Technical/Fix security vulnerability issue (#97)

bestwebua · web-flow · commit f186af6af48b · 2023-03-28T13:15:02.000+02:00
* Fixed security vulnerability rack issue CVE-2023-27539 * Updated project dependencies * Updated app version * Updated changelog
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,17 @@
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.8.0] - 2023-03-28
+
+### Fixed
+
+- Fixed security vulnerability issue [CVE-2023-27539](https://github.com/advisories/GHSA-c6qg-cjj8-47qp)
+
+### Changed
+
+- Updated development dependencies
+- Updated application version
+
 ## [0.7.0] - 2023-03-11
 
 ### Added
diff --git a/Gemfile b/Gemfile
@@ -6,20 +6,20 @@ ruby(::File.read(::File.join(::File.dirname(__FILE__), '.ruby-version')).strip[/
 
 gem 'dry-struct', '~> 1.6'
 gem 'net-smtp', '~> 0.3.3'
-gem 'rack', '~> 2.2', '>= 2.2.6.3'
+gem 'rack', '~> 2.2', '>= 2.2.6.4'
 gem 'thin', '~> 1.8', '>= 1.8.1'
 gem 'truemail', '~> 3.0', '>= 3.0.7'
 
 group :development, :test do
   gem 'pry-byebug', '~> 3.10', '>= 3.10.1'
-  gem 'rack-test', '~> 2.0', '>= 2.0.2'
+  gem 'rack-test', '~> 2.1'
   gem 'rspec', '~> 3.12'
 
   # Code quality
   gem 'bundler-audit', '~> 0.9.1', require: false
   gem 'fasterer', '~> 0.10.0', require: false
   gem 'reek', '~> 6.1', '>= 6.1.4', require: false
-  gem 'rubocop', '~> 1.48', require: false
+  gem 'rubocop', '~> 1.48', '>= 1.48.1', require: false
   gem 'rubocop-performance', '~> 1.16', require: false
   gem 'rubocop-rspec', '~> 2.19', require: false
 end
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -32,7 +32,7 @@ GEM
       dry-logic (~> 1.4)
       zeitwerk (~> 2.6)
     eventmachine (1.2.7)
-    fasterer (0.10.0)
+    fasterer (0.10.1)
       colorize (~> 0.7)
       ruby_parser (>= 3.19.1)
     ice_nine (0.11.2)
@@ -55,8 +55,8 @@ GEM
     pry-byebug (3.10.1)
       byebug (~> 11.0)
       pry (>= 0.13, < 0.15)
-    rack (2.2.6.3)
-    rack-test (2.0.2)
+    rack (2.2.6.4)
+    rack-test (2.1.0)
       rack (>= 1.3)
     rainbow (3.1.1)
     reek (6.1.4)
@@ -74,11 +74,11 @@ GEM
     rspec-expectations (3.12.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.3)
+    rspec-mocks (3.12.4)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-support (3.12.0)
-    rubocop (1.48.0)
+    rubocop (1.48.1)
       json (~> 2.3)
       parallel (~> 1.10)
       parser (>= 3.2.0.0)
@@ -88,7 +88,7 @@ GEM
       rubocop-ast (>= 1.26.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.27.0)
+    rubocop-ast (1.28.0)
       parser (>= 3.2.1.0)
     rubocop-capybara (2.17.1)
       rubocop (~> 1.41)
@@ -134,11 +134,11 @@ DEPENDENCIES
   json_matchers (~> 0.11.1)
   net-smtp (~> 0.3.3)
   pry-byebug (~> 3.10, >= 3.10.1)
-  rack (~> 2.2, >= 2.2.6.3)
-  rack-test (~> 2.0, >= 2.0.2)
+  rack (~> 2.2, >= 2.2.6.4)
+  rack-test (~> 2.1)
   reek (~> 6.1, >= 6.1.4)
   rspec (~> 3.12)
-  rubocop (~> 1.48)
+  rubocop (~> 1.48, >= 1.48.1)
   rubocop-performance (~> 1.16)
   rubocop-rspec (~> 2.19)
   simplecov (~> 0.22.0)
diff --git a/app/truemail_server/version.rb b/app/truemail_server/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TruemailServer
-  VERSION = '0.7.0'
+  VERSION = '0.8.0'
 end
