fix: [Snyk] Security upgrade devise_token_auth from 1.2.1 to 1.2.3 (#9468)

fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONCABLE-20338 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2025-10-31 19:17:48 +00:00 · 2024-05-15 11:52:40 -07:00
parent bc8736c08e
commit fc1c992cde
2 changed files with 7 additions and 7 deletions
--- a/2
+++ b/2
@@ -71,7 +71,7 @@ gem 'barnes'
 ##--- gems for authentication & authorization ---##
 gem 'devise', '>= 4.9.4'
 gem 'devise-secure_password', git: 'https://github.com/chatwoot/devise-secure_password', branch: 'chatwoot'
-gem 'devise_token_auth'
+gem 'devise_token_auth', '>= 1.2.3'
 # authorization
 gem 'jwt'
 gem 'pundit'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -200,10 +200,10 @@ GEM
      railties (>= 4.1.0)
      responders
      warden (~> 1.2.3)
-    devise_token_auth (1.2.1)
+    devise_token_auth (1.2.3)
      bcrypt (~> 3.0)
      devise (> 3.5.2, < 5)
-      rails (>= 4.2.0, < 7.1)
+      rails (>= 4.2.0, < 7.2)
    diff-lcs (1.5.0)
    digest-crc (0.6.4)
      rake (>= 12.0.0, < 14.0.0)
@@ -474,7 +474,7 @@ GEM
      uri
    net-http-persistent (4.0.2)
      connection_pool (~> 2.2)
-    net-imap (0.4.10)
+    net-imap (0.4.11)
      date
      net-protocol
    net-pop (0.1.2)
@@ -489,7 +489,7 @@ GEM
      sidekiq
    newrelic_rpm (9.6.0)
      base64
-    nio4r (2.7.1)
+    nio4r (2.7.3)
    nokogiri (1.16.5)
      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
@@ -819,7 +819,7 @@ GEM
    working_hours (1.4.1)
      activesupport (>= 3.2)
      tzinfo
-    zeitwerk (2.6.13)
+    zeitwerk (2.6.14)

 PLATFORMS
  arm64-darwin-20
@@ -860,7 +860,7 @@ DEPENDENCIES
  debug (~> 1.8)
  devise (>= 4.9.4)
  devise-secure_password!
-  devise_token_auth
+  devise_token_auth (>= 1.2.3)
  dotenv-rails
  down
  elastic-apm