mirror of
https://github.com/lingble/chatwoot.git
synced 2025-10-29 10:12:34 +00:00
fix: Gemfile & Gemfile.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-GOOGLEPROTOBUF-3040282 - https://snyk.io/vuln/SNYK-RUBY-GOOGLEPROTOBUF-3167775 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
This commit is contained in:
snyk-bot
4
Gemfile
4
Gemfile
@@ -108,7 +108,7 @@ gem 'sentry-ruby', require: false
|
||||
gem 'sentry-sidekiq', require: false
|
||||
|
||||
##-- background job processing --##
|
||||
gem 'sidekiq', '~> 6.4.2'
|
||||
gem 'sidekiq', '~> 7.0.0'
|
||||
# We want cron jobs
|
||||
gem 'sidekiq-cron', '~> 1.6', '>= 1.6.0'
|
||||
|
||||
@@ -215,4 +215,4 @@ gem 'audited', '~> 5.2'
|
||||
# need for google auth
|
||||
gem 'omniauth'
|
||||
gem 'omniauth-google-oauth2'
|
||||
gem 'omniauth-rails_csrf_protection', '~> 1.0'
|
||||
gem 'omniauth-rails_csrf_protection', '~> 1.0', '>= 1.0.1'
|
||||
|
||||
182
Gemfile.lock
182
Gemfile.lock
@@ -73,16 +73,14 @@ GEM
|
||||
zeitwerk (~> 2.3)
|
||||
acts-as-taggable-on (9.0.1)
|
||||
activerecord (>= 6.0, < 7.1)
|
||||
addressable (2.8.1)
|
||||
addressable (2.8.3)
|
||||
public_suffix (>= 2.0.2, < 6.0)
|
||||
administrate (0.17.0)
|
||||
administrate (0.18.0)
|
||||
actionpack (>= 5.0)
|
||||
actionview (>= 5.0)
|
||||
activerecord (>= 5.0)
|
||||
datetime_picker_rails (~> 0.0.7)
|
||||
jquery-rails (>= 4.0)
|
||||
kaminari (>= 1.0)
|
||||
momentjs-rails (~> 2.8)
|
||||
sassc-rails (~> 2.1)
|
||||
selectize-rails (~> 0.6)
|
||||
annotate (3.2.0)
|
||||
@@ -139,7 +137,7 @@ GEM
|
||||
coderay (1.1.3)
|
||||
commonmarker (0.23.7)
|
||||
concurrent-ruby (1.2.2)
|
||||
connection_pool (2.2.5)
|
||||
connection_pool (2.4.0)
|
||||
crack (0.4.5)
|
||||
rexml
|
||||
crass (1.0.6)
|
||||
@@ -152,8 +150,7 @@ GEM
|
||||
activerecord (>= 5.a)
|
||||
database_cleaner-core (~> 2.0.0)
|
||||
database_cleaner-core (2.0.1)
|
||||
datetime_picker_rails (0.0.7)
|
||||
momentjs-rails (>= 2.8.1)
|
||||
date (3.3.3)
|
||||
ddtrace (1.2.0)
|
||||
debase-ruby_core_source (= 0.10.16)
|
||||
libddprof (~> 0.6.0.1.0)
|
||||
@@ -161,25 +158,25 @@ GEM
|
||||
msgpack
|
||||
debase-ruby_core_source (0.10.16)
|
||||
declarative (0.0.20)
|
||||
devise (4.8.1)
|
||||
devise (4.9.2)
|
||||
bcrypt (~> 3.0)
|
||||
orm_adapter (~> 0.1)
|
||||
railties (>= 4.1.0)
|
||||
responders
|
||||
warden (~> 1.2.3)
|
||||
