From 1df290b3c508a4ad2555e2314cb5cf46a8d74044 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Mon, 3 Jun 2024 21:57:47 +1000 Subject: [PATCH 1/7] Bump Ruby from 3.2.2 to 3.2.4 --- .ruby-version | 2 +- Dockerfile | 2 +- Gemfile.lock | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.ruby-version b/.ruby-version index be94e6f53..351227fca 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.2.2 +3.2.4 diff --git a/Dockerfile b/Dockerfile index 38783a24d..50902bb81 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:3.2.2-slim +FROM ruby:3.2.4-slim # Install dependencies RUN \ diff --git a/Gemfile.lock b/Gemfile.lock index 271df4f86..7df0262a7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -830,7 +830,7 @@ DEPENDENCIES webmock RUBY VERSION - ruby 3.2.2p53 + ruby 3.2.4p170 BUNDLED WITH 2.5.6 From 7c906a55faa21451f707bf8004c444a0e0bc3a88 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Mon, 3 Jun 2024 21:58:33 +1000 Subject: [PATCH 2/7] Bump Bundler from 2.5.6 to 2.5.11 --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7df0262a7..6f8b5b175 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -833,4 +833,4 @@ RUBY VERSION ruby 3.2.4p170 BUNDLED WITH - 2.5.6 + 2.5.11 From 8b12ca666af4c8e3947d2a474d8b1e203452cc50 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Mon, 3 Jun 2024 21:59:00 +1000 Subject: [PATCH 3/7] Bump pry-byebug from 3.3.0 to 3.10.1 --- Gemfile.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 6f8b5b175..c07c4ff7f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -325,7 +325,7 @@ GEM bundler-audit (0.9.1) bundler (>= 1.2.0, < 3) thor (~> 1.0) - byebug (8.2.5) + byebug (11.1.3) chef-utils (18.4.2) concurrent-ruby coderay (1.1.3) @@ -445,7 +445,7 @@ GEM railties (>= 6) maxitest (3.7.0) minitest (>= 5.0.0, < 5.15.0) - method_source (1.0.0) + method_source (1.1.0) mime-types (3.5.2) mime-types-data (~> 3.2015) mime-types-data (3.2024.0206) @@ -534,9 +534,9 @@ GEM pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) - pry-byebug (3.3.0) - byebug (~> 8.0) - pry (~> 0.10) + pry-byebug (3.10.1) + byebug (~> 11.0) + pry (>= 0.13, < 0.15) pry-rails (0.3.9) pry (>= 0.10.4) pry-rescue (1.6.0) From 9f153317e210e0628cad4d15ca3c428e9240cc31 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Mon, 3 Jun 2024 22:02:14 +1000 Subject: [PATCH 4/7] Bump nokogiri from 1.16.2 to 1.16.5 --- Gemfile.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c07c4ff7f..84491a546 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -450,7 +450,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2024.0206) mini_mime (1.1.5) - mini_portile2 (2.8.5) + mini_portile2 (2.8.7) minitest (5.14.4) minitest-rails (6.1.1) minitest (~> 5.10) @@ -481,16 +481,16 @@ GEM netrc (0.11.0) newrelic_rpm (9.7.1) nio4r (2.7.0) - nokogiri (1.16.2) + nokogiri (1.16.5) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.16.2-aarch64-linux) + nokogiri (1.16.5-aarch64-linux) racc (~> 1.4) - nokogiri (1.16.2-arm64-darwin) + nokogiri (1.16.5-arm64-darwin) racc (~> 1.4) - nokogiri (1.16.2-x86_64-darwin) + nokogiri (1.16.5-x86_64-darwin) racc (~> 1.4) - nokogiri (1.16.2-x86_64-linux) + nokogiri (1.16.5-x86_64-linux) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -549,7 +549,7 @@ GEM puma (5.6.8) nio4r (~> 2.0) pyu-ruby-sasl (0.0.3.3) - racc (1.7.3) + racc (1.8.0) rack (2.2.8.1) rack-mini-profiler (3.3.0) rack (>= 1.2.0) From f2e725df9cca3101a6894b620c0008445a452ef7 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Mon, 3 Jun 2024 22:03:31 +1000 Subject: [PATCH 5/7] Bump rexml from 3.2.6 to 3.2.8 --- Gemfile.lock | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 84491a546..c5cad644a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -602,7 +602,8 @@ GEM http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) - rexml (3.2.6) + rexml (3.2.8) + strscan (>= 3.0.9) rollbar (2.27.1) rollbar-user_informer (0.1.0) rollbar (~> 2.15) @@ -673,6 +674,7 @@ GEM sqlite3 (1.6.9-x86_64-darwin) sqlite3 (1.6.9-x86_64-linux) stackprof (0.2.12) + strscan (3.1.0) terminal-table (1.8.0) unicode-display_width (~> 1.1, >= 1.1.1) thor (1.3.1) From 433bbbe8fd29ac8b6371df3b24be4bade423e386 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Tue, 4 Jun 2024 06:21:01 +1000 Subject: [PATCH 6/7] Ignore actiontext CVE --- .bundler-audit.