chore: [Snyk] Security upgrade rspec-rails from 6.1.4 to 6.1.5 (#10066)

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 1 vulnerabilities in the rubygems dependencies of this project. #### Snyk changed the following file(s): - `Gemfile` <details> <summary>⚠️ <b>Warning</b></summary> ``` Failed to update the Gemfile.lock, please update manually before merging. ``` </details> #### Vulnerabilities that will be fixed with an upgrade: | | Issue | Score | :-------------------------:|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png 'medium severity') | Web Cache Poisoning <br/>[SNYK-RUBY-RACK-1061917](https://snyk.io/vuln/SNYK-RUBY-RACK-1061917) |   **616**   --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJhMWE2MzkzZS03ODdhLTRmYWItOGY1MS0zZjdmN2YzNzVlZDYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImExYTYzOTNlLTc4N2EtNGZhYi04ZjUxLTNmN2Y3ZjM3NWVkNiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) 🛠 [Adjust project settings](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"rspec-rails","from":"6.1.4","to":"6.1.5"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-RACK-1061917","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Web Cache Poisoning"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-RACK-1061917","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Web Cache Poisoning"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-RACK-1061917","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Web Cache Poisoning"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-RACK-1061917","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Web Cache Poisoning"}],"prId":"a1a6393e-787a-4fab-8f51-3f7f7f375ed6","prPublicId":"a1a6393e-787a-4fab-8f51-3f7f7f375ed6","packageManager":"rubygems","priorityScoreList":[616],"projectPublicId":"b7197bbd-6200-4f23-931d-c39928584360","projectUrl":"https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":["SNYK-RUBY-RACK-1061917"],"vulns":["SNYK-RUBY-RACK-1061917"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}' --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2025-11-02 03:57:52 +00:00 · 2024-09-15 21:14:07 -07:00
parent add6403aa6
commit 8d8ec23aa1
11 changed files with 43 additions and 26 deletions
--- a/2
+++ b/2
@@ -228,7 +228,7 @@ group :development, :test do
  gem 'mock_redis'
  gem 'pry-rails'
  gem 'rspec_junit_formatter'
-  gem 'rspec-rails', '>= 6.1.4'
+  gem 'rspec-rails', '>= 6.1.5'
  gem 'rubocop', require: false
  gem 'rubocop-performance', require: false
  gem 'rubocop-rails', require: false
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -638,16 +638,16 @@ GEM
      strscan
    rspec-core (3.13.0)
      rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.1)
+    rspec-expectations (3.13.2)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.13.0)
    rspec-mocks (3.13.1)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.13.0)
-    rspec-rails (6.1.4)
-      actionpack (>= 6.1)
-      activesupport (>= 6.1)
-      railties (>= 6.1)
+    rspec-rails (7.0.1)
+      actionpack (>= 7.0)
+      activesupport (>= 7.0)
+      railties (>= 7.0)
      rspec-core (~> 3.13)
      rspec-expectations (~> 3.13)
      rspec-mocks (~> 3.13)
@@ -930,7 +930,7 @@ DEPENDENCIES
  responders (>= 3.1.1)
  rest-client
  reverse_markdown
-  rspec-rails (>= 6.1.4)
+  rspec-rails (>= 6.1.5)
  rspec_junit_formatter
  rubocop
  rubocop-performance
--- a/spec/controllers/platform/api/v1/users_controller_spec.rb
+++ b/spec/controllers/platform/api/v1/users_controller_spec.rb
@@ -94,13 +94,28 @@ RSpec.describe 'Platform Users API', type: :request do
    context 'when it is an authenticated platform app' do
      let(:platform_app) { create(:platform_app) }

-      it 'creates a new user and permissible for the user' do
-        expect do
-          post '/platform/api/v1/users/', params: { name: 'test', display_name: 'displaytest',
-                                                    email: 'test@test.com', password: 'Password1!',
-                                                    custom_attributes: { test: 'test_create' } },
-                                          headers: { api_access_token: platform_app.access_token.token }, as: :json
-        end.not_to enqueue_mail
+      it 'creates a new user and permissible for the user without sending an email' do
+        # TODO: enqueued mail check failes because of  : https://github.com/rspec/rspec-rails/pull/2793
+        # revert to this block when the issue is fixed
+
+        # expect do
+        #   post '/platform/api/v1/users/', params: { name: 'test', display_name: 'displaytest',
+        #                                             email: 'test@test.com', password: 'Password1!',
+        #                                             custom_attributes: { test: 'test_create' } },
+        #                                   headers: { api_access_token: platform_app.access_token.token }, as: :json
+        #   byebug
+        # end.not_to have_enqueued_mail
+
+        ##------ revert this block when the issue is fixed
+        post '/platform/api/v1/users/', params: { name: 'test', display_name: 'displaytest',
+                                                  email: 'test@test.com', password: 'Password1!',
+                                                  custom_attributes: { test: 'test_create' } },
+                                        headers: { api_access_token: platform_app.access_token.token }, as: :json
+        mail_jobs = ActiveJob::Base.queue_adapter.enqueued_jobs.select do |job|
+          job[:job] == 'ActionMailer::MailDeliveryJob'
+        end
+        expect(mail_jobs.count).to eq(0)
+        ##------ revert this block when the issue is fixed

        expect(response).to have_http_status(:success)
        data = response.parsed_body
--- a/spec/enterprise/jobs/sla/process_account_applied_slas_job_spec.rb
+++ b/spec/enterprise/jobs/sla/process_account_applied_slas_job_spec.rb
@@ -10,8 +10,9 @@ RSpec.describe Sla::ProcessAccountAppliedSlasJob do
    let!(:active_with_misses_applied_sla) { create(:applied_sla, account: account, sla_policy: sla_policy, sla_status: 'active_with_misses') }

