Resolve Rack CVE. Update dependencies (#20)

* Resolve Rack CVE. Update dependencies

* Bump version

* Lower rubocop version

* Actually, don't bump rubocop at all

* I lied, update rubocop

* Address rubocop deprecation

Author: PatrickBaciu

.rubocop.yml

@@ -77,7 +77,7 @@ RSpec/NestedGroups:
   Max: 5
 RSpec/VerifiedDoubleReference:
   Enabled: false
-RSpec/FilePath:
+RSpec/SpecFilePathSuffix:
   Exclude:
     - spec/omni_auth/azure_devops/version_spec.rb
 RSpec/SpecFilePathFormat:

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## [1.0.3]
+
+- Resolve CVE-2025-27111
+- Update dependencies
+
 ## [1.0.2]
 
 - Update Gem Metadata

Gemfile.lock

@@ -1,58 +1,69 @@
 PATH
   remote: .
   specs:
-    omniauth-azure-devops (1.0.2)
+    omniauth-azure-devops (1.0.3)
       omniauth (>= 1, < 3)
       omniauth-oauth2 (~> 1.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
     ansi (1.5.0)
-    ast (2.4.2)
+    ast (2.4.3)
     base64 (0.2.0)
+    bigdecimal (3.1.9)
     coderay (1.1.3)
-    diff-lcs (1.5.0)
-    docile (1.4.0)
-    faraday (2.7.11)
-      base64
-      faraday-net_http (>= 2.0, < 3.1)
-      ruby2_keywords (>= 0.0.4)
-    faraday-net_http (3.0.2)
+    diff-lcs (1.6.1)
+    docile (1.4.1)
+    faraday (2.12.2)
+      faraday-net_http (>= 2.0, < 3.5)
+      json
+      logger
+    faraday-net_http (3.4.0)
+      net-http (>= 0.5.0)
     hashie (5.0.0)
-    json (2.7.2)
-    jwt (2.7.1)
-    language_server-protocol (3.17.0.3)
-    method_source (1.0.0)
-    multi_xml (0.6.0)
+    json (2.10.2)
+    jwt (2.10.1)
+      base64
+    language_server-protocol (3.17.0.4)
+    lint_roller (1.1.0)
+    logger (1.7.0)
+    method_source (1.1.0)
+    multi_xml (0.7.1)
+      bigdecimal (~> 3.1)
+    net-http (0.6.0)
+      uri
     oauth2 (2.0.9)
       faraday (>= 0.17.3, < 3.0)
       jwt (>= 1.0, < 3.0)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 4)
       snaky_hash (~> 2.0)
       version_gem (~> 1.1)
-    omniauth (2.1.1)
+    omniauth (2.1.3)
       hashie (>= 3.4.6)
       rack (>= 2.2.3)
       rack-protection
     omniauth-oauth2 (1.8.0)
       oauth2 (>= 1.4, < 3)
       omniauth (~> 2.0)
     parallel (1.26.3)
-    parser (3.3.4.2)
+    parser (3.3.7.4)
       ast (~> 2.4.1)
       racc
-    pry (0.14.2)
+    prism (1.4.0)
+    pry (0.15.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
     racc (1.8.1)
-    rack (2.2.8)
-    rack-protection (3.1.0)
-      rack (~> 2.2, >= 2.2.4)
+    rack (3.1.12)
+    rack-protection (4.1.1)
+      base64 (>= 0.1.0)
+      logger (>= 1.6.0)
+      rack (>= 3.0.0, < 4)
     rainbow (3.1.1)
-    rake (13.0.6)
-    regexp_parser (2.9.2)
+    rake (13.2.1)
+    regexp_parser (2.10.0)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
@@ -66,48 +77,46 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-support (3.9.4)
-    rubocop (1.66.0)
+    rubocop (1.75.1)
       json (~> 2.3)
-      language_server-protocol (>= 3.17.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 2.4, < 3.0)
-      rubocop-ast (>= 1.32.1, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.43.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.32.2)
-      parser (>= 3.3.1.0)
-    rubocop-capybara (2.19.0)
-      rubocop (~> 1.41)
-    rubocop-factory_bot (2.24.0)
-      rubocop (~> 1.33)
-    rubocop-performance (1.19.1)
-      rubocop (>= 1.7.0, < 2.0)
-      rubocop-ast (>= 0.4.0)
-    rubocop-rspec (2.24.1)
-      rubocop (~> 1.33)
-      rubocop-capybara (~> 2.17)
-      rubocop-factory_bot (~> 2.22)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.43.0)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
+    rubocop-performance (1.23.1)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rspec (3.4.0)
+      rubocop (~> 1.61)
     ruby-progressbar (1.13.0)
-    ruby2_keywords (0.0.5)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
-    simplecov-console (0.9.1)
+    simplecov-console (0.9.3)
       ansi
       simplecov
       terminal-table
-    simplecov-html (0.12.3)
+    simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
     snaky_hash (2.0.1)
       hashie
       version_gem (~> 1.1, >= 1.1.1)
-    terminal-table (3.0.2)
-      unicode-display_width (>= 1.1.1, < 3)
-    unicode-display_width (2.5.0)
-    version_gem (1.1.3)
+    terminal-table (4.0.0)
+      unicode-display_width (>= 1.1.1, < 4)
+    unicode-display_width (3.1.4)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
+    uri (1.0.3)
+    version_gem (1.1.6)
 
 PLATFORMS
   ruby

lib/omni_auth/azure_devops/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module AzureDevops
-    VERSION = '1.0.2'
+    VERSION = '1.0.3'
   end
 end