Revert "Revert "bump ruby patch version, oauth2, and faraday""

.ruby-version

@@ -1 +1 @@
-2.7.6
+2.7.8

Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.7.6-slim
+FROM ruby:2.7.8-slim
 
 # Install dependencies
 RUN \

Gemfile

@@ -5,7 +5,7 @@ ruby File.read('.ruby-version').strip
 
 # gems that have rails engines are are always needed
 group :preload do
-  gem 'rails', '~> 6.1.7.3'
+  gem 'rails', '~> 6.1.7.6'
   gem 'dotenv'
   gem 'connection_pool'
   gem 'marco-polo'
@@ -20,10 +20,11 @@ group :preload do
 end
 
 gem 'dogstatsd-ruby'
-gem 'puma'
+gem 'puma', '~>5.6.7'
 gem 'attr_encrypted'
 gem 'sawyer'
 gem 'dalli'
+gem 'oauth2', '~>2.0.9'
 gem 'omniauth'
 gem 'omniauth-oauth2'
 gem 'omniauth-github', git: "https://github.com/omniauth/omniauth-github.git" # needs >1.3.0

Gemfile.lock

@@ -194,62 +194,62 @@ GEM
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actioncable (6.1.7.6)
+      actionpack (= 6.1.7.6)
+      activesupport (= 6.1.7.6)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activestorage (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionmailbox (6.1.7.6)
+      actionpack (= 6.1.7.6)
+      activejob (= 6.1.7.6)
+      activerecord (= 6.1.7.6)
+      activestorage (= 6.1.7.6)
+      activesupport (= 6.1.7.6)
       mail (>= 2.7.1)
-    actionmailer (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      actionview (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionmailer (6.1.7.6)
+      actionpack (= 6.1.7.6)
+      actionview (= 6.1.7.6)
+      activejob (= 6.1.7.6)
+      activesupport (= 6.1.7.6)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.7.3)
-      actionview (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionpack (6.1.7.6)
+      actionview (= 6.1.7.6)
+      activesupport (= 6.1.7.6)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activestorage (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actiontext (6.1.7.6)
+      actionpack (= 6.1.7.6)
+      activerecord (= 6.1.7.6)
+      activestorage (= 6.1.7.6)
+      activesupport (= 6.1.7.6)
       nokogiri (>= 1.8.5)
-    actionview (6.1.7.3)
-      activesupport (= 6.1.7.3)
+    actionview (6.1.7.6)
+      activesupport (= 6.1.7.6)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
     active_hash (3.0.0)
       activesupport (>= 5.0.0)
-    activejob (6.1.7.3)
-      activesupport (= 6.1.7.3)
+    activejob (6.1.7.6)
+      activesupport (= 6.1.7.6)
       globalid (>= 0.3.6)
-    activemodel (6.1.7.3)
-      activesupport (= 6.1.7.3)
-    activerecord (6.1.7.3)
-      activemodel (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
-    activestorage (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    activemodel (6.1.7.6)
+      activesupport (= 6.1.7.6)
+    activerecord (6.1.7.6)
+      activemodel (= 6.1.7.6)
+      activesupport (= 6.1.7.6)
+    activestorage (6.1.7.6)
+      actionpack (= 6.1.7.6)
+      activejob (= 6.1.7.6)
+      activerecord (= 6.1.7.6)
+      activesupport (= 6.1.7.6)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.7.3)
+    activesupport (6.1.7.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -309,7 +309,7 @@ GEM
     chef-utils (18.1.29)
       concurrent-ruby
     coderay (1.1.1)
