.3) - psych (5.1.0) + pg (1.5.4) + psych (5.1.1.1) stringio - public_suffix (5.0.1) + public_suffix (5.0.4) puma (5.6.7) nio4r (~> 2.0) - racc (1.7.1) + racc (1.7.3) rack (2.2.8) - rack-protection (3.0.6) - rack - rack-proxy (0.7.6) + rack-protection (3.1.0) + rack (~> 2.2, >= 2.2.4) + rack-proxy (0.7.7) rack rack-test (2.1.0) rack (>= 1.3) @@ -266,17 +262,17 @@ GEM rake (>= 12.2) thor (~> 1.0) rainbow (3.1.1) - rake (13.0.6) + rake (13.1.0) rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - rdoc (6.5.0) + rdoc (6.6.0) psych (>= 4.0.0) redis (4.8.1) - regexp_parser (2.8.1) + regexp_parser (2.8.2) remote_syslog_logger (1.0.4) syslog_protocol - repost (0.4.1) + repost (0.4.2) request_store (1.5.1) rack (>= 1.4) rest-client (2.1.0) @@ -308,24 +304,24 @@ GEM rspec-support (3.12.1) rspec_junit_formatter (0.6.0) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (1.56.2) - base64 (~> 0.1.1) + rubocop (1.57.2) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) - parser (>= 3.2.2.3) + parser (>= 3.2.2.4) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml (>= 3.2.5, < 4.0) rubocop-ast (>= 1.28.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.29.0) + rubocop-ast (1.30.0) parser (>= 3.2.1.0) - rubocop-rails (2.21.0) + rubocop-rails (2.22.2) activesupport (>= 4.2.0) rack (>= 1.1) rubocop (>= 1.33.0, < 2.0) + rubocop-ast (>= 1.30.0, < 2.0) ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) rubyzip (2.3.2) @@ -339,7 +335,7 @@ GEM sprockets (> 3.0) sprockets-rails tilt - selenium-webdriver (4.9.1) + selenium-webdriver (4.10.0) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) websocket (~> 1.0) @@ -356,21 +352,21 @@ GEM spring-watcher-listen (2.0.1) listen (>= 2.7, < 4.0) spring (>= 1.2, < 3.0) - sprockets (4.2.0) + sprockets (4.2.1) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) sprockets-rails (3.4.2) actionpack (>= 5.2) activesupport (>= 5.2) sprockets (>= 3.0.0) - stringio (3.0.6) + stringio (3.1.0) sync (0.5.0) syslog_protocol (0.9.2) term-ansicolor (1.7.1) tins (~> 1.0) - thor (1.2.2) - tilt (2.1.0) - timeout (0.4.0) + thor (1.3.0) + tilt (2.3.0) + timeout (0.4.1) tins (1.32.1) sync turbolinks (5.2.1) @@ -382,21 +378,18 @@ GEM tzinfo (>= 1.0.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) - unf (0.1.4) - unf_ext - unf_ext (0.0.8.2) - unicode-display_width (2.4.2) - version_gem (1.1.2) + unicode-display_width (2.5.0) + version_gem (1.1.3) web-console (4.2.1) actionview (>= 6.0.0) activemodel (>= 6.0.0) bindex (>= 0.4.0) railties (>= 6.0.0) - webdrivers (5.2.0) + webdrivers (5.3.1) nokogiri (~> 1.6) rubyzip (>= 1.3.0) - selenium-webdriver (~> 4.0) - webmock (3.18.1) + selenium-webdriver (~> 4.0, < 4.11) + webmock (3.19.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -405,7 +398,7 @@ GEM rack-proxy (>= 0.6.1) railties (>= 5.2) semantic_range (>= 2.3.0) - websocket (1.2.9) + websocket (1.2.10) websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -428,7 +421,7 @@ DEPENDENCIES coveralls database_cleaner-active_record dotenv-rails - factory_bot_rails + factory_bot_rails (>= 6.3.0) faker jbuilder (~> 2.11, >= 2.11.5) json