devise_token_auth (1.2.0)
|
||||
devise_token_auth (1.2.1)
|
||||
bcrypt (~> 3.0)
|
||||
devise (> 3.5.2, < 5)
|
||||
rails (>= 4.2.0, < 6.2)
|
||||
rails (>= 4.2.0, < 7.1)
|
||||
diff-lcs (1.5.0)
|
||||
digest-crc (0.6.4)
|
||||
rake (>= 12.0.0, < 14.0.0)
|
||||
docile (1.4.0)
|
||||
domain_name (0.5.20190701)
|
||||
unf (>= 0.0.5, < 1.0.0)
|
||||
dotenv (2.7.6)
|
||||
dotenv-rails (2.7.6)
|
||||
dotenv (= 2.7.6)
|
||||
dotenv (2.8.1)
|
||||
dotenv-rails (2.8.1)
|
||||
dotenv (= 2.8.1)
|
||||
railties (>= 3.2)
|
||||
down (5.3.1)
|
||||
addressable (~> 2.8)
|
||||
@@ -203,7 +200,7 @@ GEM
|
||||
railties (>= 5.0.0)
|
||||
faker (2.21.0)
|
||||
i18n (>= 1.8.11, < 2)
|
||||
faraday (1.10.0)
|
||||
faraday (1.10.3)
|
||||
faraday-em_http (~> 1.0)
|
||||
faraday-em_synchrony (~> 1.0)
|
||||
faraday-excon (~> 1.1)
|
||||
@@ -237,10 +234,10 @@ GEM
|
||||
rake
|
||||
flag_shih_tzu (0.3.23)
|
||||
foreman (0.87.2)
|
||||
fugit (1.5.3)
|
||||
fugit (1.8.1)
|
||||
et-orbi (~> 1, >= 1.2.7)
|
||||
raabro (~> 1.4)
|
||||
gapic-common (0.10.0)
|
||||
gapic-common (0.18.0)
|
||||
faraday (>= 1.9, < 3.a)
|
||||
faraday-retry (>= 1.0, < 3.a)
|
||||
google-protobuf (~> 3.14)
|
||||
@@ -270,18 +267,18 @@ GEM
|
||||
google-cloud-core (1.6.0)
|
||||
google-cloud-env (~> 1.0)
|
||||
google-cloud-errors (~> 1.0)
|
||||
google-cloud-dialogflow (1.5.0)
|
||||
google-cloud-dialogflow (1.6.0)
|
||||
google-cloud-core (~> 1.6)
|
||||
google-cloud-dialogflow-v2 (>= 0.15, < 2.a)
|
||||
google-cloud-dialogflow-v2 (0.17.0)
|
||||
gapic-common (>= 0.10, < 2.a)
|
||||
google-cloud-dialogflow-v2 (>= 0.23, < 2.a)
|
||||
google-cloud-dialogflow-v2 (0.23.0)
|
||||
gapic-common (>= 0.18.0, < 2.a)
|
||||
google-cloud-errors (~> 1.0)
|
||||
google-cloud-location (>= 0.0, < 2.a)
|
||||
google-cloud-location (>= 0.4, < 2.a)
|
||||
google-cloud-env (1.6.0)
|
||||
faraday (>= 0.17.3, < 3.0)
|
||||
google-cloud-errors (1.2.0)
|
||||
google-cloud-location (0.2.0)
|
||||
gapic-common (>= 0.10, < 2.a)
|
||||
google-cloud-errors (1.3.1)
|
||||
google-cloud-location (0.4.0)
|
||||
gapic-common (>= 0.17.1, < 2.a)
|
||||
google-cloud-errors (~> 1.0)
|
||||
google-cloud-storage (1.37.0)
|
||||
addressable (~> 2.8)
|
||||
@@ -291,29 +288,30 @@ GEM
|
||||
google-cloud-core (~> 1.6)
|
||||
googleauth (>= 0.16.2, < 2.a)
|
||||
mini_mime (~> 1.0)
|
||||
google-cloud-translate (3.3.0)