-    commonmarker (0.23.9)
+    commonmarker (0.23.10)
     concurrent-ruby (1.2.2)
     connection_pool (2.2.1)
     crack (0.4.3)
@@ -327,10 +327,10 @@ GEM
       railties (>= 5)
     dotenv (2.2.1)
     encryptor (3.0.0)
-    erubi (1.11.0)
+    erubi (1.12.0)
     erubis (2.7.0)
     execjs (2.7.0)
-    faraday (2.7.4)
+    faraday (2.7.10)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-http-cache (2.5.0)
@@ -378,7 +378,7 @@ GEM
     httparty (0.21.0)
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    i18n (1.13.0)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
     inflection (1.0.0)
     interception (0.5)
@@ -394,7 +394,7 @@ GEM
     json (2.6.3)
     jsonpath (1.1.2)
       multi_json
-    jwt (2.7.0)
+    jwt (2.7.1)
     kubeclient (4.11.0)
       http (>= 3.0, < 6.0)
       jsonpath (~> 1.0)
@@ -410,9 +410,9 @@ GEM
       railties (>= 4)
       request_store (~> 1.0)
     logstash-event (1.2.02)
-    loofah (2.19.1)
+    loofah (2.21.3)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
     marcel (1.0.2)
@@ -425,8 +425,8 @@ GEM
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2023.0218.1)
-    mini_mime (1.1.2)
-    mini_portile2 (2.8.1)
+    mini_mime (1.1.5)
+    mini_portile2 (2.8.4)
     minitest (5.11.3)
     minitest-rails (6.1.0)
       minitest (~> 5.10)
@@ -447,20 +447,21 @@ GEM
     net-ldap (0.16.1)
     netrc (0.11.0)
     newrelic_rpm (6.7.0.359)
-    nio4r (2.5.8)
-    nokogiri (1.14.3)
-      mini_portile2 (~> 2.8.0)
+    nio4r (2.5.9)
+    nokogiri (1.15.4)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    nokogiri (1.14.3-x86_64-darwin)
+    nokogiri (1.15.4-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.14.3-x86_64-linux)
+    nokogiri (1.15.4-x86_64-linux)
       racc (~> 1.4)
-    oauth2 (1.4.11)
+    oauth2 (2.0.9)
       faraday (>= 0.17.3, < 3.0)
       jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 4)
+      snaky_hash (~> 2.0)
+      version_gem (~> 1.1)
     octokit (6.1.1)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
@@ -472,10 +473,9 @@ GEM
     omniauth-gitlab (1.0.2)
       omniauth (~> 1.0)
       omniauth-oauth2 (~> 1.0)
-    omniauth-google-oauth2 (0.8.2)
+    omniauth-google-oauth2 (0.8.0)
       jwt (>= 2.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.1)
+      omniauth (>= 1.1.1)
       omniauth-oauth2 (>= 1.6)
     omniauth-ldap (1.0.5)
       net-ldap (~> 0.12)
@@ -512,42 +512,44 @@ GEM
       binding_of_caller (>= 0.7)
       pry (>= 0.9.11)
     public_suffix (5.0.1)
-    puma (5.6.4)
+    puma (5.6.7)
       nio4r (~> 2.0)
     pyu-ruby-sasl (0.0.3.3)
-    racc (1.6.2)
-    rack (2.2.7)
+    racc (1.7.1)
+    rack (2.2.8)
     rack-mini-profiler (1.1.4)
       rack (>= 1.2.0)
-    rack-test (2.0.2)
+    rack-test (2.1.0)
       rack (>= 1.3)
-    rails (6.1.7.3)
-      actioncable (= 6.1.7.3)
-      actionmailbox (= 6.1.7.3)
-      actionmailer (= 6.1.7.3)
-      actionpack (= 6.1.7.3)
-      actiontext (= 6.1.7.3)
-      actionview (= 6.1.7.3)
-      activejob (= 6.1.7.3)
-      activemodel (= 6.1.7.3)
-      activerecord (= 6.1.7.3)
-      activestorage (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    rails (6.1.7.6)
