From 9e4f0f74fe9320d20209dbc3e27440ecefd98ded Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 7 Apr 2026 20:12:07 +0000 Subject: [PATCH 1/3] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-15924312 --- Gemfile | 8 +++---- Gemfile.lock | 61 +++++++++++++++++++++++----------------------------- 2 files changed, 31 insertions(+), 38 deletions(-) diff --git a/Gemfile b/Gemfile index ffddede38..700424ffc 100644 --- a/Gemfile +++ b/Gemfile @@ -41,7 +41,7 @@ gem 'rails_event_store', '~> 2.18', '>= 2.18.0' gem 'redcarpet', '~> 3.6' # Auth0 -gem 'auth0', '~> 5.1', '>= 5.1.2', require: false +gem 'auth0', '~> 5.14', '>= 5.14.2', require: false # Google Login gem 'omniauth-google-oauth2', '>= 1.2.2' @@ -91,7 +91,7 @@ gem 'rubyXL', '~> 3.4', '>= 3.4.28' # SOAP-related libraries for Workday integration gem 'lolsoap', '>= 0.11.0', require: false gem 'akami', '>= 1.3.2', require: false -gem 'http', '>= 4.0.0' +gem 'http', '>= 5.2.0' # Used for FDL testing (see FDL::Validations::Test) gem 'hashdiff', require: false @@ -134,7 +134,7 @@ group :test do gem 'shoulda-matchers', '~> 7.0', '>= 7.0.1' gem 'capybara', '~> 3.40', '>= 3.40.0' gem 'climate_control' - gem 'webmock', '>= 3.24.0' - gem 'launchy', '>= 2.4.3' + gem 'webmock', '>= 3.25.2' + gem 'launchy', '>= 3.0.0' gem 'simplecov', '~> 0.21.2' end diff --git a/Gemfile.lock b/Gemfile.lock index 923871bc3..ce9624c56 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -85,8 +85,8 @@ GEM securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) uri (>= 0.13.1) - addressable (2.8.7) - public_suffix (>= 2.0.2, < 7.0) + addressable (2.9.0) + public_suffix (>= 2.0.2, < 8.0) aggregate_root (2.18.0) ruby_event_store (= 2.18.0) akami (1.3.3) @@ -96,7 +96,7 @@ GEM arkency-command_bus (0.4.1) concurrent-ruby ast (2.4.3) - auth0 (5.14.1) + auth0 (5.18.1) addressable (~> 2.8) jwt (~> 2.7) rest-client (~> 2.1) @@ -133,7 +133,7 @@ GEM net-http-persistent (~> 4.0) nokogiri (~> 1, >= 1.10.8) base64 (0.3.0) - bigdecimal (4.1.0) + bigdecimal (4.1.1) bootsnap (1.11.1) msgpack (~> 1.2) brakeman (4.3.1) @@ -148,11 +148,13 @@ GEM rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) + childprocess (5.1.0) + logger (~> 1.5) climate_control (0.2.0) coderay (1.1.3) concurrent-ruby (1.3.6) connection_pool (2.5.5) - crack (1.0.0) + crack (1.0.1) bigdecimal rexml crass (1.0.6) @@ -169,8 +171,7 @@ GEM date (3.5.1) diff-lcs (1.6.2) docile (1.4.0) - domain_name (0.5.20190701) - unf (>= 0.0.5, < 1.0.0) + domain_name (0.6.20240107) dotenv (3.2.0) dotenv-rails (3.2.0) dotenv (= 3.2.0) @@ -213,10 +214,7 @@ GEM faraday-retry (1.0.3) faraday_middleware (1.2.0) faraday (~> 1.0) - ffi (1.15.5) - ffi-compiler (1.0.1) - ffi (>= 1.0.0) - rake + ffi (1.17.4) fugit (1.12.1) et-orbi (~> 1.4) raabro (~> 1.4) @@ -238,15 +236,12 @@ GEM hashie (5.1.0) logger highline (1.7.10) - http (5.1.1) - addressable (~> 