Skip to content

[Snyk] Fix for 13 vulnerabilities #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
shaynekellyii wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 13 vulnerabilities #18

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
124 changes: 62 additions & 62 deletions pkgs/applications/version-management/gitlab/rubyEnv/Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,17 @@ gem 'bundler-checksum', '~> 0.1.0', path: 'vendor/gems/bundler-checksum', requir
# NOTE: When incrementing the major or minor version here, also increment activerecord_version
# in vendor/gems/attr_encrypted/attr_encrypted.gemspec until we resolve
# https://gitlab.com/gitlab-org/gitlab/-/issues/375713
gem 'rails', '~> 6.1.7.2'
gem 'rails', '~> 7.0.8.1'

gem 'bootsnap', '~> 1.16.0', require: false

gem 'openssl', '~> 3.0'
gem 'ipaddr', '~> 1.2.5'

# Responders respond_to and respond_with
gem 'responders', '~> 3.0'
gem 'responders', '~> 3.0', '>= 3.0.1'

gem 'sprockets', '~> 3.7.0'
gem 'sprockets', '~> 4.0.0'

gem 'view_component', '~> 3.2.0'

Expand All @@ -33,7 +33,7 @@ gem 'pg', '~> 1.5.3'
gem 'neighbor', '~> 0.2.3'

gem 'rugged', '~> 1.5'
gem 'grape-path-helpers', '~> 1.7.1'
gem 'grape-path-helpers', '~> 2.0.0'

gem 'faraday', '~> 1.0'
gem 'marginalia', '~> 1.11.1'
Expand All @@ -42,20 +42,20 @@ gem 'marginalia', '~> 1.11.1'
gem 'declarative_policy', '~> 1.1.0'

# Authentication libraries
gem 'devise', '~> 4.8.1'
gem 'devise', '~> 4.9.0'
gem 'devise-pbkdf2-encryptable', '~> 0.0.0', path: 'vendor/gems/devise-pbkdf2-encryptable'
gem 'bcrypt', '~> 3.1', '>= 3.1.14'
gem 'doorkeeper', '~> 5.6', '>= 5.6.6'
gem 'doorkeeper-openid_connect', '~> 1.8', '>= 1.8.7'
gem 'doorkeeper', '~> 5.6', '>= 5.6.7'
gem 'doorkeeper-openid_connect', '~> 1.8', '>= 1.8.8'
gem 'rexml', '~> 3.2.5'
gem 'ruby-saml', '~> 1.15.0'
gem 'omniauth', '~> 2.1.0'
gem 'omniauth-auth0', '~> 3.1'
gem 'omniauth-azure-activedirectory-v2', '~> 2.0'
gem 'ruby-saml', '~> 1.16.0'
gem 'omniauth', '~> 2.1.1'
gem 'omniauth-auth0', '~> 3.1', '>= 3.1.1'
gem 'omniauth-azure-activedirectory-v2', '~> 2.0', '>= 2.0.1'
gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'vendor/gems/omniauth-azure-oauth2' # See gem README.md
gem 'omniauth-dingtalk-oauth2', '~> 1.0'
gem 'omniauth-alicloud', '~> 2.0.1'
gem 'omniauth-facebook', '~> 4.0.0'
gem 'omniauth-alicloud', '~> 3.0.0'
gem 'omniauth-facebook', '~> 5.0.0'
gem 'omniauth-github', '2.0.1'
gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md
gem 'omniauth-google-oauth2', '~> 1.1'
Expand All @@ -64,13 +64,13 @@ gem 'omniauth-saml', '~> 2.1.0'
gem 'omniauth-shibboleth-redux', '~> 2.0'
gem 'omniauth-twitter', '~> 1.4'
gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md
gem 'omniauth_openid_connect', '~> 0.6.1'
gem 'omniauth_openid_connect', '~> 0.7.0'
# Locked until Ruby 3.0 upgrade since upgrading will pull in an updated net-smtp gem.
# See https://docs.gitlab.com/ee/development/emails.html#rationale.
gem 'openid_connect', '= 1.3.0'
gem 'openid_connect', '= 1.3.1'
gem 'omniauth-salesforce', '~> 1.0.5', path: 'vendor/gems/omniauth-salesforce' # See gem README.md
gem 'omniauth-atlassian-oauth2', '~> 0.2.0'
gem 'rack-oauth2', '~> 1.21.3'
gem 'rack-oauth2', '~> 2.0.0'
gem 'jwt', '~> 2.5'