|
||||
google-cloud-translate (3.4.0)
|
||||
google-cloud-core (~> 1.6)
|
||||
google-cloud-translate-v2 (>= 0.0, < 2.a)
|
||||
google-cloud-translate-v3 (>= 0.0, < 2.a)
|
||||
google-cloud-translate-v3 (>= 0.6, < 2.a)
|
||||
google-cloud-translate-v2 (0.4.0)
|
||||
faraday (>= 0.17.3, < 2.a)
|
||||
google-cloud-core (~> 1.6)
|
||||
googleapis-common-protos (>= 1.3.10, < 2.a)
|
||||
googleapis-common-protos-types (>= 1.0.5, < 2.a)
|
||||
googleauth (>= 0.16.2, < 2.a)
|
||||
google-cloud-translate-v3 (0.5.0)
|
||||
gapic-common (>= 0.10, < 2.a)
|
||||
google-cloud-translate-v3 (0.6.0)
|
||||
gapic-common (>= 0.17.1, < 2.a)
|
||||
google-cloud-errors (~> 1.0)
|
||||
google-protobuf (3.21.7)
|
||||
google-protobuf (3.21.7-x86_64-darwin)
|
||||
google-protobuf (3.21.7-x86_64-linux)
|
||||
googleapis-common-protos (1.3.12)
|
||||
google-protobuf (3.22.2)
|
||||
google-protobuf (3.22.2-arm64-darwin)
|
||||
google-protobuf (3.22.2-x86_64-darwin)
|
||||
google-protobuf (3.22.2-x86_64-linux)
|
||||
googleapis-common-protos (1.4.0)
|
||||
google-protobuf (~> 3.14)
|
||||
googleapis-common-protos-types (~> 1.2)
|
||||
grpc (~> 1.27)
|
||||
googleapis-common-protos-types (1.3.2)
|
||||
googleapis-common-protos-types (1.5.0)
|
||||
google-protobuf (~> 3.14)
|
||||
googleauth (1.2.0)
|
||||
googleauth (1.5.0)
|
||||
faraday (>= 0.17.3, < 3.a)
|
||||
jwt (>= 1.4, < 3.0)
|
||||
memoist (~> 0.16)
|
||||
@@ -322,14 +320,14 @@ GEM
|
||||
signet (>= 0.16, < 2.a)
|
||||
groupdate (6.1.0)
|
||||
activesupport (>= 5.2)
|
||||
grpc (1.47.0)
|
||||
google-protobuf (~> 3.19)
|
||||
grpc (1.53.0)
|
||||
google-protobuf (~> 3.21)
|
||||
googleapis-common-protos-types (~> 1.0)
|
||||
grpc (1.47.0-x86_64-darwin)
|
||||
google-protobuf (~> 3.19)
|
||||
grpc (1.53.0-x86_64-darwin)
|
||||
google-protobuf (~> 3.21)
|
||||
googleapis-common-protos-types (~> 1.0)
|
||||
grpc (1.47.0-x86_64-linux)
|
||||
google-protobuf (~> 3.19)
|
||||
grpc (1.53.0-x86_64-linux)
|
||||
google-protobuf (~> 3.21)
|
||||
googleapis-common-protos-types (~> 1.0)
|
||||
haikunator (1.1.1)
|
||||
hairtrigger (0.2.25)
|
||||
@@ -364,11 +362,11 @@ GEM
|
||||
actionview (>= 5.0.0)
|
||||
activesupport (>= 5.0.0)
|
||||
jmespath (1.6.1)
|
||||
jquery-rails (4.5.0)
|
||||
jquery-rails (4.5.1)
|
||||
rails-dom-testing (>= 1, < 3)
|
||||
railties (>= 4.2.0)
|
||||
thor (>= 0.14, < 2.0)
