Merge pull request #23 from rickreyhsig/rickreyhsig-patch-4

Update Gemfile again

Author: rickreyhsig

.github/workflows/update-gemfile-lock.yml

@@ -4,7 +4,7 @@ on:
   push:
     paths:
       - 'Gemfile'
-      - '.github/workflows/update-gemfile-lock.yml'
+      - 'Gemfile.lock'
 
 jobs:
   update-gemfile-lock:
@@ -22,20 +22,32 @@ jobs:
         with:
           ruby-version: '2.4.2' # Match your Gemfile
 
-      - name: Install dependencies and update Gemfile.lock
+      - name: Install dependencies (ignore lock conflict)
         run: |
-          bundle install
+          bundle install || true
+
+      # Try to resolve lockfile conflicts
+      - name: Update lockfile if install failed
+        run: |
+          if ! bundle install; then
+            echo "bundle install failed, trying bundle update"
+            bundle update
+          fi
 
       - name: Check if Gemfile.lock changed
+        id: lock_changed
         run: |
-          git diff --exit-code Gemfile.lock || echo "Gemfile.lock updated"
+          if ! git diff --quiet Gemfile.lock; then
+            echo "changed=true" >> $GITHUB_OUTPUT
+          else
+            echo "changed=false" >> $GITHUB_OUTPUT
+          fi
 
       - name: Commit and push if Gemfile.lock changed
+        if: steps.lock_changed.outputs.changed == 'true'
         run: |
           git config --global user.name "github-actions[bot]"
           git config --global user.email "github-actions[bot]@users.noreply.github.com"
-          if ! git diff --quiet Gemfile.lock; then
-            git add Gemfile.lock
-            git commit -m "Update Gemfile.lock via GitHub Actions"
-            git push
-          fi
+          git add Gemfile.lock
+          git commit -m "Update Gemfile.lock via GitHub Actions (auto-resolve)"
+          git push

Gemfile

@@ -1,6 +1,7 @@
 source 'https://rubygems.org'
 
 #ruby '2.2.2'
+#ruby '2.3.2'
 ruby '2.4.2'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
@@ -27,7 +28,9 @@ gem 'will_paginate', '~> 3.0.6'
 gem 'bootstrap-will_paginate'
 
 # Authentication gem
-gem 'devise'
+# gem 'devise'
+gem 'devise', '4.7.1' # This version is known to have vulnerabilities
+
 
 # I18n gem
 gem 'rails-i18n'
@@ -56,7 +59,9 @@ gem 'sdoc', '~> 0.4.0', group: :doc
 gem 'prawn'
 gem 'prawn-table'
 gem 'rollbar'
-gem 'loofah', '2.2.2' # This version is known to have vulnerabilities
+# gem 'loofah', '2.2.2' # This version is known to have vulnerabilities
+gem 'nokogiri', '1.10.10' # This version is known to have vulnerabilities
+
 
 group :development, :test do
     # Call 'byebug' anywhere in the code to stop execution and get a debugger console
@@ -71,7 +76,7 @@ group :development, :test do
     gem 'factory_girl_rails'
     gem "better_errors"
     gem "binding_of_caller"
-    gem 'json', '2.2.9'  # This version is known to have vulnerabilities
+    gem 'json', '1.8.6'  # This version is known to have vulnerabilities
 end
 
 group :test do
@@ -86,7 +91,7 @@ end
 group :development do
   # Access an IRB console on exception pages or by using <%= console %> in views
   gem 'web-console', '~> 2.0'
-  gem 'rack', '2.2.3'  # This version is known to have vulnerabilities
+  gem 'rack', '1.6.13'  # This version is known to have vulnerabilities
 end
 
 group :production do