Skip to content

Commit c50ac70

Browse files
ajkiesslajkiessl
authored
Security Vulnerabilities (#704)
* Updates packages to resolve vulnerabilities. Removes unneeded packages with vulnerabilities * Try large resource class * Try this * Proper syntax * Use newer version of ci-utils * Revert back to old ci-utils version. Also pin selenium image at 4.14 * Updates selenium-webdriver gem and adds some comments
1 parent 1fbfc8b commit c50ac70

File tree

5 files changed

+599
-2470
lines changed

5 files changed

+599
-2470
lines changed

Gemfile

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,6 @@ gem 'sidekiq', '~> 7.1.3'
2020
gem 'sassc-rails', '~> 2.1.0'
2121
# Jquery for rails
2222
gem 'jquery-rails', '~> 4.4.0'
23-
# jQuery user interface widgets
24-
gem 'jquery-ui-rails', '~> 6.0.0'
2523
# FontAwesome sass integration
2624
gem 'font-awesome-rails', '~> 4.7.0.0'
2725
# Authentication gem
@@ -115,7 +113,8 @@ group :test do
115113
# Open webpage in browser
116114
gem 'launchy', '~> 2.5.0'
117115
# Web driver
118-
gem 'selenium-webdriver', '~> 4.0'
116+
# Pinned at same version as the selenium container in docker-compose.yml
117+
gem 'selenium-webdriver', '~> 4.14'
119118
# Database cleaning
120119
gem "database_cleaner", '~> 1.8.0'
121120
# Extra matchers for rspec