|
||||
json (2.6.2)
|
||||
json (2.6.3)
|
||||
json_refs (0.1.7)
|
||||
hana
|
||||
json_schemer (0.2.21)
|
||||
@@ -416,7 +414,7 @@ GEM
|
||||
llhttp-ffi (0.4.0)
|
||||
ffi-compiler (~> 1.0)
|
||||
rake (~> 13.0)
|
||||
loofah (2.19.1)
|
||||
loofah (2.20.0)
|
||||
crass (~> 1.0.2)
|
||||
nokogiri (>= 1.5.9)
|
||||
mail (2.8.1)
|
||||
@@ -437,15 +435,14 @@ GEM
|
||||
minitest (5.18.0)
|
||||
mock_redis (0.32.0)
|
||||
ruby2_keywords
|
||||
momentjs-rails (2.29.1.1)
|
||||
railties (>= 3.1)
|
||||
msgpack (1.5.3)
|
||||
multi_json (1.15.0)
|
||||
multi_xml (0.6.0)
|
||||
multipart-post (2.2.3)
|
||||
multipart-post (2.3.0)
|
||||
net-http-persistent (4.0.1)
|
||||
connection_pool (~> 2.2)
|
||||
net-imap (0.3.1)
|
||||
net-imap (0.3.4)
|
||||
date
|
||||
net-protocol
|
||||
net-pop (0.1.2)
|
||||
net-protocol
|
||||
@@ -457,8 +454,8 @@ GEM
|
||||
newrelic-sidekiq-metrics (1.6.1)
|
||||
newrelic_rpm (~> 8)
|
||||
sidekiq
|
||||
newrelic_rpm (8.15.0)
|
||||
nio4r (2.5.8)
|
||||
newrelic_rpm (8.16.0)
|
||||
nio4r (2.5.9)
|
||||
nokogiri (1.14.2)
|
||||
mini_portile2 (~> 2.8.0)
|
||||
racc (~> 1.4)
|
||||
@@ -476,7 +473,7 @@ GEM
|
||||
rack (>= 1.2, < 4)
|
||||
snaky_hash (~> 2.0)
|
||||
version_gem (~> 1.1)
|
||||
omniauth (2.1.0)
|
||||
omniauth (2.1.1)
|
||||
hashie (>= 3.4.6)
|
||||
rack (>= 2.2.3)
|
||||
rack-protection
|
||||
@@ -495,14 +492,14 @@ GEM
|
||||
orm_adapter (0.5.0)
|
||||
os (1.1.4)
|
||||
parallel (1.22.1)
|
||||
parser (3.1.2.0)
|
||||
parser (3.2.2.0)
|
||||
ast (~> 2.4.1)
|
||||
pg (1.4.1)
|
||||
pg_search (2.3.6)
|
||||
activerecord (>= 5.2)
|
||||
activesupport (>= 5.2)
|
||||
procore-sift (0.16.0)
|
||||
rails (> 4.2.0)
|
||||
procore-sift (1.0.0)
|
||||
activerecord (>= 6.1)
|
||||
pry (0.14.1)
|
||||
coderay (~> 1.1)
|
||||
method_source (~> 1.0)
|
||||
@@ -518,13 +515,13 @@ GEM
|
||||
rack (2.2.6.4)
|
||||
rack-attack (6.6.1)
|
||||
rack (>= 1.0, < 3)
|
||||
rack-cors (1.1.1)
|
||||
rack-cors (2.0.1)
|
||||
rack (>= 2.0.0)
|
||||
rack-mini-profiler (3.0.0)
|
||||
rack (>= 1.2.0)
|
||||
rack-protection (3.0.5)
|
||||
rack
|
||||
rack-proxy (0.7.2)
|
||||
rack-proxy (0.7.6)
|
||||
rack
|
||||
rack-test (2.1.0)
|
||||
rack (>= 1.3)
|
||||
@@ -560,17 +557,20 @@ GEM
|
||||
rb-fsevent (0.11.1)
|
||||
rb-inotify (0.10.1)
|
||||
ffi (~> 1.0)
|
||||
redis (4.7.1)
|
||||
redis (5.0.6)
|
||||
