Merged in r2-3144-security-updates (pull request #7010)

R2-3144 Updating Rails to 6.1.7.9, Puma, Nokogiri, etc
fphgov · Dec 6, 2024 · 14c3425 · 14c3425
2 parents 5787070 + e3ec5e9
commit 14c3425
Show file tree

Hide file tree

Showing 4 changed files with 687 additions and 963 deletions.
diff --git a/Gemfile b/Gemfile
@@ -34,7 +34,7 @@ gem 'prawn-table',         '~> 0.2'    # PDF generation
 gem 'puma',                '~> 6.4'    # Ruby Rack server
 gem 'rack',                '~> 2.2'
 gem 'rack-attack',         '>= 6.6'    # Rack middleware to rate limit sensetive routes, such as those used for auth
-gem 'rails',               '6.1.7.8'
+gem 'rails',               '6.1.7.9'
 gem 'rake',                '~> 13.0'
 gem 'rbnacl',              '>= 7.1.1'  # Libsodium Ruby binding. Used for encrypting export file passwords.
 gem 'rubyzip',             '~> 2.3',   # Zip and encrypt exported files

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,62 +1,62 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actioncable (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      activejob (= 6.1.7.8)
-      activerecord (= 6.1.7.8)
-      activestorage (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actionmailbox (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activestorage (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       mail (>= 2.7.1)
-    actionmailer (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      actionview (= 6.1.7.8)
-      activejob (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actionmailer (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      actionview (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.7.8)
-      actionview (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actionpack (6.1.7.9)
+      actionview (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      activerecord (= 6.1.7.8)
-      activestorage (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actiontext (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activestorage (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       nokogiri (>= 1.8.5)
-    actionview (6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actionview (6.1.7.9)
+      activesupport (= 6.1.7.9)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.7.8)
-      activesupport (= 6.1.7.8)
+    activejob (6.1.7.9)
+      activesupport (= 6.1.7.9)
       globalid (>= 0.3.6)
-    activemodel (6.1.7.8)
-      activesupport (= 6.1.7.8)
-    activerecord (6.1.7.8)
-      activemodel (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    activemodel (6.1.7.9)
+      activesupport (= 6.1.7.9)
+    activerecord (6.1.7.9)
+      activemodel (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
     activerecord-nulldb-adapter (0.9.0)
       activerecord (>= 5.2.0, < 7.1)
-    activestorage (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      activejob (= 6.1.7.8)
-      activerecord (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    activestorage (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.7.8)
+    activesupport (6.1.7.9)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -111,7 +111,7 @@ GEM
     crass (1.0.6)
     csv-safe (3.2.1)
     daemons (1.4.1)
-    date (3.3.4)
+    date (3.4.1)
     deep_merge (1.2.2)
     delayed_job (4.1.11)
       activesupport (>= 3.0, < 8.0)
@@ -183,7 +183,7 @@ GEM
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     logger (1.6.1)
-    loofah (2.22.0)
+    loofah (2.23.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.8.1)
@@ -200,7 +200,7 @@ GEM
     mime-types-data (3.2023.0808)
     mini_magick (4.12.0)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.7)
+    mini_portile2 (2.8.8)
     minipack (0.3.6)
       actionview
       railties (>= 4.2)
@@ -209,7 +209,7 @@ GEM
     multipart-post (2.3.0)
     net-http-persistent (4.0.2)
       connection_pool (~> 2.2)
-    net-imap (0.4.12)
+    net-imap (0.5.1)
       date
       net-protocol
     net-pop (0.1.2)
@@ -218,8 +218,8 @@ GEM
       timeout
     net-smtp (0.5.0)
       net-protocol
-    nio4r (2.5.9)
-    nokogiri (1.16.5)
+    nio4r (2.7.4)
+    nokogiri (1.16.8)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     openssl (3.1.0)
@@ -244,9 +244,9 @@ GEM
       byebug (~> 11.0)
       pry (>= 0.13, < 0.15)
     public_suffix (5.0.3)
-    puma (6.4.2)
+    puma (6.5.0)
       nio4r (~> 2.0)
-    racc (1.8.0)
+    racc (1.8.1)
     rack (2.2.9)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
@@ -257,20 +257,20 @@ GEM
     rack_session_access (0.2.0)
       builder (>= 2.0.0)
       rack (>= 1.0.0)
-    rails (6.1.7.8)
-      actioncable (= 6.1.7.8)
-      actionmailbox (= 6.1.7.8)
-      actionmailer (= 6.1.7.8)
-      actionpack (= 6.1.7.8)
-      actiontext (= 6.1.7.8)
-      actionview (= 6.1.7.8)
-      activejob (= 6.1.7.8)
-      activemodel (= 6.1.7.8)
-      activerecord (= 6.1.7.8)
-      activestorage (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    rails (6.1.7.9)
+      actioncable (= 6.1.7.9)
+      actionmailbox (= 6.1.7.9)
+      actionmailer (= 6.1.7.9)
+      actionpack (= 6.1.7.9)
+      actiontext (= 6.1.7.9)
+      actionview (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activemodel (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activestorage (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       bundler (>= 1.15.0)
-      railties (= 6.1.7.8)
+      railties (= 6.1.7.9)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -280,15 +280,15 @@ GEM
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.0)
+    rails-html-sanitizer (1.6.1)
       loofah (~> 2.21)
-      nokogiri (~> 1.14)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
     rails-i18n (7.0.8)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
-    railties (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    railties (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -384,9 +384,9 @@ GEM
     sprockets (4.2.1)
       concurrent-ruby (~> 1.0)
       rack (>= 2.2.4, < 4)
-    sprockets-rails (3.4.2)
-      actionpack (>= 5.2)
-      activesupport (>= 5.2)
+    sprockets-rails (3.5.2)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
       sprockets (>= 3.0.0)
     strscan (3.1.0)
     sunspot (2.6.0)
@@ -403,7 +403,7 @@ GEM
       unicode-display_width (>= 1.1.1, < 3)
     text (1.3.1)
     thor (1.3.1)
-    timeout (0.4.1)
+    timeout (0.4.2)
     ttfunk (1.7.0)
     twitter_cldr (4.4.5)
       camertron-eprun
@@ -476,7 +476,7 @@ DEPENDENCIES
   rack-mini-profiler (>= 1.0.0)
   rack-test (~> 1.1)
   rack_session_access (~> 0.2)
-  rails (= 6.1.7.8)
+  rails (= 6.1.7.9)
   rails-controller-testing (~> 1.0)
   rake (~> 13.0)
   rbnacl (>= 7.1.1)