Gemfile.lock

Lines changed: 82 additions & 83 deletions
Original file line numberDiff line numberDiff line change
@@ -9,60 +9,60 @@ GIT
99
GEM
1010
remote: https://rubygems.org/
1111
specs:
12-
actioncable (6.1.7.3)
13-
actionpack (= 6.1.7.3)
14-
activesupport (= 6.1.7.3)
12+
actioncable (6.1.7.6)
13+
actionpack (= 6.1.7.6)
14+
activesupport (= 6.1.7.6)
1515
nio4r (~> 2.0)
1616
websocket-driver (>= 0.6.1)
17-
actionmailbox (6.1.7.3)
18-
actionpack (= 6.1.7.3)
19-
activejob (= 6.1.7.3)
20-
activerecord (= 6.1.7.3)
21-
activestorage (= 6.1.7.3)
22-
activesupport (= 6.1.7.3)
17+
actionmailbox (6.1.7.6)
18+
actionpack (= 6.1.7.6)
19+
activejob (= 6.1.7.6)
20+
activerecord (= 6.1.7.6)
21+
activestorage (= 6.1.7.6)
22+
activesupport (= 6.1.7.6)
2323
mail (>= 2.7.1)
24-
actionmailer (6.1.7.3)
25-
actionpack (= 6.1.7.3)
26-
actionview (= 6.1.7.3)
27-
activejob (= 6.1.7.3)
28-
activesupport (= 6.1.7.3)
24+
actionmailer (6.1.7.6)
25+
actionpack (= 6.1.7.6)
26+
actionview (= 6.1.7.6)
27+
activejob (= 6.1.7.6)
28+
activesupport (= 6.1.7.6)
2929
mail (~> 2.5, >= 2.5.4)
3030
rails-dom-testing (~> 2.0)
31-
actionpack (6.1.7.3)
32-
actionview (= 6.1.7.3)
33-
activesupport (= 6.1.7.3)
31+
actionpack (6.1.7.6)
32+
actionview (= 6.1.7.6)
33+
activesupport (= 6.1.7.6)
3434
rack (~> 2.0, >= 2.0.9)
3535
rack-test (>= 0.6.3)
3636
rails-dom-testing (~> 2.0)
3737
rails-html-sanitizer (~> 1.0, >= 1.2.0)
38-
actiontext (6.1.7.3)
39-
actionpack (= 6.1.7.3)
40-
activerecord (= 6.1.7.3)
41-
activestorage (= 6.1.7.3)
42-
activesupport (= 6.1.7.3)
38+
actiontext (6.1.7.6)
39+
actionpack (= 6.1.7.6)
40+
activerecord (= 6.1.7.6)
41+
activestorage (= 6.1.7.6)
42+
activesupport (= 6.1.7.6)
4343
nokogiri (>= 1.8.5)
44-
actionview (6.1.7.3)
45-
activesupport (= 6.1.7.3)
44+
actionview (6.1.7.6)
45+
activesupport (= 6.1.7.6)
4646
builder (~> 3.1)
4747
erubi (~> 1.4)
4848
rails-dom-testing (~> 2.0)
4949
rails-html-sanitizer (~> 1.1, >= 1.2.0)
50-
activejob (6.1.7.3)
51-
activesupport (= 6.1.7.3)
50+
activejob (6.1.7.6)
51+
activesupport (= 6.1.7.6)
5252
globalid (>= 0.3.6)
53-
activemodel (6.1.7.3)
54-
activesupport (= 6.1.7.3)
55-
activerecord (6.1.7.3)
56-
activemodel (= 6.1.7.3)
57-
activesupport (= 6.1.7.3)
58-
activestorage (6.1.7.3)
59-
actionpack (= 6.1.7.3)
60-
activejob (= 6.1.7.3)
61-
activerecord (= 6.1.7.3)
62-
activesupport (= 6.1.7.3)
53+
activemodel (6.1.7.6)
54+
activesupport (= 6.1.7.6)
55+
activerecord (6.1.7.6)
56+
activemodel (= 6.1.7.6)
57+
activesupport (= 6.1.7.6)
58+
activestorage (6.1.7.6)
59+
actionpack (= 6.1.7.6)
60+
activejob (= 6.1.7.6)
61+
activerecord (= 6.1.7.6)
62+
activesupport (= 6.1.7.6)
6363
marcel (~> 1.0)
6464
mini_mime (>= 1.1.0)
65-
activesupport (6.1.7.3)
65+
activesupport (6.1.7.6)
6666
concurrent-ruby (~> 1.0, >= 1.0.2)
6767
i18n (>= 1.6, < 2)
6868
minitest (>= 5.1)
@@ -108,7 +108,7 @@ GEM
108108
rexml
109109
crass (1.0.6)
110110
database_cleaner (1.8.5)
111-
date (3.3.3)
111+
date (3.3.4)
112112
ddtrace (0.54.2)
113113
debase-ruby_core_source (<= 0.10.14)
114114
msgpack
@@ -140,14 +140,14 @@ GEM
140140
ffi (1.15.5)
141141
font-awesome-rails (4.7.0.8)
142142
railties (>= 3.2, < 8.0)
143-
globalid (1.1.0)
144-
activesupport (>= 5.0)
143+
globalid (1.2.1)
144+
activesupport (>= 6.1)
145145
hashdiff (1.0.1)
146146
hashie (5.0.0)
147147
httparty (0.21.0)
148148
mini_mime (>= 1.0.0)
149149
multi_xml (>= 0.5.2)
150-
i18n (1.13.0)
150+
i18n (1.14.1)
151151
concurrent-ruby (~> 1.0)
152152
jbuilder (2.11.5)
153153
actionview (>= 5.0.0)
@@ -156,8 +156,6 @@ GEM
156156
rails-dom-testing (>= 1, < 3)
157157
railties (>= 4.2.0)
158158
thor (>= 0.14, < 2.0)
159-
jquery-ui-rails (6.0.1)
160-
railties (>= 3.2.16)
161159
json (2.6.3)
162160
jwt (2.7.1)
163161
launchy (2.5.2)
@@ -174,7 +172,7 @@ GEM
174172
activerecord (>= 4, < 7.0)
175173
lograge (~> 0.4)
176174
logstash-event (1.2.02)
177-
loofah (2.21.3)
175+
loofah (2.22.0)
178176
crass (~> 1.0.2)
179177
nokogiri (>= 1.12.0)
180178
mail (2.8.1)
