feat: fix vulnerabilities (#190)

DZverev · web-flow · commit 2564fee5015b · 2025-01-16T17:04:13.000+03:00
diff --git a/.github/workflows/lint_and_test.yml b/.github/workflows/lint_and_test.yml
@@ -24,21 +24,21 @@ jobs:
       run: sed -i 's/:3.1-alpine/:${{ matrix.ruby }}-alpine/' Dockerfile
 
     - name: Build
-      run: docker-compose -p ci build --pull
+      run: docker compose -p ci build --pull
       env:
         COMPOSE_DOCKER_CLI_BUILD: 1
         DOCKER_BUILDKIT: 1
 
     - name: Test
-      run: docker-compose -p ci run --name=test gem rake rspec:unit
+      run: docker compose -p ci run --name=test gem rake rspec:unit
 
     - name: Lint
       if: matrix.ruby  == '3.1'
-      run: docker-compose -p ci run --name=lint gem rubocop .
+      run: docker compose -p ci run --name=lint gem rubocop .
 
     - name: Archive code coverage results
       if: matrix.ruby  == '3.1'
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
         name: code-coverage-report
         path: ./coverage
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -31,8 +31,7 @@ GEM
     rainbow (3.1.1)
     rake (13.2.1)
     regexp_parser (2.9.2)
-    rexml (3.3.1)
-      strscan
+    rexml (3.4.0)
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
@@ -80,7 +79,6 @@ GEM
       net-ssh (>= 2.7)
       net-telnet
       sfl
-    strscan (3.1.0)
     unicode-display_width (2.5.0)
 
 PLATFORMS
diff --git a/spec/dummy/rails/Gemfile.lock b/spec/dummy/rails/Gemfile.lock
@@ -1,44 +1,49 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (7.1.3.4)
-      actionview (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    actionpack (8.0.1)
+      actionview (= 8.0.1)
+      activesupport (= 8.0.1)
       nokogiri (>= 1.8.5)
-      racc
       rack (>= 2.2.4)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    actionview (7.1.3.4)
-      activesupport (= 7.1.3.4)
+      useragent (~> 0.16)
+    actionview (8.0.1)
+      activesupport (= 8.0.1)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activesupport (7.1.3.4)
+    activesupport (8.0.1)
       base64
+      benchmark (>= 0.3)
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      tzinfo (~> 2.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
     ast (2.4.2)
     base64 (0.2.0)
-    bigdecimal (3.1.8)
+    benchmark (0.4.0)
+    bigdecimal (3.1.9)
     builder (3.3.0)
     byebug (11.1.3)
     coderay (1.1.3)
-    concurrent-ruby (1.3.3)
-    connection_pool (2.4.1)
+    concurrent-ruby (1.3.4)
+    connection_pool (2.5.0)
     crass (1.0.6)
+    date (3.4.1)
     diff-lcs (1.5.1)
     drb (2.2.1)
-    erubi (1.13.0)
+    erubi (1.13.1)
     ffi (1.17.0-x86_64-linux-gnu)
     formatador (1.1.0)
     guard (2.18.1)
@@ -50,26 +55,26 @@ GEM
       pry (>= 0.13.0)
       shellany (~> 0.0)
       thor (>= 0.18.1)
-    i18n (1.14.5)
+    i18n (1.14.6)
       concurrent-ruby (~> 1.0)
-    io-console (0.7.2)
-    irb (1.14.0)
+    io-console (0.8.0)
+    irb (1.14.3)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     json (2.7.2)
     language_server-protocol (3.17.0.3)
     listen (3.9.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.22.0)
+    logger (1.6.5)
+    loofah (2.24.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     lumberjack (1.2.10)
     method_source (1.1.0)
-    minitest (5.24.1)
-    mutex_m (0.2.0)
+    minitest (5.25.4)
     nenv (0.3.0)
-    nokogiri (1.16.6-x86_64-linux)
+    nokogiri (1.18.1-x86_64-linux-gnu)
       racc (~> 1.4)
     notiffany (0.1.3)
       nenv (~> 0.1)
@@ -84,28 +89,29 @@ GEM
     pry-byebug (3.10.1)
       byebug (~> 11.0)
       pry (>= 0.13, < 0.15)
-    psych (5.1.2)
+    psych (5.2.2)
+      date
       stringio
-    racc (1.8.0)
-    rack (3.1.6)
-    rack-session (2.0.0)
+    racc (1.8.1)
+    rack (3.1.8)
+    rack-session (2.1.0)
+      base64 (>= 0.1.0)
       rack (>= 3.0.0)
-    rack-test (2.1.0)
+    rack-test (2.2.0)
       rack (>= 1.3)
-    rackup (2.1.0)
+    rackup (2.2.1)
       rack (>= 3)
-      webrick (~> 1.8)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.0)
+    rails-html-sanitizer (1.6.2)
       loofah (~> 2.21)
-      nokogiri (~> 1.14)
-    railties (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
-      irb
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
+    railties (8.0.1)
+      actionpack (= 8.0.1)
+      activesupport (= 8.0.1)
+      irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
       thor (~> 1.0, >= 1.2.2)
@@ -115,13 +121,12 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.11.1)
       ffi (~> 1.0)
-    rdoc (6.7.0)
+    rdoc (6.10.0)
       psych (>= 4.0.0)
     regexp_parser (2.9.2)
-    reline (0.5.9)
+    reline (0.6.0)
       io-console (~> 0.5)
-    rexml (3.3.1)
-      strscan
+    rexml (3.4.0)
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
@@ -149,15 +154,16 @@ GEM
     rubocop-ast (1.31.3)
       parser (>= 3.3.1.0)
     ruby-progressbar (1.13.0)
+    securerandom (0.4.1)
     shellany (0.0.1)
-    stringio (3.1.1)
-    strscan (3.1.0)
-    thor (1.3.1)
+    stringio (3.1.2)
+    thor (1.3.2)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.5.0)
-    webrick (1.8.1)
-    zeitwerk (2.6.16)
+    uri (1.0.2)
+    useragent (0.16.11)
+    zeitwerk (2.7.1)
 
 PLATFORMS
   x86_64-linux
diff --git a/spec/dummy/sinatra/Gemfile.lock b/spec/dummy/sinatra/Gemfile.lock
@@ -3,26 +3,30 @@ GEM
   specs:
     base64 (0.2.0)
     coderay (1.1.3)
+    logger (1.6.5)
     method_source (1.1.0)
-    mustermann (3.0.0)
+    mustermann (3.0.3)
       ruby2_keywords (~> 0.0.1)
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    rack (3.1.7)
-    rack-protection (4.0.0)
+    rack (3.1.8)
+    rack-protection (4.1.1)
       base64 (>= 0.1.0)
+      logger (>= 1.6.0)
       rack (>= 3.0.0, < 4)
-    rack-session (2.0.0)
+    rack-session (2.1.0)
+      base64 (>= 0.1.0)
       rack (>= 3.0.0)
     ruby2_keywords (0.0.5)
-    sinatra (4.0.0)
+    sinatra (4.1.1)
+      logger (>= 1.6.0)
       mustermann (~> 3.0)
       rack (>= 3.0.0, < 4)
-      rack-protection (= 4.0.0)
+      rack-protection (= 4.1.1)
       rack-session (>= 2.0.0, < 3)
       tilt (~> 2.0)
-    tilt (2.4.0)
+    tilt (2.6.0)
 
 PLATFORMS
   ruby
