From f7ea68da17c2d5611988d824c001b1060b765ca5 Mon Sep 17 00:00:00 2001 From: Jacob Cody Wimer Date: Mon, 30 Aug 2021 20:06:31 +0000 Subject: [PATCH] Updated gems and rails for vulnerabilities, switched to bundle-audit from hakiri due to hakiri not supporting ruby 3, and removed the travisci gem. --- Gemfile | 5 +- Gemfile.lock | 254 +++++++++++++---------------------- bin/run-all-tests.sh | 2 +- deploy/rails-prod-Dockerfile | 1 + 4 files changed, 97 insertions(+), 165 deletions(-) diff --git a/Gemfile b/Gemfile index 1c3f35a..0fc6070 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org' ruby '3.0.0' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '6.1.3.1' +gem 'rails', '6.1.4.1' # Use sqlite3 as the database for Active Record #gem 'sqlite3', '~> 1.3', '< 1.4', :group => :development gem 'sqlite3', :group => :development @@ -63,7 +63,6 @@ group :development do gem 'rubocop' gem 'bullet' gem 'brakeman' - gem 'hakiri' - gem 'travis' + gem 'bundler-audit' end diff --git a/Gemfile.lock b/Gemfile.lock index 3e3bbff..99ce9ea 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,75 +1,76 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.1.3.1) - actionpack (= 6.1.3.1) - activesupport (= 6.1.3.1) + actioncable (6.1.4.1) + actionpack (= 6.1.4.1) + activesupport (= 6.1.4.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.3.1) - actionpack (= 6.1.3.1) - activejob (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionmailbox (6.1.4.1) + actionpack (= 6.1.4.1) + activejob (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) mail (>= 2.7.1) - actionmailer (6.1.3.1) - actionpack (= 6.1.3.1) - actionview (= 6.1.3.1) - activejob (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionmailer (6.1.4.1) + actionpack (= 6.1.4.1) + actionview (= 6.1.4.1) + activejob (= 6.1.4.1) + activesupport (= 6.1.4.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.3.1) - actionview (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionpack (6.1.4.1) + actionview (= 6.1.4.1) + activesupport (= 6.1.4.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.3.1) - actionpack (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + actiontext (6.1.4.1) + actionpack (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) nokogiri (>= 1.8.5) - actionview (6.1.3.1) - activesupport (= 6.1.3.1) + actionview (6.1.4.1) + activesupport (= 6.1.4.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.3.1) - activesupport (= 6.1.3.1) + activejob (6.1.4.1) + activesupport (= 6.1.4.1) globalid (>= 0.3.6) - activemodel (6.1.3.1) - activesupport (= 6.1.3.1) - activerecord (6.1.3.1) - activemodel (= 6.1.3.1) - activesupport (= 6.1.3.1) - activestorage (6.1.3.1) - actionpack (= 6.1.3.1) - activejob (= 6.1.3.1) - activerecord (= 6.1.3.1) - activesupport (= 6.1.3.1) + activemodel (6.1.4.1) + activesupport (= 6.1.4.1) + activerecord (6.1.4.1) + activemodel (= 6.1.4.1) + activesupport (= 6.1.4.1) + activestorage (6.1.4.1) + actionpack (= 6.1.4.1) + activejob (= 6.1.4.1) + activerecord (= 6.1.4.1) + activesupport (= 6.1.4.1) marcel (~> 1.0.0) - mini_mime (~> 1.0.2) - activesupport (6.1.3.1) + mini_mime (>= 1.1.0) + activesupport (6.1.4.