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .bundler-audit.yml diff --git a/.bundler-audit.yml b/.bundler-audit.yml new file mode 100644 index 000000000..4a160d4bc --- /dev/null +++ b/.bundler-audit.yml @@ -0,0 +1,3 @@ +--- +ignore: + - CVE-2024-34341 # actiontext is not being used in this project https://github.com/advisories/GHSA-qjqp-xr96-cj99 From 04b8d79bbc26c953f9a43f4b9f542d0370de5554 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Tue, 4 Jun 2024 06:51:26 +1000 Subject: [PATCH 7/7] Remove unused Rails libraries Drops the meta-gem `rails` and the following unused libraries: - `actionmailbox` - `actiontext` - `activestorage` --- .bundler-audit.yml | 3 --- Gemfile | 8 +++++++- Gemfile.lock | 42 +++++------------------------------------- 3 files changed, 12 insertions(+), 41 deletions(-) delete mode 100644 .bundler-audit.yml diff --git a/.bundler-audit.yml b/.bundler-audit.yml deleted file mode 100644 index 4a160d4bc..000000000 --- a/.bundler-audit.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -ignore: - - CVE-2024-34341 # actiontext is not being used in this project https://github.com/advisories/GHSA-qjqp-xr96-cj99 diff --git a/Gemfile b/Gemfile index fff2dc276..109998593 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,12 @@ ruby File.read('.ruby-version').strip # gems that have rails engines are are always needed group :preload do - gem 'rails', '~> 6.1.7.7' + rails_version = '~> 6.1.7' + gem 'railties', rails_version + gem 'actioncable', rails_version + gem 'actionmailer', rails_version + gem 'activerecord', rails_version + gem 'dotenv' gem 'connection_pool' gem 'marco-polo' # TODO: https://github.com/arches/marco-polo/pull/16 @@ -77,6 +82,7 @@ group :sqlite do end group :assets do + gem 'sprockets-rails' gem 'sprockets', '~> 3.7' gem 'sass-rails' gem 'uglifier' diff --git a/Gemfile.lock b/Gemfile.lock index c5cad644a..1e89e0279 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -216,13 +216,6 @@ GEM activesupport (= 6.1.7.7) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.7) - actionpack (= 6.1.7.7) - activejob (= 6.1.7.7) - activerecord (= 6.1.7.7) - activestorage (= 6.1.7.7) - activesupport (= 6.1.7.7) - mail (>= 2.7.1) actionmailer (6.1.7.7) actionpack (= 6.1.7.7) actionview (= 6.1.7.7) @@ -237,12 +230,6 @@ GEM rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.7) - actionpack (= 6.1.7.7) - activerecord (= 6.1.7.7) - activestorage (= 6.1.7.7) - activesupport (= 6.1.7.7) - nokogiri (>= 1.8.5) actionview (6.1.7.7) activesupport (= 6.1.7.7) builder (~> 3.1) @@ -259,13 +246,6 @@ GEM activerecord (6.1.7.7) activemodel (= 6.1.7.7) activesupport (= 6.1.7.7) - activestorage (6.1.7.7) - actionpack (= 6.1.7.7) - activejob (= 6.1.7.7) - activerecord (= 6.1.7.7) - activesupport (= 6.1.7.7) - marcel (~> 1.0) - mini_mime (>= 1.1.0) activesupport (6.1.7.7) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) @@ -440,7 +420,6 @@ GEM nokogiri (>= 1.12.0) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (1.0.3) marco-polo (2.0.3) railties (>= 6) maxitest (3.7.0) @@ -558,21 +537,6 @@ GEM rack (~> 2.2, >= 2.2.4) rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.7) - actioncable (= 6.1.7.7) - actionmailbox (= 6.1.7.7) - actionmailer (= 6.1.7.7) - actionpack (= 6.1.7.7) - actiontext (= 6.1.7.7) - actionview (= 6.1.7.7) - activejob (= 6.1.7.7) - activemodel (= 6.1.7.7) - activerecord (= 6.1.7.7) - activestorage (= 6.1.7.7) - activesupport (= 6.1.7.7) - bundler (>= 1.15.0) - railties (= 6.1.7.7) - sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -715,7 +679,10 @@ PLATFORMS x86_64-linux DEPENDENCIES + actioncable (~> 6.1.7) + actionmailer (~> 6.1.7) active_hash + activerecord (~> 6.1.7) ansible ar_multi_threaded_transactional_tests attr_encrypted @@ -778,7 +745,6 @@ DEPENDENCIES pry-stack_explorer puma (~> 5.6.7) rack-mini-profiler - rails (~> 6.1.7.7) rails-assets-bootstrap-select! rails-assets-jquery! rails-assets-jquery-cookie! @@ -790,6 +756,7 @@ DEPENDENCIES rails-assets-underscore! rails-assets-x-editable! rails-controller-testing + railties (~> 6.1.7) rubocop rubocop-rails samson_airbrake! @@ -823,6 +790,7 @@ DEPENDENCIES single_cov soft_deletion sprockets (~> 3.7) + sprockets-rails sqlite3 stackprof uglifier