From f5b160868b9bdfe19ceadc0e837d8b76e9dda9a2 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Mon, 1 Jun 2026 13:52:14 -0500 Subject: [PATCH] Gemfile: Update Gems for security fixes * Rails: 8.0.2 -> 8.0.5 for multiple CVEs in Active Storage. Since LAF uses Active Storage, this seems more critical than in the other repos. * Other gems: Updated to versions that fix various vulnerabilities. OmniAuth is notably still vulnerable to CSRF issues, but that is because it hasn't been updated to the 2.x branch in LAF yet. All other known vulnerabilities are patched. --- .idea/lost-and-found.iml | 50 +++++++------- Gemfile | 2 +- Gemfile.lock | 139 ++++++++++++++++++++------------------- 3 files changed, 98 insertions(+), 93 deletions(-) diff --git a/.idea/lost-and-found.iml b/.idea/lost-and-found.iml index 67d9c14..c1a748b 100644 --- a/.idea/lost-and-found.iml +++ b/.idea/lost-and-found.iml @@ -29,19 +29,19 @@ - - - - - - - - - + + + + + + + + + - - - + + + @@ -68,7 +68,7 @@ - + @@ -76,7 +76,7 @@ - + @@ -90,19 +90,20 @@ - + - + - + - + + @@ -115,25 +116,26 @@ - - + + + - + - + - + - + diff --git a/Gemfile b/Gemfile index e7fbed0..ced338d 100644 --- a/Gemfile +++ b/Gemfile @@ -21,7 +21,7 @@ gem 'pg' gem 'pg_search' gem 'puma', '~> 7.2' gem 'puma-plugin-delayed_stop', '~> 0.1.2' -gem 'rails', '~> 8.0.2' +gem 'rails', '~> 8.0.5' gem 'sass-rails', '~> 6.0' gem 'typesafe_enum' gem 'webpacker', '~> 5.4' diff --git a/Gemfile.lock b/Gemfile.lock index e2183a8..30868cb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,29 +11,29 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (8.0.4) - actionpack (= 8.0.4) - activesupport (= 8.0.4) + actioncable (8.0.5) + actionpack (= 8.0.5) + activesupport (= 8.0.5) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (8.0.4) - actionpack (= 8.0.4) - activejob (= 8.0.4) - activerecord (= 8.0.4) - activestorage (= 8.0.4) - activesupport (= 8.0.4) + actionmailbox (8.0.5) + actionpack (= 8.0.5) + activejob (= 8.0.5) + activerecord (= 8.0.5) + activestorage (= 8.0.5) + activesupport (= 8.0.5) mail (>= 2.8.0) - actionmailer (8.0.4) - actionpack (= 8.0.4) - actionview (= 8.0.4) - activejob (= 8.0.4) - activesupport (= 8.0.4) + actionmailer (8.0.5) + actionpack (= 8.0.5) + actionview (= 8.0.5) + activejob (= 8.0.5) + activesupport (= 8.0.5) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (8.0.4) - actionview (= 8.0.4) - activesupport (= 8.0.4) + actionpack (8.0.5) + actionview (= 8.0.5) + activesupport (= 8.0.5) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) @@ -41,37 +41,37 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (8.0.4) - actionpack (= 8.0.4) - activerecord (= 8.0.4) - activestorage (= 8.0.4) - activesupport (= 8.0.4) + actiontext (8.0.5) + actionpack (= 8.0.5) + activerecord (= 8.0.5) + activestorage (= 8.0.5) + activesupport (= 8.0.5) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (8.0.4) - activesupport (= 8.0.4) + actionview (8.0.5) + activesupport (= 8.0.5) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (8.0.4) - activesupport (= 8.0.4) + activejob (8.0.5) + activesupport (= 8.0.5) globalid (>= 0.3.6) - activemodel (8.0.4) - activesupport (= 8.0.4) - activerecord (8.0.4) - activemodel (= 8.0.4) - activesupport (= 8.0.4) + activemodel (8.0.5) + activesupport (= 8.0.5) + activerecord (8.0.5) + activemodel (= 8.0.5) + activesupport (= 8.0.5) timeout (>= 0.4.0) activerecord-import (1.2.0) activerecord (>= 3.2) - activestorage (8.0.4) - actionpack (= 8.0.4) - activejob (= 8.0.4) - activerecord (= 8.0.4) - activesupport (= 8.0.4) + activestorage (8.0.5) + actionpack (= 8.0.5) + activejob (= 8.0.5) + activerecord (= 8.0.5) + activesupport (= 8.0.5) marcel (~> 1.0) - activesupport (8.0.4) + activesupport (8.0.5) base64 benchmark (>= 0.3) bigdecimal @@ -84,8 +84,8 @@ GEM securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) uri (>= 0.13.1) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.9.0) + public_suffix (>= 2.0.2, < 8.0) amazing_print (1.4.0) ast (2.4.2) autoprefixer-rails (10.3.3.0) @@ -134,7 +134,7 @@ GEM diff-lcs (1.4.4) docile (1.4.0) drb (2.2.3) - erb (5.1.3) + erb (6.0.4) erubi (1.13.1) execjs (2.8.1) factory_bot (6.5.4) @@ -146,7 +146,8 @@ GEM globalid (1.3.0) activesupport (>= 6.1) hashdiff (1.0.1) - hashie (4.1.0) + hashie (5.1.0) + logger i18n (1.14.7) concurrent-ruby (~> 1.0) io-console (0.8.1) @@ -183,13 +184,13 @@ GEM net-imap net-pop net-smtp - marcel (1.1.0) + marcel (1.2.1) matrix (0.4.2) mini_mime (1.1.5) mini_portile2 (2.8.9) minitest (5.26.0) msgpack (1.7.5) - net-imap (0.5.12) + net-imap (0.6.4) date net-protocol net-pop (0.1.2) @@ -199,21 +200,23 @@ GEM net-smtp (0.5.1) net-protocol nio4r (2.7.5) - nokogiri (1.18.10) + nokogiri (1.19.3) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.18.10-arm64-darwin) + nokogiri (1.19.3-aarch64-linux-gnu) + racc (~> 1.4) + nokogiri (1.19.3-arm64-darwin) racc (~> 1.4) - nokogiri (1.18.10-x86_64-darwin) + nokogiri (1.19.3-x86_64-darwin) racc (~> 1.4) - nokogiri (1.18.10-x86_64-linux-musl) + nokogiri (1.19.3-x86_64-linux-musl) racc (~> 1.4) oj (3.16.8) bigdecimal (>= 3.0) ostruct (>= 0.2) okcomputer (1.19.1) benchmark - omniauth (1.9.1) + omniauth (1.9.2) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) ostruct (0.6.1) @@ -237,13 +240,13 @@ GEM psych (5.2.6) date stringio - public_suffix (4.0.6) + public_suffix (7.0.5) puma (7.2.0) nio4r (~> 2.0) puma-plugin-delayed_stop (0.1.2) puma (>= 5.0, < 8) racc (1.8.1) - rack (2.2.20) + rack (2.2.23) rack-proxy (0.7.0) rack rack-session (1.0.2) @@ -253,20 +256,20 @@ GEM rackup (1.0.1) rack (< 3) webrick - rails (8.0.4) - actioncable (= 8.0.4) - actionmailbox (= 8.0.4) - actionmailer (= 8.0.4) - actionpack (= 8.0.4) - actiontext (= 8.0.4) - actionview (= 8.0.4) - activejob (= 8.0.4) - activemodel (= 8.0.4) - activerecord (= 8.0.4) - activestorage (= 8.0.4) - activesupport (= 8.0.4) + rails (8.0.5) + actioncable (= 8.0.5) + actionmailbox (= 8.0.5) + actionmailer (= 8.0.5) + actionpack (= 8.0.5) + actiontext (= 8.0.5) + actionview (= 8.0.5) + activejob (= 8.0.5) + activemodel (= 8.0.5) + activerecord (= 8.0.5) + activestorage (= 8.0.5) + activesupport (= 8.0.5) bundler (>= 1.15.0) - railties (= 8.0.4) + railties (= 8.0.5) rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest @@ -274,9 +277,9 @@ GEM rails-html-sanitizer (1.6.2) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (8.0.4) - actionpack (= 8.0.4) - activesupport (= 8.0.4) + railties (8.0.5) + actionpack (= 8.0.5) + activesupport (= 8.0.5) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -294,7 +297,7 @@ GEM io-console (~> 0.5) request_store (1.5.0) rack (>= 1.4) - rexml (3.2.5) + rexml (3.4.4) rspec (3.13.0) rspec-core (~> 3.13.0) rspec-expectations (~> 3.13.0) @@ -434,7 +437,7 @@ DEPENDENCIES pg_search puma (~> 7.2) puma-plugin-delayed_stop (~> 0.1.2) - rails (~> 8.0.2) + rails (~> 8.0.5) rspec (~> 3.10) rspec-rails (~> 6.1.0) rspec_junit_formatter (~> 0.4.1)