# Kerberos authentication. EE-only
Expand All @@ -80,10 +80,10 @@ gem 'timfel-krb5-auth', '~> 0.8', group: :kerberos
# Spam and anti-bot protection
gem 'recaptcha', '~> 5.12', require: 'recaptcha/rails'
gem 'akismet', '~> 3.0'
gem 'invisible_captcha', '~> 2.0.0'
gem 'invisible_captcha', '~> 2.1.0'

# Two-factor authentication
gem 'devise-two-factor', '~> 4.0.2'
gem 'devise-two-factor', '~> 4.1.0'
gem 'rqrcode-rails3', '~> 0.1.7'
gem 'attr_encrypted', '~> 3.2.4', path: 'vendor/gems/attr_encrypted'

Expand All @@ -109,17 +109,17 @@ gem 'gitlab_omniauth-ldap', '~> 2.2.0', require: 'omniauth-ldap'
gem 'net-ldap', '~> 0.18.0'

# API
gem 'grape', '~> 1.7.0'
gem 'grape', '~> 1.7.1'
gem 'grape-entity', '~> 0.10.0'
gem 'rack-cors', '~> 1.1.1', require: 'rack/cors'
gem 'grape-swagger', '~> 1.6.1', group: [:development, :test]
gem 'grape-swagger-entity', '~> 0.5.1', group: [:development, :test]
gem 'rack-cors', '~> 2.0.0', require: 'rack/cors'
gem 'grape-swagger', '~> 2.0.0', group: [:development, :test]
gem 'grape-swagger-entity', '~> 0.5.2', group: [:development, :test]

# GraphQL API
gem 'graphql', '~> 1.13.12'
gem 'graphiql-rails', '~> 1.8'
gem 'apollo_upload_server', '~> 2.1.0'
gem 'graphql-docs', '~> 2.1.0', group: [:development, :test]
gem 'graphiql-rails', '~> 1.9', '>= 1.9.0'
gem 'apollo_upload_server', '~> 2.1.2'
gem 'graphql-docs', '~> 3.0.0', group: [:development, :test]
gem 'graphlient', '~> 0.5.0' # Used by BulkImport feature (group::import)

gem 'hashie', '~> 5.0.0'
Expand All @@ -135,11 +135,11 @@ gem 'carrierwave', '~> 1.3'
gem 'mini_magick', '~> 4.10.1'

# for backups
gem 'fog-aws', '~> 3.18'
gem 'fog-aws', '~> 3.19', '>= 3.19.0'
# Locked until fog-google resolves https://github.com/fog/fog-google/issues/421.
# Also see config/initializers/fog_core_patch.rb.
gem 'fog-core', '= 2.1.0'
gem 'fog-google', '~> 1.19', require: 'fog/google'
gem 'fog-google', '~> 1.20', '>= 1.20.0', require: 'fog/google'
gem 'fog-local', '~> 0.8'
# NOTE:
# the fog-aliyun gem since v0.4 pulls in aliyun-sdk transitively, which monkey-patches
Expand All @@ -148,7 +148,7 @@ gem 'fog-local', '~> 0.8'
# We may want to update this dependency if this is ever addressed upstream, e.g. via
# https://github.com/aliyun/aliyun-oss-ruby-sdk/pull/93
gem 'fog-aliyun', '~> 0.4'
gem 'gitlab-fog-azure-rm', '~> 1.7.0', require: 'fog/azurerm'
gem 'gitlab-fog-azure-rm', '~> 1.8.0', require: 'fog/azurerm'

# for Google storage
gem 'google-cloud-storage', '~> 1.44.0'
Expand Down Expand Up @@ -180,8 +180,8 @@ gem 'faraday_middleware-aws-sigv4', '~>0.3.0'
gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections

# Markdown and HTML processing
gem 'html-pipeline', '~> 2.14.3'
gem 'deckar01-task_list', '2.3.2'
gem 'html-pipeline', '~> 3.0.0'
gem 'deckar01-task_list', '2.3.3'
gem 'gitlab-markup', '~> 1.9.0', require: 'github/markup'
gem 'commonmarker', '~> 0.23.9'
gem 'kramdown', '~> 2.3.1'
Expand All @@ -196,7 +196,7 @@ gem 'asciidoctor-plantuml', '~> 0.0.16'
gem 'asciidoctor-kroki', '~> 0.8.0', require: false
gem 'rouge', '~> 4.1.2'
gem 'truncato', '~> 0.7.12'
gem 'nokogiri', '~> 1.15', '>= 1.15.2'
gem 'nokogiri', '~> 1.16', '>= 1.16.2'