redis-client (>= 0.9.0)
|
||||
redis-client (0.14.1)
|
||||
connection_pool
|
||||
redis-namespace (1.8.2)
|
||||
redis (>= 3.0.4)
|
||||
regexp_parser (2.5.0)
|
||||
regexp_parser (2.7.0)
|
||||
representable (3.2.0)
|
||||
declarative (< 0.1.0)
|
||||
trailblazer-option (>= 0.1.1, < 0.2.0)
|
||||
uber (< 0.2.0)
|
||||
responders (3.0.1)
|
||||
actionpack (>= 5.0)
|
||||
railties (>= 5.0)
|
||||
responders (3.1.0)
|
||||
actionpack (>= 5.2)
|
||||
railties (>= 5.2)
|
||||
rest-client (2.1.0)
|
||||
http-accept (>= 1.7.0, < 2.0)
|
||||
http-cookie (>= 1.0.2, < 2.0)
|
||||
@@ -578,14 +578,14 @@ GEM
|
||||
netrc (~> 0.8)
|
||||
retriable (3.1.2)
|
||||
rexml (3.2.5)
|
||||
rspec-core (3.11.0)
|
||||
rspec-support (~> 3.11.0)
|
||||
rspec-expectations (3.11.0)
|
||||
rspec-core (3.12.1)
|
||||
rspec-support (~> 3.12.0)
|
||||
rspec-expectations (3.12.2)
|
||||
diff-lcs (>= 1.2.0, < 2.0)
|
||||
rspec-support (~> 3.11.0)
|
||||
rspec-mocks (3.11.1)
|
||||
rspec-support (~> 3.12.0)
|
||||
rspec-mocks (3.12.5)
|
||||
diff-lcs (>= 1.2.0, < 2.0)
|
||||
rspec-support (~> 3.11.0)
|
||||
rspec-support (~> 3.12.0)
|
||||
rspec-rails (5.0.3)
|
||||
actionpack (>= 5.2)
|
||||
activesupport (>= 5.2)
|
||||
@@ -594,31 +594,31 @@ GEM
|
||||
rspec-expectations (~> 3.10)
|
||||
rspec-mocks (~> 3.10)
|
||||
rspec-support (~> 3.10)
|
||||
rspec-support (3.11.0)
|
||||
rspec-support (3.12.0)
|
||||
rspec_junit_formatter (0.6.0)
|
||||
rspec-core (>= 2, < 4, != 2.12.0)
|
||||
rubocop (1.31.2)
|
||||
rubocop (1.49.0)
|
||||
json (~> 2.3)
|
||||
parallel (~> 1.10)
|
||||
parser (>= 3.1.0.0)
|
||||
parser (>= 3.2.0.0)
|
||||
rainbow (>= 2.2.2, < 4.0)
|
||||
regexp_parser (>= 1.8, < 3.0)
|
||||
rexml (>= 3.2.5, < 4.0)
|
||||
rubocop-ast (>= 1.18.0, < 2.0)
|
||||
rubocop-ast (>= 1.28.0, < 2.0)
|
||||
ruby-progressbar (~> 1.7)
|
||||
unicode-display_width (>= 1.4.0, < 3.0)
|
||||
rubocop-ast (1.19.1)
|
||||
parser (>= 3.1.1.0)
|
||||
unicode-display_width (>= 2.4.0, < 3.0)
|
||||
rubocop-ast (1.28.0)
|
||||
parser (>= 3.2.1.0)
|
||||
rubocop-performance (1.14.2)
|
||||
rubocop (>= 1.7.0, < 2.0)
|
||||
rubocop-ast (>= 0.4.0)
|
||||
rubocop-rails (2.15.2)
|
||||
rubocop-rails (2.18.0)
|
||||
activesupport (>= 4.2.0)
|
||||
rack (>= 1.1)
|
||||
rubocop (>= 1.7.0, < 2.0)
|
||||
rubocop (>= 1.33.0, < 2.0)
|
||||
rubocop-rspec (2.12.1)
|
||||
rubocop (~> 1.31)
|