2.8) + http (6.0.2) http-cookie (~> 1.0) - http-form_data (~> 2.2) - llhttp-ffi (~> 0.4.0) + llhttp (~> 0.6.1) http-accept (1.7.0) - http-cookie (1.0.4) + http-cookie (1.1.4) domain_name (~> 0.5) - http-form_data (2.3.0) i18n (1.14.8) concurrent-ruby (~> 1.0) importmap-rails (2.2.3) @@ -295,15 +290,15 @@ GEM kaminari-core (= 1.2.2) kaminari-core (1.2.2) language_server-protocol (3.17.0.5) - launchy (2.5.2) + launchy (3.1.1) addressable (~> 2.8) + childprocess (~> 5.0) + logger (~> 1.6) lint_roller (1.1.0) listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - llhttp-ffi (0.4.0) - ffi-compiler (~> 1.0) - rake (~> 13.0) + llhttp (0.6.1) logger (1.7.0) lograge (0.14.0) actionpack (>= 4) @@ -324,9 +319,10 @@ GEM marcel (1.1.0) matrix (0.4.2) method_source (1.0.0) - mime-types (3.5.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2023.0808) + mime-types (3.7.0) + logger + mime-types-data (~> 3.2025, >= 3.2025.0507) + mime-types-data (3.2026.0407) mini_mime (1.1.5) mini_portile2 (2.8.9) minitest (6.0.2) @@ -401,7 +397,7 @@ GEM psych (5.3.1) date stringio - public_suffix (6.0.2) + public_suffix (7.0.5) puma (6.4.3) nio4r (~> 2.0) raabro (1.4.0) @@ -604,9 +600,6 @@ GEM tzinfo (>= 1.0.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) - unf (0.1.4) - unf_ext - unf_ext (0.0.8.1) unicode (0.4.4.5) unicode-display_width (3.2.0) unicode-emoji (~> 4.1) @@ -614,7 +607,7 @@ GEM uri (1.1.1) useragent (0.16.11) version_gem (1.1.9) - webmock (3.25.1) + webmock (3.26.2) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -624,7 +617,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zache (0.13.1) + zache (0.15.2) zeitwerk (2.7.5) PLATFORMS @@ -634,7 +627,7 @@ DEPENDENCIES aasm activerecord-import (>= 1.5.1) akami (>= 1.3.2) - auth0 (~> 5.1, >= 5.1.2) + auth0 (~> 5.14, >= 5.14.2) aws-sdk-cloudwatch aws-sdk-s3 (>= 1.208.0) azure-storage-blob (>= 2.0.3) @@ -651,7 +644,7 @@ DEPENDENCIES factory_bot_rails (~> 6.5, >= 6.5.1) haml-rails (>= 3.0.0) hashdiff - http (>= 4.0.0) + http (>= 5.2.0) importmap-rails (~> 2.2, >= 2.2.3) jbuilder (~> 2.13, >= 2.13.0) jquery-rails (>= 4.6.1) @@ -659,7 +652,7 @@ DEPENDENCIES jsonapi-rspec jwt (~> 2.2) kaminari (>= 1.2.2) - launchy (>= 2.4.3) + launchy (>= 3.0.0) listen (~> 3.5, >= 3.5.1) lograge (>= 0.14.0) lolsoap (>= 0.11.0) @@ -695,7 +688,7 @@ DEPENDENCIES sprockets-rails (>= 3.5.1) tzinfo-data uglifier (~> 4.2) - webmock (>= 3.24.0) + webmock (>= 3.25.2) RUBY VERSION ruby 3.4.8p72 From 0033ada3d83a70d4f48b5756538b3e65e03df33c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 8 Apr 2026 05:49:16 +0000 Subject: [PATCH 2/3] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-15924312 From 902bf6d7355c729f7159337a1da5369cd00b6935 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 8 Apr 2026 12:34:27 +0000 Subject: [PATCH 3/3] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-15924312