From 7602ccb596ccd612bc8d9d2c2cc2b46ea8977caa Mon Sep 17 00:00:00 2001 From: brennen-stripe <86444598+brennen-stripe@users.noreply.github.com> Date: Wed, 28 Jun 2023 10:04:27 -0700 Subject: [PATCH] Fixing gem vulnerability (#1140) * fix gem vuln * added back other platforms * added linux plat --- Gemfile | 2 +- Gemfile.lock | 178 +++++++++--------- .../lib/activerecord/all/activerecord.rbi | 4 +- 3 files changed, 89 insertions(+), 95 deletions(-) diff --git a/Gemfile b/Gemfile index a7f0ec0beb..36fff26283 100644 --- a/Gemfile +++ b/Gemfile @@ -18,7 +18,7 @@ gem 'reline', '~> 0.3.1' gem 'dotenv-rails', '2.8.1', groups: [:development, :test] gem 'foreman', groups: [:development, :test] -gem 'rails', '~> 6.1.7.2' +gem 'rails', '~> 6.1.7.4' gem 'lograge', '~> 0.12' group :production do diff --git a/Gemfile.lock b/Gemfile.lock index 4d1787f856..8c545556b2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -9,72 +9,72 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.3) - actionpack (= 6.1.7.3) - activesupport (= 6.1.7.3) + actioncable (6.1.7.4) + actionpack (= 6.1.7.4) + activesupport (= 6.1.7.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.3) - actionpack (= 6.1.7.3) - activejob (= 6.1.7.3) - activerecord (= 6.1.7.3) - activestorage (= 6.1.7.3) - activesupport (= 6.1.7.3) + actionmailbox (6.1.7.4) + actionpack (= 6.1.7.4) + activejob (= 6.1.7.4) + activerecord (= 6.1.7.4) + activestorage (= 6.1.7.4) + activesupport (= 6.1.7.4) mail (>= 2.7.1) - actionmailer (6.1.7.3) - actionpack (= 6.1.7.3) - actionview (= 6.1.7.3) - activejob (= 6.1.7.3) - activesupport (= 6.1.7.3) + actionmailer (6.1.7.4) + actionpack (= 6.1.7.4) + actionview (= 6.1.7.4) + activejob (= 6.1.7.4) + activesupport (= 6.1.7.4) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.7.3) - actionview (= 6.1.7.3) - activesupport (= 6.1.7.3) + actionpack (6.1.7.4) + actionview (= 6.1.7.4) + activesupport (= 6.1.7.4) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.3) - actionpack (= 6.1.7.3) - activerecord (= 6.1.7.3) - activestorage (= 6.1.7.3) - activesupport (= 6.1.7.3) + actiontext (6.1.7.4) + actionpack (= 6.1.7.4) + activerecord (= 6.1.7.4) + activestorage (= 6.1.7.4) + activesupport (= 6.1.7.4) nokogiri (>= 1.8.5) - actionview (6.1.7.3) - activesupport (= 6.1.7.3) + actionview (6.1.7.4) + activesupport (= 6.1.7.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.3) - activesupport (= 6.1.7.3) + activejob (6.1.7.4) + activesupport (= 6.1.7.4) globalid (>= 0.3.6) - activemodel (6.1.7.3) - activesupport (= 6.1.7.3) - activerecord (6.1.7.3) - activemodel (= 6.1.7.3) - activesupport (= 6.1.7.3) - activestorage (6.1.7.3) - actionpack (= 6.1.7.3) - activejob (= 6.1.7.3) - activerecord (= 6.1.7.3) - activesupport (= 6.1.7.3) + activemodel (6.1.7.4) + activesupport (= 6.1.7.4) + activerecord (6.1.7.4) + activemodel (= 6.1.7.4) + activesupport (= 6.1.7.4) + activestorage (6.1.7.4) + actionpack (= 6.1.7.4) + activejob (= 6.1.7.4) + activerecord (= 6.1.7.4) + activesupport (= 6.1.7.4) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.3) + activesupport (6.1.7.