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) - addressable (2.4.0) ast (2.4.2) - backports (3.21.0) bcrypt (3.1.16) - brakeman (5.0.0) + brakeman (5.1.1) builder (3.2.4) - bullet (6.1.4) + bullet (6.1.5) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) - cancancan (3.2.1) + bundler-audit (0.8.0) + bundler (>= 1.2.0, < 3) + thor (~> 1.0) + cancancan (3.3.0) coffee-rails (5.0.0) coffee-script (>= 2.2.0) railties (>= 5.2.0) @@ -77,11 +78,9 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - commander (4.4.6) - highline (~> 1.7.2) - concurrent-ruby (1.1.8) + concurrent-ruby (1.1.9) crass (1.0.6) - daemons (1.3.1) + daemons (1.4.1) dalli (2.7.11) delayed_job (4.1.9) activesupport (>= 3.0, < 6.2) @@ -93,49 +92,20 @@ GEM delayed_job (> 2.0.3) rack-protection (>= 1.5.5) sinatra (>= 1.4.4) - devise (4.7.3) + devise (4.8.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) responders warden (~> 1.2.3) - domain_name (0.5.20190701) - unf (>= 0.0.5, < 1.0.0) erubi (1.10.0) - ethon (0.12.0) - ffi (>= 1.3.0) - execjs (2.7.0) - faraday (0.17.4) - multipart-post (>= 1.2, < 3) - faraday_middleware (0.14.0) - faraday (>= 0.7.4, < 1.0) - ffi (1.15.0) - gh (0.15.1) - addressable (~> 2.4.0) - backports - faraday (~> 0.8) - multi_json (~> 1.0) - net-http-persistent (~> 2.9) - net-http-pipeline - globalid (0.4.2) - activesupport (>= 4.2.0) - hakiri (0.7.2) - activesupport - bundler - commander - i18n - json - rake - rest-client - terminal-table - highline (1.7.10) - http-accept (1.7.0) - http-cookie (1.0.3) - domain_name (~> 0.5) + execjs (2.8.1) + globalid (0.5.2) + activesupport (>= 5.0) i18n (1.8.10) concurrent-ruby (~> 1.0) influxdb (0.8.1) - influxdb-rails (1.0.1) + influxdb-rails (1.0.2) influxdb (~> 0.6, >= 0.6.4) railties (>= 5.0) jbuilder (2.11.2) @@ -144,115 +114,94 @@ GEM rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - json (2.5.1) - launchy (2.4.3) - addressable (~> 2.3) - libv8 (3.16.14.19) - loofah (2.9.0) + libv8 (3.16.14.19-x86_64-linux) + loofah (2.12.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (1.0.0) + marcel (1.0.1) method_source (1.0.0) - mime-types (3.3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2021.0225) - mini_mime (1.0.3) - mini_portile2 (2.5.0) + mini_mime (1.1.1) minitest (5.14.4) - multi_json (1.15.0) - multipart-post (2.1.1) mustermann (1.1.1) ruby2_keywords (~> 0.0.1) mysql2 (0.5.3) - net-http-persistent (2.9.4) - net-http-pipeline (1.0.1) - netrc (0.11.0) - newrelic_rpm (6.15.0) - nio4r (2.5.7) - nokogiri (1.11.2) - mini_portile2 (~> 2.5.0) + newrelic_rpm (7.2.0) + nio4r (2.5.8) + nokogiri (1.12.4-x86_64-linux) racc (~> 1.4) orm_adapter (0.5.0) parallel (1.20.1) - parser (3.0.0.0) + parser (3.0.2.0) ast (~> 2.4.1) - passenger (6.0.8) + passenger (6.0.10) rack rake (>= 0.8.1) - puma (5.2.2) + puma (5.4.0) nio4r (~> 2.0) - pusher-client (0.6.2) - json - websocket (~> 1.0) racc (1.5.2) rack (2.2.3) rack-protection (2.1.0) rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.3.1) - actioncable (= 6.1.3.1) - actionmailbox (= 6.1.3.1) - actionmailer (= 6.1.3.1) - actionpack (= 6.1.3.1) - actiontext (= 6.1.3.1) - actionview (= 6.1.3.1) - activejob (= 6.1.3.1) - activemodel (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + rails (6.1.4.1) + actioncable (= 6.1.4.1) + actionmailbox (= 6.1.4.1) + actionmailer (= 6.1.4.1) + actionpack (= 6.1.4.1) + actiontext (= 6.1.4.1) + actionview (= 6.1.4.1) + activejob (= 6.1.4.1) + activemodel (= 6.1.4.1) + activerecord (= 6.1.4.1) + activestorage (= 6.1.4.1) + activesupport (= 6.1.4.1) bundler (>= 1.15.0) - railties (= 6.1.3.1) + railties (= 6.1.4.