# Calendar rendering
gem 'icalendar'
Expand All @@ -206,7 +206,7 @@ gem 'diffy', '~> 3.4'
gem 'diff_match_patch', '~> 0.1.0'

# Application server
gem 'rack', '~> 2.2.7'
gem 'rack', '~> 2.2.8', '>= 2.2.8.1'
# https://github.com/zombocom/rack-timeout/blob/master/README.md#rails-apps-manually
gem 'rack-timeout', '~> 0.6.3', require: 'rack/timeout/base'

Expand All @@ -222,8 +222,8 @@ gem 'state_machines-activerecord', '~> 0.8.0'
gem 'acts-as-taggable-on', '~> 9.0'

# Background jobs
gem 'sidekiq', '~> 6.5.7'
gem 'sidekiq-cron', '~> 1.8.0'
gem 'sidekiq', '~> 6.5.8'
gem 'sidekiq-cron', '~> 1.9.0'
gem 'redis-namespace', '~> 1.9.0'
gem 'gitlab-sidekiq-fetcher', path: 'vendor/gems/sidekiq-reliable-fetch', require: 'sidekiq-reliable-fetch'

Expand Down Expand Up @@ -258,7 +258,7 @@ gem 'redis', '~> 4.8.0'
gem 'connection_pool', '~> 2.0'

# Redis session store
gem 'redis-actionpack', '~> 5.3.0'
gem 'redis-actionpack', '~> 5.4.0'

# Discord integration
gem 'discordrb-webhooks', '~> 3.4', require: false
Expand All @@ -274,7 +274,7 @@ gem 'slack-messenger', '~> 2.3.4'
gem 'hangouts-chat', '~> 0.0.5', require: 'hangouts_chat'

# Asana integration
gem 'asana', '~> 0.10.13'
gem 'asana', '~> 1.0.0'

# FogBugz integration
gem 'ruby-fogbugz', '~> 0.3.0'
Expand All @@ -287,16 +287,16 @@ gem 'ruby-openai', '~> 3.7'
gem 'circuitbox', '2.0.0'

# Sanitize user input
gem 'sanitize', '~> 6.0'
gem 'sanitize', '~> 6.0', '>= 6.0.1'
gem 'babosa', '~> 2.0'

# Sanitizes SVG input
gem 'loofah', '~> 2.21.3'
gem 'loofah', '~> 2.21.4'

# Working with license
# Detects the open source license the repository includes
# This version needs to be in sync with gitlab-org/gitaly
gem 'licensee', '~> 9.15'
gem 'licensee', '~> 9.15', '>= 9.15.3'

# Detect and convert string character encoding
gem 'charlock_holmes', '~> 0.7.7'
Expand All @@ -311,43 +311,43 @@ gem 'fast_blank'
gem 'gitlab-chronic', '~> 0.10.5'
gem 'gitlab_chronic_duration', '~> 0.10.6.2'

gem 'rack-proxy', '~> 0.7.6'
gem 'rack-proxy', '~> 0.7.7'

gem 'sassc-rails', '~> 2.1.0'
gem 'sassc-rails', '~> 2.1.1'
gem 'autoprefixer-rails', '10.2.5.1'
gem 'terser', '1.0.2'

gem 'addressable', '~> 2.8'
gem 'tanuki_emoji', '~> 0.6'
gem 'gon', '~> 6.4.0'
gem 'request_store', '~> 1.5.1'
gem 'request_store', '~> 1.6.0'
gem 'base32', '~> 0.3.0'

gem 'gitlab-license', '~> 2.3'

# Protect against bruteforcing
gem 'rack-attack', '~> 6.6.1'
gem 'rack-attack', '~> 6.7.0'

# Sentry integration
gem 'sentry-raven', '~> 3.1'
gem 'sentry-ruby', '~> 5.8.0'
gem 'sentry-rails', '~> 5.8.0'
gem 'sentry-sidekiq', '~> 5.8.0'
gem 'sentry-rails', '~> 5.9.0'
gem 'sentry-sidekiq', '~> 5.9.0'

# PostgreSQL query parsing
#
gem 'pg_query', '~> 4.2.1'

gem 'premailer-rails', '~> 1.10.3'
gem 'premailer-rails', '~> 1.11.0'

gem 'gitlab-labkit', '~> 0.33.0'
gem 'gitlab-labkit', '~> 0.34.0'
gem 'thrift', '>= 0.16.0'

