Merge pull request #10013 from opf/fix/bump_gems

Fix/bump gems
3 years ago · c386137a90
parent 4972a494bd 523f34d6a9
commit c386137a90
5 changed files with 75 additions and 67 deletions
--- a/12
+++ b/12
@ -32,7 +32,7 @@ ruby '~> 2.7.5'

 gem 'actionpack-xml_parser', '~> 2.0.0'
 gem 'activemodel-serializers-xml', '~> 1.0.1'
-gem 'activerecord-import', '~> 1.2.0'
+gem 'activerecord-import', '~> 1.3.0'
 gem 'activerecord-session_store', '~> 2.0.0'
 gem 'rails', '~> 6.1.4'
 gem 'responders', '~> 3.0'
@ -83,7 +83,7 @@ gem 'deckar01-task_list', '~> 2.3.1'
 # Requires escape-utils for faster escaping
 gem 'escape_utils', '~> 1.0'
 # Syntax highlighting used in html-pipeline with rouge
-gem 'rouge', '~> 3.26.0'
+gem 'rouge', '~> 3.27.0'
 # HTML sanitization used for html-pipeline
 gem 'sanitize', '~> 6.0.0'
 # HTML autolinking for mails and urls (replaces autolink)
@ -155,18 +155,18 @@ gem 'meta-tags', '~> 2.16.0'
 group :production do
  # we use dalli as standard memcache client
  # requires memcached 1.4+
-  gem 'dalli', '~> 3.1.0'
+  gem 'dalli', '~> 3.2.0'
 end

 gem 'i18n-js', '~> 3.9.0'
-gem 'rails-i18n', '~> 6.0.0'
+gem 'rails-i18n', '~> 7.0.0'
 gem 'sprockets', '~> 3.7.0'

 gem 'puma', '~> 5.5'
 gem 'rack-timeout', '~> 0.6.0', require: "rack/timeout/base"
 gem 'puma-plugin-statsd', '~> 2.0'

-gem 'nokogiri', '~> 1.12.5'
+gem 'nokogiri', '~> 1.13.0'

 gem 'carrierwave', '~> 1.3.1'
 gem 'carrierwave_direct', '~> 2.1.0'
@ -280,7 +280,7 @@ group :development, :test do
  gem 'pry-stack_explorer', '~> 0.6.0'

  # Brakeman scanner
-  gem 'brakeman', '~> 5.1.0'
+  gem 'brakeman', '~> 5.2.0'
  gem 'danger-brakeman'
 end

--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -159,7 +159,7 @@ PATH
  remote: modules/two_factor_authentication
  specs:
    openproject-two_factor_authentication (1.0.0)
-      aws-sdk-sns (~> 1.49.0)
+      aws-sdk-sns (~> 1.50.0)
      messagebird-rest (~> 1.4.2)
      rotp (~> 6.1)