||||
ruby-progressbar (1.11.0)
|
||||
ruby-progressbar (1.13.0)
|
||||
ruby-vips (2.1.4)
|
||||
ffi (~> 1.12)
|
||||
ruby2_keywords (0.0.5)
|
||||
@@ -656,13 +656,15 @@ GEM
|
||||
sexp_processor (4.16.1)
|
||||
shoulda-matchers (5.1.0)
|
||||
activesupport (>= 5.2.0)
|
||||
sidekiq (6.4.2)
|
||||
connection_pool (>= 2.2.2)
|
||||
rack (~> 2.0)
|
||||
redis (>= 4.2.0)
|
||||
sidekiq-cron (1.6.0)
|
||||
fugit (~> 1)
|
||||
sidekiq (>= 4.2.1)
|
||||
sidekiq (7.0.7)
|
||||
concurrent-ruby (< 2)
|
||||
connection_pool (>= 2.3.0)
|
||||
rack (>= 2.2.4)
|
||||
redis-client (>= 0.11.0)
|
||||
sidekiq-cron (1.10.0)
|
||||
fugit (~> 1.8)
|
||||
globalid (>= 1.0.1)
|
||||
sidekiq (>= 6)
|
||||
signet (0.17.0)
|
||||
addressable (~> 2.8)
|
||||
faraday (>= 0.17.5, < 3.a)
|
||||
@@ -700,11 +702,11 @@ GEM
|
||||
telephone_number (1.4.16)
|
||||
test-prof (1.0.11)
|
||||
thor (1.2.1)
|
||||
tilt (2.0.10)
|
||||
tilt (2.1.0)
|
||||
time_diff (0.3.0)
|
||||
activesupport
|
||||
i18n
|
||||
timeout (0.3.1)
|
||||
timeout (0.3.2)
|
||||
trailblazer-option (0.1.2)
|
||||
twilio-ruby (5.68.0)
|
||||
faraday (>= 0.9, < 3.0)
|
||||
@@ -722,13 +724,13 @@ GEM
|
||||
unf (0.1.4)
|
||||
unf_ext
|
||||
unf_ext (0.0.8.2)
|
||||
unicode-display_width (2.2.0)
|
||||
unicode-display_width (2.4.2)
|
||||
uniform_notifier (1.16.0)
|
||||
uri_template (0.7.0)
|
||||
valid_email2 (4.0.3)
|
||||
activemodel (>= 3.2)
|
||||
mail (~> 2.5)
|
||||
version_gem (1.1.1)
|
||||
version_gem (1.1.2)
|
||||
warden (1.2.9)
|
||||
rack (>= 2.0.9)
|
||||
web-console (4.2.0)
|
||||
@@ -744,7 +746,7 @@ GEM
|
||||
addressable (>= 2.8.0)
|
||||
crack (>= 0.3.2)
|
||||
hashdiff (>= 0.4.0, < 2.0.0)
|
||||
webpacker (5.4.3)
|
||||
webpacker (5.4.4)
|
||||
activesupport (>= 5.2)
|
||||
rack-proxy (>= 0.6.1)
|
||||
railties (>= 5.2)
|
||||
@@ -834,7 +836,7 @@ DEPENDENCIES
|
||||
omniauth
|
||||
omniauth-google-oauth2
|
||||
omniauth-oauth2
|
||||
omniauth-rails_csrf_protection (~> 1.0)
|
||||
omniauth-rails_csrf_protection (~> 1.0, >= 1.0.1)
|
||||
pg
|
||||
pg_search
|
||||
procore-sift
|
||||
@@ -862,7 +864,7 @@ DEPENDENCIES
|
||||
sentry-ruby
|
||||
sentry-sidekiq
|
||||
shoulda-matchers
|
||||
sidekiq (~> 6.4.2)
|
||||
sidekiq (~> 7.0.0)
|
||||
sidekiq-cron (~> 1.6, >= 1.6.0)
|
||||
simplecov (= 0.17.1)
|
||||
slack-ruby-client
|
||||
|
||||
Reference in New Issue
Block a user