# I18n
gem 'ruby_parser', '~> 3.20', require: false
gem 'rails-i18n', '~> 7.0'
gem 'rails-i18n', '~> 7.0', '>= 7.0.5'
gem 'gettext_i18n_rails', '~> 1.8.0'
gem 'gettext_i18n_rails_js', '~> 1.3'
gem 'gettext_i18n_rails_js', '~> 1.3', '>= 1.3.1'
gem 'gettext', '~> 3.3', require: false, group: :development

gem 'batch-loader', '~> 2.0.1'
Expand All @@ -370,10 +370,10 @@ gem 'warning', '~> 1.3.0'
group :development do
gem 'lefthook', '~> 1.4.2', require: false
gem 'rubocop'
gem 'solargraph', '~> 0.47.2', require: false
gem 'solargraph', '~> 0.48.0', require: false

gem 'letter_opener_web', '~> 2.0.0'
gem 'lookbook', '~> 2.0', '>= 2.0.1'
gem 'lookbook', '~> 2.0', '>= 2.0.2'

# Better errors handler
gem 'better_errors', '~> 2.10.1'
Expand All @@ -394,8 +394,8 @@ group :development, :test do
gem 'awesome_print', require: false

gem 'database_cleaner', '~> 1.7.0'
gem 'factory_bot_rails', '~> 6.2.0'
gem 'rspec-rails', '~> 6.0.1'
gem 'factory_bot_rails', '~> 6.3.0'
gem 'rspec-rails', '~> 6.0.2'

# Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
gem 'minitest', '~> 5.11.0'
Expand All @@ -406,7 +406,7 @@ group :development, :test do
gem 'spring', '~> 4.1.0'
gem 'spring-commands-rspec', '~> 1.0.4'

gem 'gitlab-styles', '~> 10.0.0', require: false
gem 'gitlab-styles', '~> 10.1.0', require: false

gem 'haml_lint', '~> 0.40.0', require: false
gem 'bundler-audit', '~> 0.7.0.1', require: false
Expand All @@ -428,7 +428,7 @@ group :development, :test do

gem 'sigdump', '~> 0.2.4', require: 'sigdump/setup'

gem 'pact', '~> 1.63'
gem 'pact', '~> 1.64', '>= 1.64.0'
end

group :development, :test, :danger do
Expand All @@ -450,11 +450,11 @@ end
group :test do
gem 'fuubar', '~> 2.2.0'
gem 'rspec-retry', '~> 0.6.2'
gem 'rspec_profiling', '~> 0.0.6'
gem 'rspec_profiling', '~> 0.0.7'
gem 'rspec-benchmark', '~> 0.6.0'
gem 'rspec-parameterized', '~> 1.0', require: false

gem 'capybara', '~> 3.39', '>= 3.39.1'
gem 'capybara', '~> 3.39', '>= 3.39.2'
gem 'capybara-screenshot', '~> 1.0.26'
# 4.9.1 drops Ruby 2.7 support. We can upgrade further after we drop Ruby 2.7 support.
gem 'selenium-webdriver', '= 4.9.0'
Expand All @@ -474,15 +474,15 @@ group :test do
# Moved in `test` because https://gitlab.com/gitlab-org/gitlab/-/issues/217527
gem 'derailed_benchmarks', require: false

gem 'gitlab_quality-test_tooling', '~> 0.8.1', require: false
gem 'gitlab_quality-test_tooling', '~> 0.8.2', require: false
end

gem 'octokit', '~> 4.15'

gem 'gitlab-mail_room', '~> 0.0.23', require: 'mail_room'
gem 'gitlab-mail_room', '~> 0.0.24', require: 'mail_room'

gem 'email_reply_trimmer', '~> 0.1'
gem 'html2text'
gem 'html2text', '>= 0.2.1'

gem 'stackprof', '~> 0.2.25', require: false
gem 'rbtrace', '~> 0.4', require: false
Expand Down Expand Up @@ -525,10 +525,10 @@ gem 'flipper', '~> 0.25.0'
gem 'flipper-active_record', '~> 0.25.0'
gem 'flipper-active_support_cache_store', '~> 0.25.0'
gem 'unleash', '~> 3.2.2'
gem 'gitlab-experiment', '~> 0.7.1'
gem 'gitlab-experiment', '~> 0.8.0'

# Structured logging
gem 'lograge', '~> 0.5'
gem 'lograge', '~> 0.12', '>= 0.12.0'
gem 'grape_logging', '~> 1.8'

# DNS Lookup
Expand Down