@ -231,8 +231,8 @@ GEM
    activerecord (6.1.4.4)
      activemodel (= 6.1.4.4)
      activesupport (= 6.1.4.4)
-    activerecord-import (1.2.0)
-      activerecord (>= 3.2)
+    activerecord-import (1.3.0)
+      activerecord (>= 4.2)
    activerecord-nulldb-adapter (0.8.0)
      activerecord (>= 5.2.0, < 7.1)
    activerecord-session_store (2.0.0)
@ -273,21 +273,21 @@ GEM
    awesome_nested_set (3.4.0)
      activerecord (>= 4.0.0, < 7.0)
    aws-eventstream (1.2.0)
-    aws-partitions (1.543.0)
-    aws-sdk-core (3.125.0)
+    aws-partitions (1.546.0)
+    aws-sdk-core (3.125.1)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.525.0)
      aws-sigv4 (~> 1.1)
      jmespath (~> 1.0)
-    aws-sdk-kms (1.52.0)
-      aws-sdk-core (~> 3, >= 3.122.0)
+    aws-sdk-kms (1.53.0)
+      aws-sdk-core (~> 3, >= 3.125.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.109.0)
-      aws-sdk-core (~> 3, >= 3.122.0)
+    aws-sdk-s3 (1.111.1)
+      aws-sdk-core (~> 3, >= 3.125.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.4)
-    aws-sdk-sns (1.49.0)
-      aws-sdk-core (~> 3, >= 3.122.0)
+    aws-sdk-sns (1.50.0)
+      aws-sdk-core (~> 3, >= 3.125.0)
      aws-sigv4 (~> 1.1)
    aws-sigv4 (1.4.0)
      aws-eventstream (~> 1, >= 1.0.2)
@ -297,7 +297,7 @@ GEM
      debug_inspector (>= 0.0.1)
    bootsnap (1.9.3)
      msgpack (~> 1.0)
-    brakeman (5.1.2)
+    brakeman (5.2.0)
    browser (5.3.1)
    builder (3.2.4)
    byebug (11.1.3)
@ -351,7 +351,7 @@ GEM
      rexml
    crass (1.0.6)
    daemons (1.4.1)
-    dalli (3.1.5)
+    dalli (3.2.0)
    danger (8.4.2)
      claide (~> 1.0)
      claide-plugins (>= 0.9.2)
@ -393,7 +393,7 @@ GEM
    delayed_job_active_record (4.1.6)
      activerecord (>= 3.0, < 6.2)
      delayed_job (>= 3.0, < 5)
-    diff-lcs (1.4.4)
+    diff-lcs (1.5.0)
    disposable (0.6.2)
      declarative (>= 0.0.9, < 1.0.0)
      representable (>= 3.1.1, < 3.2.0)
@ -451,16 +451,17 @@ GEM
      railties (>= 5.0.0)
    faker (2.19.0)
      i18n (>= 1.6, < 2)
-    faraday (1.8.0)
+    faraday (1.9.3)
      faraday-em_http (~> 1.0)
      faraday-em_synchrony (~> 1.0)
      faraday-excon (~> 1.1)
-      faraday-httpclient (~> 1.0.1)
+      faraday-httpclient (~> 1.0)
+      faraday-multipart (~> 1.0)
      faraday-net_http (~> 1.0)
-      faraday-net_http_persistent (~> 1.1)
+      faraday-net_http_persistent (~> 1.0)
      faraday-patron (~> 1.0)
      faraday-rack (~> 1.0)
-      multipart-post (>= 1.2, < 3)
+      faraday-retry (~> 1.0)
      ruby2_keywords (>= 0.0.4)
    faraday-em_http (1.0.0)
    faraday-em_synchrony (1.0.0)
@ -468,11 +469,14 @@ GEM
    faraday-http-cache (2.2.0)
      faraday (>= 0.8)
    faraday-httpclient (1.0.1)
+    faraday-multipart (1.0.2)
+      multipart-post (>= 1.2, < 3)
    faraday-net_http (1.0.1)
    faraday-net_http_persistent (1.2.0)
    faraday-patron (1.0.0)
    faraday-rack (1.0.0)
-    fastimage (2.2.5)
+    faraday-retry (1.0.3)
+    fastimage (2.2.6)
    ffi (1.15.4)
    flamegraph (0.9.5)
    fog-aws (3.12.0)
@ -500,7 +504,7 @@ GEM
    fuubar (2.5.1)
      rspec-core (~> 3.0)
      ruby-progressbar (~> 1.4)
-    git (1.9.1)
+    git (1.10.2)
      rchardet (~> 1.8)
    globalid (1.0.0)
      activesupport (>= 5.0)
@ -509,7 +513,7 @@ GEM
      i18n (>= 0.7)
      multi_json
      request_store (>= 1.0)
-    grape (1.6.0)
+    grape (1.6.2)
      activesupport
      builder
      dry-types (>= 1.1)
@ -598,10 +602,10 @@ GEM
    method_source (1.0.0)
    mime-types (3.4.1)
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2021.1115)
+    mime-types-data (3.2022.0105)
    mini_magick (4.11.0)
    mini_mime (1.1.2)
-    mini_portile2 (2.6.1)
+    mini_portile2 (2.7.1)
    minisyntax (0.2.5)
    minitest (5.15.0)
    msgpack (1.4.2)
@ -616,13 +620,13 @@ GEM
    netrc (0.11.0)
    nio4r (2.5.8)
    no_proxy_fix (0.1.2)
-    nokogiri (1.12.5)
-      mini_portile2 (~> 2.6.1)
+    nokogiri (1.13.0)
+      mini_portile2 (~> 2.7.0)
