Skip to content

Commit

Permalink
Revert "Revert "bump ruby patch version, oauth2, and faraday""
Browse files Browse the repository at this point in the history
  • Loading branch information
@sarahjmiller
sarahjmiller authored Sep 18, 2023
1 parent 9ba3725 commit 2927a4b
Show file tree
Hide file tree
Showing 6 changed files with 101 additions and 93 deletions.
2 changes: 1 addition & 1 deletion .ruby-version
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.7.6
2.7.8
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ruby:2.7.6-slim
FROM ruby:2.7.8-slim

# Install dependencies
RUN \
Expand Down
5 changes: 3 additions & 2 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ ruby File.read('.ruby-version').strip

# gems that have rails engines are are always needed
group :preload do
gem 'rails', '~> 6.1.7.3'
gem 'rails', '~> 6.1.7.6'
gem 'dotenv'
gem 'connection_pool'
gem 'marco-polo'
Expand All @@ -20,10 +20,11 @@ group :preload do
end

gem 'dogstatsd-ruby'
gem 'puma'
gem 'puma', '~>5.6.7'
gem 'attr_encrypted'
gem 'sawyer'
gem 'dalli'
gem 'oauth2', '~>2.0.9'
gem 'omniauth'
gem 'omniauth-oauth2'
gem 'omniauth-github', git: "https://github.com/omniauth/omniauth-github.git" # needs >1.3.0
Expand Down
179 changes: 93 additions & 86 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,62 +194,62 @@ GEM
GEM
remote: https://rubygems.org/
specs:
actioncable (6.1.7.3)
actionpack (= 6.1.7.3)
activesupport (= 6.1.7.3)
actioncable (6.1.7.6)
actionpack (= 6.1.7.6)
activesupport (= 6.1.7.6)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailbox (6.1.7.3)
actionpack (= 6.1.7.3)
activejob (= 6.1.7.3)
activerecord (= 6.1.7.3)
activestorage (= 6.1.7.3)
activesupport (= 6.1.7.3)
actionmailbox (6.1.7.6)
actionpack (= 6.1.7.6)
activejob (= 6.1.7.6)
activerecord (= 6.1.7.6)
activestorage (= 6.1.7.6)
activesupport (= 6.1.7.6)
mail (>= 2.7.1)
actionmailer (6.1.7.3)
actionpack (= 6.1.7.3)
actionview (= 6.1.7.3)
activejob (= 6.1.7.3)
activesupport (= 6.1.7.3)
actionmailer (6.1.7.6)
actionpack (= 6.1.7.6)
actionview (= 6.1.7.6)
activejob (= 6.1.7.6)
activesupport (= 6.1.7.6)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (6.1.7.3)
actionview (= 6.1.7.3)
activesupport (= 6.1.7.3)
actionpack (6.1.7.6)
actionview (= 6.1.7.6)
activesupport (= 6.1.7.6)
rack (~> 2.0, >= 2.0.9)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (6.1.7.3)
actionpack (= 6.1.7.3)
activerecord (= 6.1.7.3)
activestorage (= 6.1.7.3)
activesupport (= 6.1.7.3)
actiontext (6.1.7.6)
actionpack (= 6.1.7.6)
activerecord (= 6.1.7.6)
activestorage (= 6.1.7.6)
activesupport (= 6.1.7.6)
nokogiri (>= 1.8.5)
actionview (6.1.7.3)
activesupport (= 6.1.7.3)
actionview (6.1.7.6)
activesupport (= 6.1.7.6)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
active_hash (3.0.0)
activesupport (>= 5.0.0)
activejob (6.1.7.3)
activesupport (= 6.1.7.3)
activejob (6.1.7.6)
activesupport (= 6.1.7.6)
globalid (>= 0.3.6)
activemodel (6.1.7.3)
activesupport (= 6.1.7.3)
activerecord (6.1.7.3)
activemodel (= 6.1.7.3)
activesupport (= 6.1.7.3)
activestorage (6.1.7.3)
actionpack (= 6.1.7.3)
activejob (= 6.1.7.3)
activerecord (= 6.1.7.3)
activesupport (= 6.1.7.3)
activemodel (6.1.7.6)
activesupport (= 6.1.7.6)