@@ -192,30 +190,30 @@ GEM
192190
mime-types-data (~> 3.2015)
193191
mime-types-data (3.2023.0218.1)
194192
mini_magick (4.12.0)
195-
mini_mime (1.1.2)
196-
mini_portile2 (2.8.2)
197-
minitest (5.18.0)
193+
mini_mime (1.1.5)
194+
mini_portile2 (2.8.5)
195+
minitest (5.20.0)
198196
msgpack (1.6.1)
199197
multi_xml (0.6.0)
200198
mysql2 (0.5.5)
201-
net-imap (0.3.4)
199+
net-imap (0.4.5)
202200
date
203201
net-protocol
204202
net-ldap (0.16.3)
205203
net-pop (0.1.2)
206204
net-protocol
207-
net-protocol (0.2.1)
205+
net-protocol (0.2.2)
208206
timeout
209207
net-sftp (3.0.0)
210208
net-ssh (>= 5.0.0, < 7.0.0)
211-
net-smtp (0.3.3)
209+
net-smtp (0.4.0)
212210
net-protocol
213211
net-ssh (6.1.0)
214212
nio4r (2.5.9)
215-
nokogiri (1.15.2)
213+
nokogiri (1.15.4)
216214
mini_portile2 (~> 2.8.2)
217215
racc (~> 1.4)
218-
nokogiri (1.15.2-x86_64-linux)
216+
nokogiri (1.15.4-x86_64-linux)
219217
racc (~> 1.4)
220218
oauth2 (2.0.9)
221219
faraday (>= 0.17.3, < 3.0)
@@ -237,44 +235,46 @@ GEM
237235
public_suffix (5.0.1)
238236
puma (6.3.1)
239237
nio4r (~> 2.0)
240-
racc (1.7.1)
238+
racc (1.7.3)
241239
rack (2.2.8)
242240
rack-proxy (0.7.6)
243241
rack
244242
rack-test (2.1.0)
245243
rack (>= 1.3)
246-
rails (6.1.7.3)
247-
actioncable (= 6.1.7.3)
248-
actionmailbox (= 6.1.7.3)
249-
actionmailer (= 6.1.7.3)
250-
actionpack (= 6.1.7.3)
251-
actiontext (= 6.1.7.3)
252-
actionview (= 6.1.7.3)
253-
activejob (= 6.1.7.3)
254-
activemodel (= 6.1.7.3)
255-
activerecord (= 6.1.7.3)
256-
activestorage (= 6.1.7.3)
257-
activesupport (= 6.1.7.3)
244+
rails (6.1.7.6)
245+
actioncable (= 6.1.7.6)
246+
actionmailbox (= 6.1.7.6)
247+
actionmailer (= 6.1.7.6)
248+
actionpack (= 6.1.7.6)
249+
actiontext (= 6.1.7.6)
250+
actionview (= 6.1.7.6)
251+
activejob (= 6.1.7.6)
252+
activemodel (= 6.1.7.6)
253+
activerecord (= 6.1.7.6)
254+
activestorage (= 6.1.7.6)
255+
activesupport (= 6.1.7.6)
258256
bundler (>= 1.15.0)
259-
railties (= 6.1.7.3)
257+
railties (= 6.1.7.6)
260258
sprockets-rails (>= 2.0.0)
261259
rails-controller-testing (1.0.5)
262260
actionpack (>= 5.0.1.rc1)
263261
actionview (>= 5.0.1.rc1)
264262
activesupport (>= 5.0.1.rc1)
265-
rails-dom-testing (2.0.3)
266-
activesupport (>= 4.2.0)
263+
rails-dom-testing (2.2.0)
264+
activesupport (>= 5.0.0)
265+
minitest
267266
nokogiri (>= 1.6)
268-
rails-html-sanitizer (1.5.0)
269-
loofah (~> 2.19, >= 2.19.1)
270-
railties (6.1.7.3)
271-
actionpack (= 6.1.7.3)
272-
activesupport (= 6.1.7.3)
267+
rails-html-sanitizer (1.6.0)
268+
loofah (~> 2.21)
269+
nokogiri (~> 1.14)
270+
railties (6.1.7.6)
271+
actionpack (= 6.1.7.6)
272+
activesupport (= 6.1.7.6)
273273
method_source
274274
rake (>= 12.2)
275275
thor (~> 1.0)
276276
rainbow (3.1.1)
277-
rake (13.0.6)
277+
rake (13.1.0)
278278
rb-fsevent (0.11.2)
279279
rb-inotify (0.10.1)
280280
ffi (~> 1.0)
@@ -286,7 +286,7 @@ GEM
286286
responders (3.1.0)
287287
actionpack (>= 5.2)
288288
railties (>= 5.2)
289-
rexml (3.2.5)
289+
rexml (3.2.6)
290290
rsolr (2.5.0)
291291
builder (>= 2.1.2)
292292
faraday (>= 0.9, < 3, != 2.0.0)
@@ -343,7 +343,7 @@ GEM
343343
tilt
344344
seedbank (0.5.0)
345345
rake (>= 10.0)
346-
selenium-webdriver (4.9.1)
346+
selenium-webdriver (4.14.0)
347347
rexml (~> 3.2, >= 3.2.5)
348348
rubyzip (>= 1.2.2, < 3.0)
349349
websocket (~> 1.0)
@@ -383,9 +383,9 @@ GEM
383383
activesupport (>= 5.2)
384384
sprockets (>= 3.0.0)
385385
ssrf_filter (1.1.1)
386-
thor (1.2.2)
386+
thor (1.3.0)
387387
tilt (2.1.0)
388-
timeout (0.3.2)
388+
timeout (0.4.1)
389389
ttfunk (1.7.0)
390390
tzinfo (2.0.6)
391391
concurrent-ruby (~> 1.0)
@@ -404,13 +404,13 @@ GEM
404404
crack (>= 0.3.2)
405405
hashdiff (>= 0.4.0, < 2.0.0)
406406
webrick (1.8.1)
407-
websocket (1.2.9)
408-
websocket-driver (0.7.5)
407+
websocket (1.2.10)
408+
websocket-driver (0.7.6)
409409
websocket-extensions (>= 0.1.0)
410410
websocket-extensions (0.1.5)
411411
xpath (3.2.0)
412412
nokogiri (~> 1.8)
413-
zeitwerk (2.6.8)
413+
zeitwerk (2.6.12)
414414