+      actioncable (= 6.1.7.6)
+      actionmailbox (= 6.1.7.6)
+      actionmailer (= 6.1.7.6)
+      actionpack (= 6.1.7.6)
+      actiontext (= 6.1.7.6)
+      actionview (= 6.1.7.6)
+      activejob (= 6.1.7.6)
+      activemodel (= 6.1.7.6)
+      activerecord (= 6.1.7.6)
+      activestorage (= 6.1.7.6)
+      activesupport (= 6.1.7.6)
       bundler (>= 1.15.0)
-      railties (= 6.1.7.3)
+      railties (= 6.1.7.6)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
       activesupport (>= 5.0.1.rc1)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.4)
-      loofah (~> 2.19, >= 2.19.1)
-    railties (6.1.7.3)
-      actionpack (= 6.1.7.3)
-      activesupport (= 6.1.7.3)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (6.1.7.6)
+      actionpack (= 6.1.7.6)
+      activesupport (= 6.1.7.6)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -613,6 +615,9 @@ GEM
     sexp_processor (4.12.1)
     single_cov (1.3.2)
     slop (3.6.0)
+    snaky_hash (2.0.1)
+      hashie
+      version_gem (~> 1.1, >= 1.1.1)
     socksify (1.7.1)
     soft_deletion (1.6.0)
       activerecord (>= 4.2.0, < 6.2.0)
@@ -627,7 +632,7 @@ GEM
     stackprof (0.2.12)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
-    thor (1.2.1)
+    thor (1.2.2)
     tilt (2.0.10)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
@@ -639,16 +644,17 @@ GEM
     unicode-display_width (1.8.0)
     validates_lengths_from_database (0.8.0)
       activerecord (>= 4)
+    version_gem (1.1.3)
     warden (1.2.7)
       rack (>= 1.0)
     webmock (3.0.1)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff
-    websocket-driver (0.7.5)
+    websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.6.8)
+    zeitwerk (2.6.11)
     zendesk_api (2.0.1)
       faraday (> 2.0.0)
       faraday-multipart
@@ -701,6 +707,7 @@ DEPENDENCIES
   momentjs-rails
   mysql2
   net-http-persistent
+  oauth2 (~> 2.0.9)
   octokit
   omniauth
   omniauth-atlassian-bitbucket
@@ -718,9 +725,9 @@ DEPENDENCIES
   pry-rails
   pry-rescue
   pry-stack_explorer
-  puma
+  puma (~> 5.6.7)
   rack-mini-profiler
-  rails (~> 6.1.7.3)
+  rails (~> 6.1.7.6)
   rails-assets-bootstrap-select!
   rails-assets-jquery!
   rails-assets-jquery-cookie!
@@ -774,7 +781,7 @@ DEPENDENCIES
   webmock
 
 RUBY VERSION
-   ruby 2.7.6p219
+   ruby 2.7.8p225
 
 BUNDLED WITH
    2.3.25

Rakefile

@@ -63,7 +63,7 @@ task :bundle_audit do
   # TODO: remove CVE-2015-9284 once https://github.com/omniauth/omniauth/pull/809 is resolved
   # TODO: remove CVE-2022-0759 once local development works on newer version
   # TODO: remove GHSA-hjp3-5g2q-7jww will need ruby 3.0
-  sh "bundle-audit check --update --ignore CVE-2015-9284 CVE-2022-0759 GHSA-hjp3-5g2q-7jww"
+  sh "bundle-audit check --update --ignore CVE-2015-9284 CVE-2022-0759 GHSA-hjp3-5g2q-7jww CVE-2023-34246"
 end
 
 desc "Run rubocop"

config/initializers/omniauth.rb

@@ -38,8 +38,8 @@
       ENV.fetch("GITLAB_SECRET"),
       client_options: {
         site: Rails.application.config.samson.gitlab.web_url,
-        authorize_url: '/oauth/authorize',
-        token_url: '/oauth/token'
+        authorize_url: 'oauth/authorize',
+        token_url: 'oauth/token'
       }
     )
   end