      racc (~> 1.4)
    octokit (4.21.0)
      faraday (>= 0.9)
      sawyer (~> 0.8.0, >= 0.5.3)
-    oj (3.13.10)
+    oj (3.13.11)
    okcomputer (1.18.4)
    omniauth-saml (1.10.3)
      omniauth (~> 1.3, >= 1.3.2)
@ -643,12 +647,12 @@ GEM
    parallel (1.21.0)
    parallel_tests (3.7.3)
      parallel
-    parser (3.0.3.2)
+    parser (3.1.0.0)
      ast (~> 2.4.1)
    pdf-core (0.9.0)
    pdf-inspector (1.3.0)
      pdf-reader (>= 1.0, < 3.0.a)
-    pdf-reader (2.6.0)
+    pdf-reader (2.8.0)
      Ascii85 (~> 1.0)
      afm (~> 0.2.1)
      hashery (~> 2.0)
@ -683,6 +687,8 @@ GEM
    pry-stack_explorer (0.6.1)
      binding_of_caller (~> 1.0)
      pry (~> 0.13)
+    psych (4.0.3)
+      stringio
    public_suffix (4.0.6)
    puffing-billy (2.4.1)
      addressable (~> 2.5)
@ -745,9 +751,9 @@ GEM
      nokogiri (>= 1.6)
    rails-html-sanitizer (1.4.2)
      loofah (~> 2.3)
-    rails-i18n (6.0.0)
+    rails-i18n (7.0.1)
      i18n (>= 0.7, < 2)
-      railties (>= 6.0.0, < 7)
+      railties (>= 6.0.0, < 8)
    railties (6.1.4.4)
      actionpack (= 6.1.4.4)
      activesupport (= 6.1.4.4)
@ -761,7 +767,8 @@ GEM
      ffi (~> 1.0)
    rbtree3 (0.6.0)
    rchardet (1.8.0)
-    rdoc (6.3.3)
+    rdoc (6.4.0)
+      psych (>= 4.0.0)
    recaptcha (5.8.1)
      json
    redcarpet (3.5.1)
@ -786,7 +793,7 @@ GEM
    roar (1.1.1)
      representable (~> 3.0)
    rotp (6.2.0)
-    rouge (3.26.1)
+    rouge (3.27.0)
    rspec (3.10.0)
      rspec-core (~> 3.10.0)
      rspec-expectations (~> 3.10.0)
@ -810,22 +817,22 @@ GEM
    rspec-retry (0.6.2)
      rspec-core (> 3.3)
    rspec-support (3.10.3)
-    rubocop (1.23.0)
+    rubocop (1.24.1)
      parallel (~> 1.10)
      parser (>= 3.0.0.0)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml
-      rubocop-ast (>= 1.12.0, < 2.0)
+      rubocop-ast (>= 1.15.1, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.15.0)
+    rubocop-ast (1.15.1)
      parser (>= 3.0.1.1)
-    rubocop-rails (2.12.4)
+    rubocop-rails (2.13.0)
      activesupport (>= 4.2.0)
      rack (>= 1.1)
      rubocop (>= 1.7.0, < 2.0)
-    rubocop-rspec (2.6.0)
+    rubocop-rspec (2.7.0)
      rubocop (~> 1.19)
    ruby-duration (3.2.3)
      activesupport (>= 3.0.0)
@ -839,9 +846,9 @@ GEM
      nokogiri (>= 1.10.5)
      rexml
    ruby2_keywords (0.0.5)
-    rubytree (1.0.0)
-      json (~> 2.1)
-      structured_warnings (~> 0.3)
+    rubytree (1.0.2)
+      json (~> 2.6.1)
+      structured_warnings (~> 0.4.0)
    rubyzip (2.3.2)
    sanitize (6.0.0)
      crass (~> 1.0.2)
@ -863,21 +870,21 @@ GEM
      rexml (~> 3.2, >= 3.2.5)
      rubyzip (>= 1.2.2)
    semantic (1.6.1)
-    sentry-delayed_job (4.8.1)
+    sentry-delayed_job (4.8.3)
      delayed_job (>= 4.0)
-      sentry-ruby-core (~> 4.8.1)
-    sentry-rails (4.8.1)
+      sentry-ruby-core (~> 4.8.3)
+    sentry-rails (4.8.3)
      railties (>= 5.0)
-      sentry-ruby-core (~> 4.8.1)
-    sentry-ruby (4.8.1)
+      sentry-ruby-core (~> 4.8.3)
+    sentry-ruby (4.8.3)
      concurrent-ruby (~> 1.0, >= 1.0.2)
-      faraday (>= 1.0)
-      sentry-ruby-core (= 4.8.1)
-    sentry-ruby-core (4.8.1)
+      faraday (~> 1.0)
+      sentry-ruby-core (= 4.8.3)
+    sentry-ruby-core (4.8.3)
      concurrent-ruby
      faraday
    shoulda-context (2.0.0)
-    shoulda-matchers (5.0.0)
+    shoulda-matchers (5.1.0)
      activesupport (>= 5.2.0)
    spreadsheet (1.3.0)
      ruby-ole
@ -894,6 +901,7 @@ GEM
    ssrf_filter (1.0.7)
    stackprof (0.2.17)
    stringex (2.8.5)
+    stringio (3.0.1)
    structured_warnings (0.4.0)
    svg-graph (2.2.1)
    swd (1.3.0)
@ -907,7 +915,7 @@ GEM
    terminal-table (3.0.2)
      unicode-display_width (>= 1.1.1, < 3)
    test-prof (1.0.7)
-    thor (1.1.0)
+    thor (1.2.1)
    tilt (2.0.10)
    timecop (0.9.4)
    trailblazer-option (0.1.2)
@ -953,7 +961,7 @@ GEM
      activerecord (>= 4.2)
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    zeitwerk (2.5.1)
+    zeitwerk (2.5.3)