activerecord (6.1.7.6)
activemodel (= 6.1.7.6)
activesupport (= 6.1.7.6)
activestorage (6.1.7.6)
actionpack (= 6.1.7.6)
activejob (= 6.1.7.6)
activerecord (= 6.1.7.6)
activesupport (= 6.1.7.6)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
activesupport (6.1.7.3)
activesupport (6.1.7.6)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
Expand Down Expand Up @@ -309,7 +309,7 @@ GEM
chef-utils (18.1.29)
concurrent-ruby
coderay (1.1.1)
commonmarker (0.23.9)
commonmarker (0.23.10)
concurrent-ruby (1.2.2)
connection_pool (2.2.1)
crack (0.4.3)
Expand All @@ -327,10 +327,10 @@ GEM
railties (>= 5)
dotenv (2.2.1)
encryptor (3.0.0)
erubi (1.11.0)
erubi (1.12.0)
erubis (2.7.0)
execjs (2.7.0)
faraday (2.7.4)
faraday (2.7.10)
faraday-net_http (>= 2.0, < 3.1)
ruby2_keywords (>= 0.0.4)
faraday-http-cache (2.5.0)
Expand Down Expand Up @@ -378,7 +378,7 @@ GEM
httparty (0.21.0)
mini_mime (>= 1.0.0)
multi_xml (>= 0.5.2)
i18n (1.13.0)
i18n (1.14.1)
concurrent-ruby (~> 1.0)
inflection (1.0.0)
interception (0.5)
Expand All @@ -394,7 +394,7 @@ GEM
json (2.6.3)
jsonpath (1.1.2)
multi_json
jwt (2.7.0)
jwt (2.7.1)
kubeclient (4.11.0)
http (>= 3.0, < 6.0)
jsonpath (~> 1.0)
Expand All @@ -410,9 +410,9 @@ GEM
railties (>= 4)
request_store (~> 1.0)
logstash-event (1.2.02)
loofah (2.19.1)
loofah (2.21.3)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
nokogiri (>= 1.12.0)
mail (2.7.1)
mini_mime (>= 0.1.1)
marcel (1.0.2)
Expand All @@ -425,8 +425,8 @@ GEM
mime-types (3.4.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2023.0218.1)
mini_mime (1.1.2)
mini_portile2 (2.8.1)
mini_mime (1.1.5)
mini_portile2 (2.8.4)
minitest (5.11.3)
minitest-rails (6.1.0)
minitest (~> 5.10)
Expand All @@ -447,20 +447,21 @@ GEM
net-ldap (0.16.1)
netrc (0.11.0)
newrelic_rpm (6.7.0.359)
nio4r (2.5.8)
nokogiri (1.14.3)
mini_portile2 (~> 2.8.0)
nio4r (2.5.9)
nokogiri (1.15.4)
mini_portile2 (~> 2.8.2)
racc (~> 1.4)
nokogiri (1.14.3-x86_64-darwin)
nokogiri (1.15.4-x86_64-darwin)
racc (~> 1.4)
nokogiri (1.14.3-x86_64-linux)
nokogiri (1.15.4-x86_64-linux)
racc (~> 1.4)
oauth2 (1.4.11)
oauth2 (2.0.9)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 4)
snaky_hash (~> 2.0)
version_gem (~> 1.1)
octokit (6.1.1)
faraday (>= 1, < 3)
sawyer (~> 0.9)
Expand All @@ -472,10 +473,9 @@ GEM
omniauth-gitlab (1.0.2)
omniauth (~> 1.0)
omniauth-oauth2 (~> 1.0)
omniauth-google-oauth2 (0.8.2)
omniauth-google-oauth2 (0.8.0)
jwt (>= 2.0)
oauth2 (~> 1.1)
omniauth (~> 1.1)
omniauth (>= 1.1.1)
omniauth-oauth2 (>= 1.6)
omniauth-ldap (1.0.5)
net-ldap (~> 0.12)
Expand Down Expand Up @@ -512,42 +512,44 @@ GEM
binding_of_caller (>= 0.7)
pry (>= 0.9.11)
public_suffix (5.0.1)
puma (5.6.4)
puma (5.6.7)
nio4r (~> 2.0)
pyu-ruby-sasl (0.0.3.3)
racc (1.6.2)
rack (2.2.7)
racc (1.7.1)
rack (2.2.8)
rack-mini-profiler (1.1.4)
rack (>= 1.2.0)
rack-test (2.0.2)
rack-test (2.1.0)
rack (>= 1.3)
rails (6.1.7.3)
actioncable (= 6.1.7.3)
actionmailbox (= 6.1.7.3)
actionmailer (= 6.1.7.3)
actionpack (= 6.1.7.3)
actiontext (= 6.1.7.3)
actionview (= 6.1.7.3)
activejob (= 6.1.7.3)
activemodel (= 6.1.7.3)
activerecord (= 6.1.7.3)
activestorage (= 6.1.7.3)
activesupport (= 6.1.7.3)
rails (6.1.7.6)
actioncable (= 6.1.7.6)
actionmailbox (= 6.1.7.6)