415415
PLATFORMS
416416
ruby
@@ -439,7 +439,6 @@ DEPENDENCIES
439439
httparty (~> 0.21)
440440
jbuilder (~> 2.5)
441441
jquery-rails (~> 4.4.0)
442-
jquery-ui-rails (~> 6.0.0)
443442
launchy (~> 2.5.0)
444443
listen (~> 3.7.0)
445444
lograge (~> 0.11.0)
@@ -469,7 +468,7 @@ DEPENDENCIES
469468
rubocop-rspec (~> 2.19.0)
470469
sassc-rails (~> 2.1.0)
471470
seedbank (~> 0.5.0)
472-
selenium-webdriver (~> 4.0)
471+
selenium-webdriver (~> 4.14)
473472
shakapacker (~> 7.0.2)
474473
shoulda-matchers (~> 4.3.0)
475474
sidekiq (~> 7.1.3)

docker-compose.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,9 @@ services:
99
- "4444:4444"
1010
container_name: selenium
1111
selenium:
12-
image: selenium/standalone-chrome
12+
# Pinned at the same version as the selenium-webdriver gem
13+
# v4.15 has some bugs so waiting to update
14+
image: selenium/standalone-chrome:4.14
1315
volumes:
1416
- /dev/shm:/dev/shm
1517
ports:

package.json

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@
1111
"babel-loader": "8",
1212
"babel-plugin-macros": "^3.1.0",
1313
"bootstrap": ">=4.0",
14-
"bootstrap-loader": "^4.0",
1514
"bootstrap-sass": "^3.3.7",
1615
"breakpoints": "^0.0.0",
1716
"caniuse-lite": "^1.0.30000824",
@@ -32,13 +31,11 @@
3231
"jquery": "^3.6.0",
3332
"jquery-ui": "^1.13.2",
3433
"jquery-ujs": "^1.2.2",
35-
"liquid-fire": "^0.35.0",
3634
"mem": "^4.0.0",
3735
"mini-css-extract-plugin": "^2.7.6",
3836
"mkdirp": "^1.0.0",
3937
"node-sass": "^8.0.0",
4038
"popper.js": "^1.16.0",
41-
"resolve-url-loader": "^4.0.0",
4239
"sass-loader": "^13.3.2",
4340
"shakapacker": "7.0.2",
4441
"tag-it": "^2.0.0",

0 commit comments

Comments
 (0)