From fc508f5826551e50aace4b28499b8bf49e173dbe Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 16 Oct 2025 21:01:57 +0000 Subject: [PATCH] fix: pkgs/applications/version-management/gitlab/Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-OMNIAUTH-174820 - https://snyk.io/vuln/SNYK-RUBY-OMNIAUTH-22012 - https://snyk.io/vuln/SNYK-RUBY-OMNIAUTH-2987513 - https://snyk.io/vuln/SNYK-RUBY-RACK-10074187 - https://snyk.io/vuln/SNYK-RUBY-RACK-10074188 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 - https://snyk.io/vuln/SNYK-RUBY-RACK-13052974 - https://snyk.io/vuln/SNYK-RUBY-RACK-13378928 - https://snyk.io/vuln/SNYK-RUBY-RACK-13378930 - https://snyk.io/vuln/SNYK-RUBY-RACK-13378932 - https://snyk.io/vuln/SNYK-RUBY-RACK-13524628 - https://snyk.io/vuln/SNYK-RUBY-RACK-13535097 - https://snyk.io/vuln/SNYK-RUBY-RACK-20230 - https://snyk.io/vuln/SNYK-RUBY-RACK-20399 - https://snyk.io/vuln/SNYK-RUBY-RACK-20400 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848599 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848600 - https://snyk.io/vuln/SNYK-RUBY-RACK-3237240 - https://snyk.io/vuln/SNYK-RUBY-RACK-3356639 - https://snyk.io/vuln/SNYK-RUBY-RACK-538324 - https://snyk.io/vuln/SNYK-RUBY-RACK-569066 - https://snyk.io/vuln/SNYK-RUBY-RACK-572377 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274383 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274384 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274385 - https://snyk.io/vuln/SNYK-RUBY-RACK-72567 - https://snyk.io/vuln/SNYK-RUBY-RACK-8720151 - https://snyk.io/vuln/SNYK-RUBY-RACK-9058602 - https://snyk.io/vuln/SNYK-RUBY-RACK-9398129 - https://snyk.io/vuln/SNYK-RUBY-RACKCORS-22040 - https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395 - https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-22019 - https://snyk.io/vuln/SNYK-RUBY-RAILTIES-20454 - https://snyk.io/vuln/SNYK-RUBY-RAKE-552000 - https://snyk.io/vuln/SNYK-RUBY-REDCARPET-20212 - https://snyk.io/vuln/SNYK-RUBY-REDCLOTH-20023 - https://snyk.io/vuln/SNYK-RUBY-REDISSTORE-20452 - https://snyk.io/vuln/SNYK-RUBY-RESTCLIENT-20204 - https://snyk.io/vuln/SNYK-RUBY-RESTCLIENT-20211 - https://snyk.io/vuln/SNYK-RUBY-SPROCKETS-20199 - https://snyk.io/vuln/SNYK-RUBY-SPROCKETS-22032 - https://snyk.io/vuln/SNYK-RUBY-THOR-10843853 - https://snyk.io/vuln/SNYK-RUBY-TURBOLINKS-20429 - https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-569156 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20432 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-20262 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20264 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-2960802 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1293239 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056551 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056552 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056553 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056554 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056555 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-7164639 - https://snyk.io/vuln/SNYK-RUBY-JSON-560838 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-8732769 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-8732779 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-534637 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674179 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20367 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20368 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674176 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674184 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674192 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569599 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569600 