    it 'enqueues the job' do
-      expect { described_class.perform_later }.to have_enqueued_job(described_class)
+      expect { described_class.perform_later(account) }.to have_enqueued_job(described_class)
        .on_queue('medium')
+        .with(account)
    end

    it 'calls the ProcessAppliedSlaJob for both active and active_with_misses' do
--- a/spec/enterprise/jobs/sla/process_applied_sla_job_spec.rb
+++ b/spec/enterprise/jobs/sla/process_applied_sla_job_spec.rb
@@ -3,14 +3,15 @@ require 'rails_helper'
 RSpec.describe Sla::ProcessAppliedSlaJob do
  context 'when perform is called' do
    let(:account) { create(:account) }
+    let(:applied_sla) { create(:applied_sla, account: account) }

    it 'enqueues the job' do
-      expect { described_class.perform_later }.to have_enqueued_job(described_class)
+      expect { described_class.perform_later(applied_sla) }.to have_enqueued_job(described_class)
+        .with(applied_sla)
        .on_queue('medium')
    end

    it 'calls the EvaluateAppliedSlaService' do
-      applied_sla = create(:applied_sla)
      expect(Sla::EvaluateAppliedSlaService).to receive(:new).with(applied_sla: applied_sla).and_call_original
      described_class.perform_now(applied_sla)
    end
--- a/spec/jobs/account/contacts_export_job_spec.rb
+++ b/spec/jobs/account/contacts_export_job_spec.rb
@@ -1,7 +1,7 @@
 require 'rails_helper'

 RSpec.describe Account::ContactsExportJob do
-  subject(:job) { described_class.perform_later }
+  subject(:job) { described_class.perform_later(account.id, user.id, [], {}) }

  let(:account) { create(:account) }
  let(:user) { create(:user, account: account, email: 'account-user-test@test.com') }
--- a/spec/jobs/conversations/resolution_job_spec.rb
+++ b/spec/jobs/conversations/resolution_job_spec.rb
@@ -1,14 +1,14 @@
 require 'rails_helper'

 RSpec.describe Conversations::ResolutionJob do
-  subject(:job) { described_class.perform_later(account) }
+  subject(:job) { described_class.perform_later(account: account) }

  let!(:account) { create(:account) }
  let!(:conversation) { create(:conversation, account: account) }

  it 'enqueues the job' do
    expect { job }.to have_enqueued_job(described_class)
-      .with(account)
+      .with(account: account)
      .on_queue('low')
  end

--- a/spec/jobs/conversations/update_message_status_job_spec.rb
+++ b/spec/jobs/conversations/update_message_status_job_spec.rb
@@ -1,7 +1,7 @@
 require 'rails_helper'

 RSpec.describe Conversations::UpdateMessageStatusJob do
-  subject(:job) { described_class.perform_later(account) }
+  subject(:job) { described_class.perform_later(conversation.id, conversation.contact_last_seen_at, :read) }

  let!(:account) { create(:account) }
  let!(:conversation) { create(:conversation, account: account, contact_last_seen_at: DateTime.now.utc) }
@@ -9,7 +9,7 @@ RSpec.describe Conversations::UpdateMessageStatusJob do

  it 'enqueues the job' do
    expect { job }.to have_enqueued_job(described_class)
-      .with(account)
+      .with(conversation.id, conversation.contact_last_seen_at, :read)
      .on_queue('low')
  end

--- a/spec/jobs/inboxes/fetch_imap_emails_job_spec.rb
+++ b/spec/jobs/inboxes/fetch_imap_emails_job_spec.rb
@@ -12,7 +12,7 @@ RSpec.describe Inboxes::FetchImapEmailsJob do
  describe '#perform' do
    it 'enqueues the job' do
      expect do
-        described_class.perform_later
+        described_class.perform_later(imap_email_channel, 1)
      end.to have_enqueued_job(described_class).on_queue('scheduled_jobs')
    end

--- a/spec/jobs/migration/conversations_first_reply_scheduler_job_spec.rb
+++ b/spec/jobs/migration/conversations_first_reply_scheduler_job_spec.rb
@@ -1,7 +1,7 @@
 require 'rails_helper'

 RSpec.describe Migration::ConversationsFirstReplySchedulerJob do
-  subject(:job) { described_class.perform_later }
+  subject(:job) { described_class.perform_later(account) }

  let!(:account) { create(:account) }
  let!(:inbox) { create(:inbox, account: account) }
@@ -10,6 +10,7 @@ RSpec.describe Migration::ConversationsFirstReplySchedulerJob do
  it 'enqueues the job' do
    expect { job }.to have_enqueued_job(described_class)
      .on_queue('scheduled_jobs')
+      .with(account)
  end

  context 'when there is an outgoing message in conversation' do
--- a/spec/jobs/notification/remove_old_notification_job_spec.rb
+++ b/spec/jobs/notification/remove_old_notification_job_spec.rb
@@ -5,9 +5,8 @@ RSpec.describe Notification::RemoveOldNotificationJob do
  let(:conversation) { create(:conversation) }

  it 'enqueues the job' do
-    notification = create(:notification, user: user, notification_type: 'conversation_creation', primary_actor: conversation)
    expect do
-      described_class.perform_later(notification)
+      described_class.perform_later
    end.to have_enqueued_job(described_class)
      .on_queue('low')
  end