From: Lucas Di Pentima Date: Tue, 14 Jun 2022 13:36:30 +0000 (-0300) Subject: 19193: Upgrades RailsAPI & Workbench1 to address security issues. X-Git-Tag: 2.5.0~137^2~1 X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/f9506d2074e66ca8de89feea0acbddf1f542cee7 19193: Upgrades RailsAPI & Workbench1 to address security issues. Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima --- diff --git a/apps/workbench/Gemfile.lock b/apps/workbench/Gemfile.lock index 4a7dcc5fc4..ebb4b64c60 100644 --- a/apps/workbench/Gemfile.lock +++ b/apps/workbench/Gemfile.lock @@ -16,43 +16,43 @@ GEM remote: https://rubygems.org/ specs: RedCloth (4.3.2) - actioncable (5.2.6.3) - actionpack (= 5.2.6.3) + actioncable (5.2.8) + actionpack (= 5.2.8) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.6.3) - actionpack (= 5.2.6.3) - actionview (= 5.2.6.3) - activejob (= 5.2.6.3) + actionmailer (5.2.8) + actionpack (= 5.2.8) + actionview (= 5.2.8) + activejob (= 5.2.8) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.6.3) - actionview (= 5.2.6.3) - activesupport (= 5.2.6.3) + actionpack (5.2.8) + actionview (= 5.2.8) + activesupport (= 5.2.8) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.6.3) - activesupport (= 5.2.6.3) + actionview (5.2.8) + activesupport (= 5.2.8) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.6.3) - activesupport (= 5.2.6.3) + activejob (5.2.8) + activesupport (= 5.2.8) globalid (>= 0.3.6) - activemodel (5.2.6.3) - activesupport (= 5.2.6.3) - activerecord (5.2.6.3) - activemodel (= 5.2.6.3) - activesupport (= 5.2.6.3) + activemodel (5.2.8) + activesupport (= 5.2.8) + activerecord (5.2.8) + activemodel (= 5.2.8) + activesupport (= 5.2.8) arel (>= 9.0) - activestorage (5.2.6.3) - actionpack (= 5.2.6.3) - activerecord (= 5.2.6.3) + activestorage (5.2.8) + actionpack (= 5.2.8) + activerecord (= 5.2.8) marcel (~> 1.0.0) - activesupport (5.2.6.3) + activesupport (5.2.8) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -111,7 +111,7 @@ GEM childprocess (0.9.0) ffi (~> 1.0, >= 1.0.11) cliver (0.3.2) - concurrent-ruby (1.1.9) + concurrent-ruby (1.1.10) crass (1.0.6) deep_merge (1.2.1) docile (1.3.1) @@ -150,7 +150,7 @@ GEM railties (>= 4) request_store (~> 1.0) logstash-event (1.2.02) - loofah (2.14.0) + loofah (2.18.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -200,23 +200,23 @@ GEM websocket-driver (>= 0.2.0) public_suffix (4.0.6) racc (1.6.0) - rack (2.2.3) + rack (2.2.3.1) rack-mini-profiler (1.0.2) rack (>= 1.2.0) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.6.3) - actioncable (= 5.2.6.3) - actionmailer (= 5.2.6.3) - actionpack (= 5.2.6.3) - actionview (= 5.2.6.3) - activejob (= 5.2.6.3) - activemodel (= 5.2.6.3) - activerecord (= 5.2.6.3) - activestorage (= 5.2.6.3) - activesupport (= 5.2.6.3) + rails (5.2.8) + actioncable (= 5.2.8) + actionmailer (= 5.2.8) + actionpack (= 5.2.8) + actionview (= 5.2.8) + activejob (= 5.2.8) + activemodel (= 5.2.8) + activerecord (= 5.2.8) + activestorage (= 5.2.8) + activesupport (= 5.2.8) bundler (>= 1.3.0) - railties (= 5.2.6.3) + railties (= 5.2.8) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -225,12 +225,12 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.2) + rails-html-sanitizer (1.4.3) loofah (~> 2.3) rails-perftest (0.0.7) - railties (5.2.6.3) - actionpack (= 5.2.6.3) - activesupport (= 5.2.6.3) + railties (5.2.8) + actionpack (= 5.2.8) + activesupport (= 