From 793854d21c7fc04471c02c7d88903076a4c79651 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sun, 29 May 2022 03:42:25 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848599
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848600
---
 Gemfile      |   8 ++--
 Gemfile.lock | 108 ++++++++++++++++++++++++++-------------------------
 2 files changed, 59 insertions(+), 57 deletions(-)

diff --git a/Gemfile b/Gemfile
index c4af8b4..419b1d8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -8,20 +8,20 @@ end
 
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 5.1.6'
+gem 'rails', '~> 5.1.7'
 # Use sqlite3 as the database for Active Record
 gem 'sqlite3', '~> 1.3.7'
 # Use Puma as the app server
 gem 'puma', '~> 3.12'
 # Use SCSS for stylesheets
-gem 'sass-rails', '~> 5.0'
+gem 'sass-rails', '~> 5.0', '>= 5.0.7'
 # Use Uglifier as compressor for JavaScript assets
 gem 'uglifier', '>= 1.3.0'
 # See https://github.com/rails/execjs#readme for more supported runtimes
 # gem 'therubyracer', platforms: :ruby
 
 # Use CoffeeScript for .coffee assets and views
-gem 'coffee-rails', '~> 4.2'
+gem 'coffee-rails', '~> 4.2', '>= 4.2.2'
 # Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks
 gem 'turbolinks', '~> 5'
 # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
@@ -59,7 +59,7 @@ gem 'bootstrap-sass'
 gem 'figaro'
 gem 'httparty'
 gem 'rest-client'
-gem 'procore', '~> 1.1'
+gem 'procore', '~> 1.1', '>= 1.1.0'
 gem 'omniauth'
 gem 'omniauth-procore'
 gem 'omniauth-rails_csrf_protection'
diff --git a/Gemfile.lock b/Gemfile.lock
index 857e0d5..bdad1f2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -38,7 +38,7 @@ GEM
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    addressable (2.7.0)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
     arel (8.0.0)
     autoprefixer-rails (10.2.4.0)
@@ -49,13 +49,14 @@ GEM
       sassc (>= 2.0.0)
     builder (3.2.4)
     byebug (11.1.1)
-    capybara (3.31.0)
+    capybara (3.37.1)
       addressable
+      matrix
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
-      regexp_parser (~> 1.5)
+      regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     childprocess (3.0.0)
     coderay (1.1.3)
@@ -66,88 +67,89 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    concurrent-ruby (1.1.8)
+    concurrent-ruby (1.1.10)
     crass (1.0.6)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    erubi (1.9.0)
-    execjs (2.7.0)
-    faraday (1.3.0)
-      faraday-net_http (~> 1.0)
-      multipart-post (>= 1.2, < 3)
-      ruby2_keywords
-    faraday-net_http (1.0.1)
-    ffi (1.12.2)
+    erubi (1.10.0)
+    execjs (2.8.1)
+    faraday (2.3.0)
+      faraday-net_http (~> 2.0)
+      ruby2_keywords (>= 0.0.4)
+    faraday-net_http (2.0.3)
+    ffi (1.15.5)
     figaro (1.1.1)
       thor (~> 0.14)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    hashie (4.1.0)
-    http-cookie (1.0.3)
+    globalid (1.0.0)
+      activesupport (>= 5.0)
+    hashie (5.0.0)
+    http-cookie (1.0.5)
       domain_name (~> 0.5)
     httparty (0.18.1)
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
-    i18n (1.8.9)
+    i18n (1.10.0)
       concurrent-ruby (~> 1.0)
     jbuilder (2.10.0)
       activesupport (>= 5.0.0)
-    jquery-rails (4.3.5)
+    jquery-rails (4.5.0)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    jwt (2.2.2)
+    jwt (2.3.0)
     listen (3.2.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.4.0)
+    loofah (2.18.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