actionmailer (= 6.1.7.6)
actionpack (= 6.1.7.6)
actiontext (= 6.1.7.6)
actionview (= 6.1.7.6)
activejob (= 6.1.7.6)
activemodel (= 6.1.7.6)
activerecord (= 6.1.7.6)
activestorage (= 6.1.7.6)
activesupport (= 6.1.7.6)
bundler (>= 1.15.0)
railties (= 6.1.7.3)
railties (= 6.1.7.6)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
actionview (>= 5.0.1.rc1)
activesupport (>= 5.0.1.rc1)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
rails-dom-testing (2.2.0)
activesupport (>= 5.0.0)
minitest
nokogiri (>= 1.6)
rails-html-sanitizer (1.4.4)
loofah (~> 2.19, >= 2.19.1)
railties (6.1.7.3)
actionpack (= 6.1.7.3)
activesupport (= 6.1.7.3)
rails-html-sanitizer (1.6.0)
loofah (~> 2.21)
nokogiri (~> 1.14)
railties (6.1.7.6)
actionpack (= 6.1.7.6)
activesupport (= 6.1.7.6)
method_source
rake (>= 12.2)
thor (~> 1.0)
Expand Down Expand Up @@ -613,6 +615,9 @@ GEM
sexp_processor (4.12.1)
single_cov (1.3.2)
slop (3.6.0)
snaky_hash (2.0.1)
hashie
version_gem (~> 1.1, >= 1.1.1)
socksify (1.7.1)
soft_deletion (1.6.0)
activerecord (>= 4.2.0, < 6.2.0)
Expand All @@ -627,7 +632,7 @@ GEM
stackprof (0.2.12)
terminal-table (1.8.0)
unicode-display_width (~> 1.1, >= 1.1.1)
thor (1.2.1)
thor (1.2.2)
tilt (2.0.10)
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
Expand All @@ -639,16 +644,17 @@ GEM
unicode-display_width (1.8.0)
validates_lengths_from_database (0.8.0)
activerecord (>= 4)
version_gem (1.1.3)
warden (1.2.7)
rack (>= 1.0)
webmock (3.0.1)
addressable (>= 2.3.6)
crack (>= 0.3.2)
hashdiff
websocket-driver (0.7.5)
websocket-driver (0.7.6)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
zeitwerk (2.6.8)
zeitwerk (2.6.11)
zendesk_api (2.0.1)
faraday (> 2.0.0)
faraday-multipart
Expand Down Expand Up @@ -701,6 +707,7 @@ DEPENDENCIES
momentjs-rails
mysql2
net-http-persistent
oauth2 (~> 2.0.9)
octokit
omniauth
omniauth-atlassian-bitbucket
Expand All @@ -718,9 +725,9 @@ DEPENDENCIES
pry-rails
pry-rescue
pry-stack_explorer
puma
puma (~> 5.6.7)
rack-mini-profiler
rails (~> 6.1.7.3)
rails (~> 6.1.7.6)
rails-assets-bootstrap-select!
rails-assets-jquery!
rails-assets-jquery-cookie!
Expand Down Expand Up @@ -774,7 +781,7 @@ DEPENDENCIES
webmock

RUBY VERSION
ruby 2.7.6p219
ruby 2.7.8p225

BUNDLED WITH
2.3.25
2 changes: 1 addition & 1 deletion Rakefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ task :bundle_audit do
# TODO: remove CVE-2015-9284 once https://github.com/omniauth/omniauth/pull/809 is resolved
# TODO: remove CVE-2022-0759 once local development works on newer version
# TODO: remove GHSA-hjp3-5g2q-7jww will need ruby 3.0
sh "bundle-audit check --update --ignore CVE-2015-9284 CVE-2022-0759 GHSA-hjp3-5g2q-7jww"
sh "bundle-audit check --update --ignore CVE-2015-9284 CVE-2022-0759 GHSA-hjp3-5g2q-7jww CVE-2023-34246"
end

desc "Run rubocop"
Expand Down
4 changes: 2 additions & 2 deletions config/initializers/omniauth.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@
ENV.fetch("GITLAB_SECRET"),
client_options: {
site: Rails.application.config.samson.gitlab.web_url,
authorize_url: '/oauth/authorize',
token_url: '/oauth/token'
authorize_url: 'oauth/authorize',
token_url: 'oauth/token'
}
)
end
Expand Down

0 comments on commit 2927a4b

Please sign in to comment.