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-560837 - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAPSASS-450237 - https://snyk.io/vuln/SNYK-RUBY-HTTPARTY-3188560 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634 - https://snyk.io/vuln/SNYK-RUBY-DIFFY-2934981 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2413994 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-459107 - https://snyk.io/vuln/SNYK-RUBY-FFI-22037 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20292 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159 - https://snyk.io/vuln/SNYK-RUBY-OAUTH-1012727 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-2803851 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290052 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20255 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20256 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-3237239 - https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-1316242 - https://snyk.io/vuln/SNYK-RUBY-I18N-72582 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1726792 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20277 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22013 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-72433 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290051 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-569601 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-2400638 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20184 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20190 - https://snyk.io/vuln/SNYK-RUBY-FARADAYMIDDLEWARE-20334 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-9510795 - https://snyk.io/vuln/SNYK-RUBY-ACTIONMAILER-8220269 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-8220162 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-8220268 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-11800112 - https://snyk.io/vuln/SNYK-RUBY-EXCON-20404 - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAPSASS-174549 - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAPSASS-450238 - https://snyk.io/vuln/SNYK-RUBY-BOOTSTRAPSASS-450239 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1583442 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20245 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357693 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6228056 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-20271 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028 - https://snyk.io/vuln/SNYK-RUBY-MAIL-20244 - https://snyk.io/vuln/SNYK-RUBY-ASCIIDOCTOR-72630 - https://snyk.io/vuln/SNYK-RUBY-NETLDAP-22008 - https://snyk.io/vuln/SNYK-RUBY-EXCON-537866 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20200 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237231 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237232 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-20263 - https://snyk.io/vuln/SNYK-RUBY-ACTIVEMODEL-20260 - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20259 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20229 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20157 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20214 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-9510789 - https://snyk.io/vuln/SNYK-RUBY-DEVISE-20252 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-5741907 - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-632514 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20198 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20228 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-9789079 - https://snyk.io/vuln/SNYK-RUBY-ERUBIS-20482 - https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20258 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1055008 