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) - addressable (2.8.1) + addressable (2.8.4) public_suffix (>= 2.0.2, < 6.0) ansi (1.5.0) ast (2.4.2) aws-eventstream (1.2.0) - aws-partitions (1.729.0) - aws-sdk-core (3.170.0) + aws-partitions (1.782.0) + aws-sdk-core (3.175.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.5) @@ -149,12 +149,12 @@ GEM http-accept (1.7.0) http-cookie (1.0.5) domain_name (~> 0.5) - i18n (1.12.0) + i18n (1.14.1) concurrent-ruby (~> 1.0) interception (0.5) io-console (0.6.0) jmespath (1.6.2) - jwt (2.7.0) + jwt (2.7.1) launchy (2.5.2) addressable (~> 2.8) listen (3.8.0) @@ -165,9 +165,9 @@ GEM activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.19.1) + loofah (2.21.3) crass (~> 1.0.2) - nokogiri (>= 1.5.9) + nokogiri (>= 1.12.0) mail (2.8.1) mini_mime (>= 0.1.1) net-imap @@ -193,14 +193,14 @@ GEM minitest (>= 5.0) ruby-progressbar mocha (1.16.1) - mono_logger (1.1.1) - msgpack (1.6.1) + mono_logger (1.1.2) + msgpack (1.7.1) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.3.0) mustermann (2.0.2) ruby2_keywords (~> 0.0.1) - net-imap (0.3.4) + net-imap (0.3.6) date net-protocol net-pop (0.1.2) @@ -210,12 +210,10 @@ GEM net-smtp (0.3.3) net-protocol netrc (0.11.0) - nio4r (2.5.8) - nokogiri (1.14.3-arm64-darwin) + nio4r (2.5.9) + nokogiri (1.15.2-arm64-darwin) racc (~> 1.4) - nokogiri (1.14.3-x86_64-darwin) - racc (~> 1.4) - nokogiri (1.14.3-x86_64-linux) + nokogiri (1.15.2-x86_64-linux) racc (~> 1.4) oauth2 (1.4.11) faraday (>= 0.17.3, < 3.0) @@ -235,14 +233,15 @@ GEM omniauth (~> 2.0) omniauth-stripe (0.1.0) omniauth-oauth2 - parallel (1.22.1) + parallel (1.23.0) parlour (8.1.0) commander (~> 4.5) parser rainbow (~> 3.0) sorbet-runtime (>= 0.5) - parser (3.2.1.1) + parser (3.2.2.3) ast (~> 2.4.1) + racc pg (1.4.6) polyfill (1.9.0) pry (0.14.2) @@ -262,40 +261,40 @@ GEM binding_of_caller (~> 1.0) pry (~> 0.13) public_suffix (5.0.1) - puma (5.6.5) + puma (5.6.6) nio4r (~> 2.0) raabro (1.4.0) - racc (1.6.2) - rack (2.2.6.4) + racc (1.7.1) + rack (2.2.7) rack-attack (6.6.1) rack (>= 1.0, < 3) rack-protection (2.2.4) rack rack-test (2.0.2) rack (>= 1.3) - rails (6.1.7.3) - actioncable (= 6.1.7.3) - actionmailbox (= 6.1.7.3) - actionmailer (= 6.1.7.3) - actionpack (= 6.1.7.3) - actiontext (= 6.1.7.3) - actionview (= 6.1.7.3) - activejob (= 6.1.7.3) - activemodel (= 6.1.7.3) - activerecord (= 6.1.7.3) - activestorage (= 6.1.7.3) - activesupport (= 6.1.7.3) + rails (6.1.7.4) + actioncable (= 6.1.7.4) + actionmailbox (= 6.1.7.4) + actionmailer (= 6.1.7.4) + actionpack (= 6.1.7.4) + actiontext (= 6.1.7.4) + actionview (= 6.1.7.4) + activejob (= 6.1.7.4) + activemodel (= 6.1.7.4) + activerecord (= 6.1.7.4) + activestorage (= 6.1.7.4) + activesupport (= 6.1.7.4) bundler (>= 1.15.0) - railties (= 6.1.7.3) + railties (= 6.1.7.4) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.4) loofah (~> 2.19, >= 2.19.1) - railties (6.1.7.3) - actionpack (= 6.1.7.3) - activesupport (= 6.1.7.3) + railties (6.1.7.4) + actionpack (= 6.1.7.4) + activesupport (= 6.1.7.4) method_source rake (>= 12.2) thor (~> 1.0) @@ -305,10 +304,10 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) redis (4.5.1) - redis-namespace (1.10.0) + redis-namespace (1.11.0) redis (>= 4) - regexp_parser (2.7.0) - reline (0.3.2) + regexp_parser (2.8.1) + reline (0.3.5) io-console (~> 0.5) request_store (1.5.1) rack (>= 1.4) @@ -358,7 +357,7 @@ GEM ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) rubyzip (2.3.2) - rufus-scheduler (3.8.2) + rufus-scheduler (3.9.1) fugit (~> 1.1, >= 1.1.6) safe_type (1.1.1) selenium-webdriver (4.5.0) @@ -388,8 +387,8 @@ GEM rack-protection (= 2.2.4) tilt (~> 2.0) slop (3.6.0) - sorbet (0.5.10712) - sorbet-static (= 0.5.10712) + sorbet (0.5.10888) + sorbet-static (= 0.5.10888) sorbet-coerce (0.7.0) polyfill (~> 1.8) safe_type (~> 1.1, >= 1.1.1) @@ -400,11 +399,9 @@ GEM parser (>= 2.7) sorbet-coerce (>= 0.2.6) sorbet-runtime (>= 0.5.9892) - sorbet-runtime (0.5.10712) - sorbet-static (0.5.10712-universal-darwin-20) - sorbet-static (0.5.10712-universal-darwin-21) - sorbet-static (0.5.10712-universal-darwin-22) - sorbet-static (0.5.10712-x86_64-linux) + sorbet-runtime (0.5.10888) + sorbet-static (0.5.10888-universal-darwin-21) + sorbet-static (0.5.10888-x86_64-linux) spring (4.1.1) sprockets (4.2.0) concurrent-ruby (~> 1.0) @@ -414,9 +411,9 @@ GEM activesupport (>= 5.2) sprockets (>= 3.0.0) stripe (7.1.0) - thor (1.2.1) - tilt (2.1.0) - timeout (0.3.2) + thor (1.2.2) + tilt (2.2.0) + timeout (0.4.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) unf (0.1.4) @@ -433,13 +430,10 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.7) + zeitwerk (2.6.8) PLATFORMS arm64-darwin-21 - x86_64-darwin-20 - x86_64-darwin-21 - x86_64-darwin-22 x86_64-linux DEPENDENCIES @@ -481,7 +475,7 @@ DEPENDENCIES rack (>= 2.2.6.4) rack-attack (~> 6.6.1) rack-test (~> 2.0.2) - rails (~> 6.1.7.2) + rails (~> 6.1.7.4) rails-html-sanitizer (= 1.4.4) redis (~> 4.5.1) reline (~> 0.3.1) diff --git a/sorbet/rbi/sorbet-typed/lib/activerecord/all/activerecord.rbi b/sorbet/rbi/sorbet-typed/lib/activerecord/all/activerecord.rbi index 6e88c5d981..840447354c 100644 --- a/sorbet/rbi/sorbet-typed/lib/activerecord/all/activerecord.rbi +++ b/sorbet/rbi/sorbet-typed/lib/activerecord/all/activerecord.rbi @@ -690,10 +690,10 @@ end module ActiveRecord::Persistence mixes_in_class_methods(ActiveRecord::Persistence::ClassMethods) - sig { params(klass: Class).returns(T.untyped) } + sig { params(klass: T::Class[T.anything]).returns(T.untyped) } def becomes!(klass); end - sig { params(klass: Class).returns(T.untyped) } + sig { params(klass: T::Class[T.anything]).returns(T.untyped) } def becomes(klass); end sig do