fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#5838)

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-7164639 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-7210237 Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Ahmad Farhat <[email protected]>
bigbluebutton · Jun 24, 2024 · 60e79bd · 60e79bd
1 parent f2f9226
commit 60e79bd
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/Gemfile b/Gemfile
@@ -32,7 +32,7 @@ gem 'pg'
 gem 'puma', '~> 5.6'
 gem 'rails', '~> 7.1.3', '>= 7.1.3.3'
 gem 'redis', '~> 4.0'
-gem 'sprockets-rails'
+gem 'sprockets-rails', '>= 3.5.0'
 gem 'tzinfo-data', platforms: %i[mingw mswin x64_mingw jruby]
 
 group :development, :test do

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -442,12 +442,12 @@ GEM
       faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
       multi_json (~> 1.10)
-    sprockets (4.2.0)
+    sprockets (4.2.1)
       concurrent-ruby (~> 1.0)
       rack (>= 2.2.4, < 4)
-    sprockets-rails (3.4.2)
-      actionpack (>= 5.2)
-      activesupport (>= 5.2)
+    sprockets-rails (3.5.0)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
       sprockets (>= 3.0.0)
     stringio (3.1.0)
     swd (2.0.2)
@@ -546,7 +546,7 @@ DEPENDENCIES
   rubocop-rspec (~> 2.9.0)
   selenium-webdriver
   shoulda-matchers (~> 5.0)
-  sprockets-rails
+  sprockets-rails (>= 3.5.0)
   tzinfo-data
   web-console (>= 4.2.1)
   webdrivers