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-8453714 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674188 --- .../version-management/gitlab/Gemfile | 152 +++++++++--------- 1 file changed, 76 insertions(+), 76 deletions(-) diff --git a/pkgs/applications/version-management/gitlab/Gemfile b/pkgs/applications/version-management/gitlab/Gemfile index f6f3607cbd1be..11a17de84d357 100644 --- a/pkgs/applications/version-management/gitlab/Gemfile +++ b/pkgs/applications/version-management/gitlab/Gemfile @@ -8,114 +8,114 @@ def linux_only(require_as) RUBY_PLATFORM.include?('linux') && require_as end -gem "rails", "~> 4.1.0" +gem "rails", "~> 7.1.5", ">= 7.1.5.2" # Make links from text -gem 'rails_autolink', '~> 1.1' +gem 'rails_autolink', '~> 1.1', '>= 1.1.7' # Default values for AR models -gem "default_value_for", "~> 3.0.0" +gem "default_value_for", "~> 3.6.0" # Supported DBs gem "mysql2", group: :mysql gem "pg", group: :postgres # Auth -gem "devise", '3.2.4' -gem "devise-async", '0.9.0' -gem 'omniauth', "~> 1.1.3" -gem 'omniauth-google-oauth2' -gem 'omniauth-twitter' -gem 'omniauth-github' -gem 'omniauth-shibboleth' +gem "devise", "4.7.0" +gem "devise-async", "1.0.0" +gem 'omniauth', '~> 2.1.0' +gem 'omniauth-google-oauth2', '>= 0.2.6' +gem 'omniauth-twitter', '>= 1.1.0' +gem 'omniauth-github', '>= 2.0.0' +gem 'omniauth-shibboleth', '>= 1.1.2' # Extracting information from a git repository # Provide access to Gitlab::Git library -gem "gitlab_git", '7.0.0.rc10' +gem "gitlab_git", "7.0.0" # Ruby/Rack Git Smart-HTTP Server Handler -gem 'gitlab-grack', '~> 2.0.0.pre', require: 'grack' +gem 'gitlab-grack', '~> 2.0.0.0', require: 'grack' # LDAP Auth -gem 'gitlab_omniauth-ldap', '1.1.0', require: "omniauth-ldap" +gem 'gitlab_omniauth-ldap', '2.2.0', require: "omniauth-ldap" # Git Wiki -gem 'gollum-lib', '~> 3.0.0' +gem 'gollum-lib', '~> 4.2.7' # Language detection gem "gitlab-linguist", "~> 3.0.0", require: "linguist" # API -gem "grape", "~> 0.6.1" -gem "grape-entity", "~> 0.4.2" -gem 'rack-cors', require: 'rack/cors' +gem "grape", "~> 0.7.0" +gem "grape-entity", "~> 0.4.3" +gem 'rack-cors', '>= 0.4.1', require: 'rack/cors' # Format dates and times # based on human-friendly examples gem "stamp" # Enumeration fields -gem 'enumerize' +gem 'enumerize', '>= 0.8.0' # Pagination -gem "kaminari", "~> 0.15.1" +gem "kaminari", "~> 0.16.0" # HAML -gem "haml-rails" +gem "haml-rails", ">= 0.6.0" # Files attachments -gem "carrierwave" +gem "carrierwave", ">= 0.10.0" # Drag and Drop UI -gem 'dropzonejs-rails' +gem 'dropzonejs-rails', '>= 0.4.16' # for aws storage -gem "fog", "~> 1.14" +gem "fog", "~> 1.22", ">= 1.22.0" gem "unf" # Authorization gem "six" # Seed data -gem "seed-fu" +gem "seed-fu", ">= 2.3.6" # Markup pipeline for GitLab -gem 'html-pipeline-gitlab', '~> 0.1.0' +gem 'html-pipeline-gitlab', '~> 0.1.6' # Markdown to HTML gem "github-markup" # Required markup gems by github-markdown -gem 'redcarpet', '~> 3.1.2' -gem 'RedCloth' -gem 'rdoc', '~>3.6' +gem 'redcarpet', '~> 3.2.3' +gem 'RedCloth', '>= 4.3.0' +gem 'rdoc', '~> 4.3', '>= 4.3.0' gem 'org-ruby', '= 0.9.9' gem 'creole', '~>0.3.6' gem 'wikicloth', '=0.8.1' -gem 'asciidoctor', '= 0.1.4' +gem 'asciidoctor', '= 1.5.8' # Diffs -gem 'diffy', '~> 3.0.3' +gem 'diffy', '~> 3.4.1' # Application server group :unicorn do - gem "unicorn", '~> 4.6.3' - gem 'unicorn-worker-killer' + gem "unicorn", "~> 4.7.0" + gem 'unicorn-worker-killer', '>= 0.4.3' end # State machine gem "state_machine" # Issue tags -gem "acts-as-taggable-on" +gem "acts-as-taggable-on", ">= 3.1.0" # Background jobs gem 'slim' -gem 'sinatra', require: nil -gem 'sidekiq', '2.17.0' +gem 'sinatra', '>= 4.0.0', require: nil +gem 'sidekiq', '2.17.1' # HTTP requests -gem "httparty" +gem "httparty", ">= 0.21.0" # Colored output to console gem "colored" @@ -124,17 +124,17 @@ gem "colored" gem 'settingslogic' # Misc -gem "foreman" +gem "foreman", ">= 0.64.0" gem 'version_sorter' # Cache -gem "redis-rails" +gem "redis-rails", ">= 5.0.2" # Campfire integration -gem 'tinder', '~> 1.9.2' +gem 'tinder', '~> 1.9.4' # HipChat integration -gem "hipchat", "~> 0.14.0" +gem "hipchat", "~> 1.0.0" # Flowdock integration gem "gitlab-flowdock-git-hook", "~> 0.4.2" @@ -146,16 +146,16 @@ gem "gemnasium-gitlab-service", "~> 0.2" gem "slack-notifier", "~> 0.3.2" # d3 -gem "d3_rails", "~> 3.1.4" +gem "d3_rails", "~> 3.2.0" # underscore-rails gem "underscore-rails", "~> 1.4.4" # Sanitize user input -gem "sanitize", '~> 2.0' +gem "sanitize", "~> 2.1", ">= 2.1.1" # Protect against bruteforcing -gem "rack-attack" +gem "rack-attack", ">= 3.0.0" # Ace editor gem 'ace-rails-ap' @@ -166,57 +166,57 @@ gem 'mousetrap-rails' # Semantic UI Sass for Sidebar gem 'semantic-ui-sass', '~> 0.16.1.0' -gem "sass-rails", '~> 4.0.2' -gem "coffee-rails" -gem "uglifier" +gem "sass-rails", "~> 6.0.0" +gem "coffee-rails", ">= 4.2.2" +gem "uglifier", ">= 2.3.3" gem "therubyracer" -gem 'turbolinks' -gem 'jquery-turbolinks' +gem 'turbolinks', '>= 5.0.0' +gem 'jquery-turbolinks', '>= 2.0.2' -gem 'select2-rails' +gem 'select2-rails', '>= 3.5.11' gem 'jquery-atwho-rails', "~> 0.3.3" -gem "jquery-rails" -gem "jquery-ui-rails" +gem "jquery-rails", ">= 4.0.1" +gem "jquery-ui-rails", ">= 5.0.0" gem "jquery-scrollto-rails" gem "raphael-rails", "~> 2.1.2" -gem 'bootstrap-sass', '~> 3.0' -gem "font-awesome-rails", '~> 4.2' -gem "gitlab_emoji", "~> 0.0.1.1" -gem "gon", '~> 5.0.0' +gem 'bootstrap-sass', '~> 3.4', '>= 3.4.0' +gem "font-awesome-rails", "~> 4.7", ">= 4.7.0.8" +gem "gitlab_emoji", "~> 0.1.0.0" +gem "gon", "~> 5.0.3" gem 'nprogress-rails' gem 'request_store' gem "virtus" group :development do - gem "annotate", "~> 2.6.0.beta2" - gem "letter_opener" - gem 'quiet_assets', '~> 1.0.1' - gem 'rack-mini-profiler', require: false + gem "annotate", "~> 2.6.1.0" + gem "letter_opener", ">= 1.2.0" + gem 'quiet_assets', '~> 1.0.3' + gem 'rack-mini-profiler', '>= 0.9.1', require: false # Better errors handler - gem 'better_errors' + gem 'better_errors', '>= 2.3.0' gem 'binding_of_caller' - gem 'rails_best_practices' + gem 'rails_best_practices', '>= 1.15.1' # Docs generator - gem "sdoc" + gem "sdoc", ">= 1.0.0" # thin instead webrick - gem 'thin' + gem 'thin', '>= 1.6.2' end group :development, :test do - gem 'coveralls', require: false + gem 'coveralls', '>= 0.7.1', require: false # gem 'rails-dev-tweaks' gem 'spinach-rails' - gem "rspec-rails" - gem "capybara", '~> 2.2.1' + gem "rspec-rails", ">= 2.14.1" + gem "capybara", "~> 2.3.0" gem "pry" gem "awesome_print" gem "database_cleaner" - gem "launchy" - gem 'factory_girl_rails' + gem "launchy", ">= 2.4.3" + gem 'factory_girl_rails', '>= 4.4.0' # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) gem 'minitest', '~> 5.3.0' @@ -225,18 +225,18 @@ group :development, :test do gem "ffaker" # Guard - gem 'guard-rspec' - gem 'guard-spinach' + gem 'guard-rspec', '>= 4.2.1' + gem 'guard-spinach', '>= 0.0.3' # Notification gem 'rb-fsevent', require: darwin_only('rb-fsevent') gem 'growl', require: darwin_only('growl') - gem 'rb-inotify', require: linux_only('rb-inotify') + gem 'rb-inotify', '>= 0.9.3', require: linux_only('rb-inotify') # PhantomJS driver for Capybara - gem 'poltergeist', '~> 1.5.1' + gem 'poltergeist', '~> 1.6.0' - gem 'jasmine', '2.0.2' + gem 'jasmine', '2.0.3' gem "spring", '1.1.3' gem "spring-commands-rspec", '1.0.1' @@ -245,9 +245,9 @@ end group :test do gem "simplecov", require: false - gem "shoulda-matchers", "~> 2.1.0" - gem 'email_spec' - gem "webmock" + gem "shoulda-matchers", "~> 2.2.0" + gem 'email_spec', '>= 1.6.0' + gem "webmock", ">= 1.16.1" gem 'test_after_commit' end