+    matrix (0.4.2)
     method_source (0.9.2)
-    mime-types (3.3.1)
+    mime-types (3.4.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2021.0225)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.4)
+    mime-types-data (3.2022.0105)
+    mini_mime (1.1.2)
+    mini_portile2 (2.8.0)
+    minitest (5.15.0)
     multi_json (1.15.0)
     multi_xml (0.6.0)
-    multipart-post (2.1.1)
     netrc (0.11.0)
-    nio4r (2.5.2)
-    nokogiri (1.10.8)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
-      faraday (>= 0.8, < 2.0)
+    nio4r (2.5.8)
+    nokogiri (1.13.6)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
+    oauth2 (1.4.9)
+      faraday (>= 0.17.3, < 3.0)
       jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    omniauth (2.0.2)
+    omniauth (2.1.0)
       hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
+      rack (>= 2.2.3)
       rack-protection
-    omniauth-oauth2 (1.7.1)
+    omniauth-oauth2 (1.7.2)
       oauth2 (~> 1.4)
       omniauth (>= 1.9, < 3)
-    omniauth-procore (0.6.0)
+    omniauth-procore (0.7.0)
       omniauth-oauth2 (>= 1.1.1, < 2.0)
-    omniauth-rails_csrf_protection (1.0.0)
+    omniauth-rails_csrf_protection (1.0.1)
       actionpack (>= 4.2)
       omniauth (~> 2.0)
-    procore (1.1.0)
+    procore (1.1.4)
       activesupport (> 2.4)
       oauth2 (~> 1.4)
       rest-client (~> 2.0.0)
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    public_suffix (4.0.3)
+    public_suffix (4.0.7)
     puma (3.12.6)
-    rack (2.2.3)
-    rack-protection (2.1.0)
+    racc (1.6.0)
+    rack (2.2.3.1)
+    rack-protection (2.2.0)
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
@@ -166,7 +168,7 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
+    rails-html-sanitizer (1.4.2)
       loofah (~> 2.3)
     railties (5.1.7)
       actionpack (= 5.1.7)
@@ -174,16 +176,16 @@ GEM
       method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (13.0.1)
-    rb-fsevent (0.10.3)
+    rake (13.0.6)
+    rb-fsevent (0.11.1)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    regexp_parser (1.7.0)
+    regexp_parser (2.5.0)
     rest-client (2.0.2)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    ruby2_keywords (0.0.4)
+    ruby2_keywords (0.0.5)
     rubyzip (2.2.0)
     sass (3.7.4)
       sass-listen (~> 4.0.0)
@@ -208,7 +210,7 @@ GEM
     sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.2.1)
+    sprockets-rails (3.2.2)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
@@ -225,7 +227,7 @@ GEM
       execjs (>= 0.3.0, < 3)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.7.7)
+    unf_ext (0.0.8.2)
     web-console (3.7.0)
       actionview (>= 5.0)
       activemodel (>= 5.0)
@@ -233,7 +235,7 @@ GEM
       railties (>= 5.0)
     websocket-driver (0.6.5)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.4)
+    websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
 
@@ -244,7 +246,7 @@ DEPENDENCIES
   bootstrap-sass
   byebug
   capybara
-  coffee-rails (~> 4.2)
+  coffee-rails (~> 4.2, >= 4.2.2)
   figaro
   httparty
   jbuilder (~> 2.5)
@@ -253,12 +255,12 @@ DEPENDENCIES
   omniauth
   omniauth-procore
   omniauth-rails_csrf_protection
-  procore (~> 1.1)
+  procore (~> 1.1, >= 1.1.0)
   pry
   puma (~> 3.12)
-  rails (~> 5.1.6)
+  rails (~> 5.1.7)
   rest-client
-  sass-rails (~> 5.0)
+  sass-rails (~> 5.0, >= 5.0.7)
   selenium-webdriver
   spring
   spring-watcher-listen
@@ -269,4 +271,4 @@ DEPENDENCIES
   web-console
 
 BUNDLED WITH
-   2.2.13
+   2.1.4