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.2) loofah (~> 2.3) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (6.1.3.1) - actionpack (= 6.1.3.1) - activesupport (= 6.1.3.1) + railties (6.1.4.1) + actionpack (= 6.1.4.1) + activesupport (= 6.1.4.1) method_source - rake (>= 0.8.7) + rake (>= 0.13) thor (~> 1.0) rainbow (3.0.0) - rake (13.0.3) + rake (13.0.6) rb-readline (0.5.5) - rdoc (6.3.0) + rdoc (6.3.2) ref (2.0.0) regexp_parser (2.1.1) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) - rest-client (2.1.0) - http-accept (>= 1.7.0, < 2.0) - http-cookie (>= 1.0.2, < 2.0) - mime-types (>= 1.16, < 4.0) - netrc (~> 0.8) - rexml (3.2.4) + rexml (3.2.5) round_robin_tournament (0.1.1) - rubocop (1.12.0) + rubocop (1.20.0) parallel (~> 1.10) parser (>= 3.0.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml - rubocop-ast (>= 1.2.0, < 2.0) + rubocop-ast (>= 1.9.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.4.1) - parser (>= 2.7.1.5) + rubocop-ast (1.11.0) + parser (>= 3.0.1.1) ruby-progressbar (1.11.0) - ruby2_keywords (0.0.4) - sdoc (2.1.0) + ruby2_keywords (0.0.5) + sdoc (2.2.0) rdoc (>= 5.0) sinatra (2.1.0) mustermann (~> 1.0) @@ -268,51 +217,36 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.4.2) - terminal-table (1.6.0) therubyracer (0.12.3) libv8 (~> 3.16.14.15) ref thor (1.1.0) tilt (2.0.10) - travis (1.8.13) - backports - faraday (~> 0.9) - faraday_middleware (~> 0.9, >= 0.9.1) - gh (~> 0.13) - highline (~> 1.6) - launchy (~> 2.1) - pusher-client (~> 0.4) - typhoeus (~> 0.6, >= 0.6.8) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - typhoeus (0.8.0) - ethon (>= 0.8.0) tzinfo (2.0.4) concurrent-ruby (~> 1.0) tzinfo-data (1.2021.1) tzinfo (>= 1.0.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) - unf (0.1.4) - unf_ext - unf_ext (0.0.7.7) unicode-display_width (2.0.0) uniform_notifier (1.14.2) warden (1.2.9) rack (>= 2.0.9) - websocket (1.2.9) - websocket-driver (0.7.3) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) zeitwerk (2.4.2) PLATFORMS - ruby + x86_64-linux DEPENDENCIES brakeman bullet + bundler-audit cancancan coffee-rails daemons @@ -320,7 +254,6 @@ DEPENDENCIES delayed_job_active_record delayed_job_web devise - hakiri influxdb-rails jbuilder jquery-rails @@ -328,7 +261,7 @@ DEPENDENCIES newrelic_rpm passenger puma - rails (= 6.1.3.1) + rails (= 6.1.4.1) rails_12factor rb-readline round_robin_tournament @@ -337,7 +270,6 @@ DEPENDENCIES spring sqlite3 therubyracer - travis turbolinks tzinfo-data uglifier @@ -346,4 +278,4 @@ RUBY VERSION ruby 3.0.0p0 BUNDLED WITH - 2.2.9 + 2.2.26 diff --git a/bin/run-all-tests.sh b/bin/run-all-tests.sh index 966609f..1f9d09e 100755 --- a/bin/run-all-tests.sh +++ b/bin/run-all-tests.sh @@ -4,5 +4,5 @@ project_dir="$(dirname $( dirname $(readlink -f ${BASH_SOURCE[0]})))" cd ${project_dir} bundle exec rake db:migrate RAILS_ENV=test CI=true brakeman -bundle exec hakiri gemfile:scan --force +bundle exec bundle-audit check --update bundle exec rake test diff --git a/deploy/rails-prod-Dockerfile b/deploy/rails-prod-Dockerfile index e94c713..3769a73 100644 --- a/deploy/rails-prod-Dockerfile +++ b/deploy/rails-prod-Dockerfile @@ -17,6 +17,7 @@ RUN apt-get -qq update \ default-libmysqlclient-dev \ nodejs \ tzdata \ + git \ && apt-get -qq clean \ && apt-get autoremove -y \ && rm -rf \