5.2.8) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) @@ -283,9 +283,9 @@ GEM sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) sshkey (2.0.0) thor (1.2.1) diff --git a/services/api/Gemfile.lock b/services/api/Gemfile.lock index 70a1e7a009..bb37fc0267 100644 --- a/services/api/Gemfile.lock +++ b/services/api/Gemfile.lock @@ -8,43 +8,43 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (5.2.6.3) - actionpack (= 5.2.6.3) + actioncable (5.2.8) + actionpack (= 5.2.8) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.6.3) - actionpack (= 5.2.6.3) - actionview (= 5.2.6.3) - activejob (= 5.2.6.3) + actionmailer (5.2.8) + actionpack (= 5.2.8) + actionview (= 5.2.8) + activejob (= 5.2.8) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.6.3) - actionview (= 5.2.6.3) - activesupport (= 5.2.6.3) + actionpack (5.2.8) + actionview (= 5.2.8) + activesupport (= 5.2.8) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.6.3) - activesupport (= 5.2.6.3) + actionview (5.2.8) + activesupport (= 5.2.8) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.6.3) - activesupport (= 5.2.6.3) + activejob (5.2.8) + activesupport (= 5.2.8) globalid (>= 0.3.6) - activemodel (5.2.6.3) - activesupport (= 5.2.6.3) - activerecord (5.2.6.3) - activemodel (= 5.2.6.3) - activesupport (= 5.2.6.3) + activemodel (5.2.8) + activesupport (= 5.2.8) + activerecord (5.2.8) + activemodel (= 5.2.8) + activesupport (= 5.2.8) arel (>= 9.0) - activestorage (5.2.6.3) - actionpack (= 5.2.6.3) - activerecord (= 5.2.6.3) + activestorage (5.2.8) + actionpack (= 5.2.8) + activerecord (= 5.2.8) marcel (~> 1.0.0) - activesupport (5.2.6.3) + activesupport (5.2.8) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -82,7 +82,7 @@ GEM multi_json (>= 1.0.0) builder (3.2.4) byebug (11.0.1) - concurrent-ruby (1.1.9) + concurrent-ruby (1.1.10) crass (1.0.6) erubi (1.10.0) extlib (0.9.16) @@ -123,7 +123,7 @@ GEM railties (>= 4) request_store (~> 1.0) logstash-event (1.2.02) - loofah (2.14.0) + loofah (2.18.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -153,21 +153,21 @@ GEM power_assert (1.1.4) public_suffix (4.0.6) racc (1.6.0) - rack (2.2.3) + rack (2.2.3.1) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.6.3) - actioncable (= 5.2.6.3) - actionmailer (= 5.2.6.3) - actionpack (= 5.2.6.3) - actionview (= 5.2.6.3) - activejob (= 5.2.6.3) - activemodel (= 5.2.6.3) - activerecord (= 5.2.6.3) - activestorage (= 5.2.6.3) - activesupport (= 5.2.6.3) + rails (5.2.8) + actioncable (= 5.2.8) + actionmailer (= 5.2.8) + actionpack (= 5.2.8) + actionview (= 5.2.8) + activejob (= 5.2.8) + activemodel (= 5.2.8) + activerecord (= 5.2.8) + activestorage (= 5.2.8) + activesupport (= 5.2.8) bundler (>= 1.3.0) - railties (= 5.2.6.3) + railties (= 5.2.8) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -176,14 +176,14 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.2) + rails-html-sanitizer (1.4.3) loofah (~> 2.3) rails-observers (0.1.5) activemodel (>= 4.0) rails-perftest (0.0.7) - railties (5.2.6.3) - actionpack (= 5.2.6.3) - activesupport (= 5.2.6.3) + railties (5.2.8) + actionpack (= 5.2.8) + activesupport (= 5.2.8) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) @@ -210,12 +210,12 @@ GEM simplecov-html (0.7.1) simplecov-rcov (0.2.3) simplecov (>= 0.4.1) - sprockets (3.7.2) + sprockets (4.0.3) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) sprockets (>= 3.0.0) sshkey (2.0.0) test-unit (3.3.1)