 PLATFORMS
  ruby
@ -961,7 +969,7 @@ PLATFORMS
 DEPENDENCIES
  actionpack-xml_parser (~> 2.0.0)
  activemodel-serializers-xml (~> 1.0.1)
-  activerecord-import (~> 1.2.0)
+  activerecord-import (~> 1.3.0)
  activerecord-nulldb-adapter (~> 0.8.0)
  activerecord-session_store (~> 2.0.0)
  acts_as_list (~> 1.0.1)
@ -974,7 +982,7 @@ DEPENDENCIES
  aws-sdk-s3 (~> 1.91)
  bcrypt (~> 3.1.6)
  bootsnap (~> 1.9.1)
-  brakeman (~> 5.1.0)
+  brakeman (~> 5.2.0)
  browser (~> 5.3.0)
  budgets!
  capybara (~> 3.36.0)
@ -987,7 +995,7 @@ DEPENDENCIES
  compare-xml (~> 0.66)
  costs!
  daemons
-  dalli (~> 3.1.0)
+  dalli (~> 3.2.0)
  danger-brakeman
  dashboards!
  database_cleaner (~> 2.0)
@ -1027,7 +1035,7 @@ DEPENDENCIES
  multi_json (~> 1.15.0)
  my_page!
  net-ldap (~> 0.17.0)
-  nokogiri (~> 1.12.5)
+  nokogiri (~> 1.13.0)
  oj (~> 3.13.0)
  okcomputer (~> 1.18.1)
  omniauth!
@ -1077,7 +1085,7 @@ DEPENDENCIES
  rack_session_access
  rails (~> 6.1.4)
  rails-controller-testing (~> 1.0.2)
-  rails-i18n (~> 6.0.0)
+  rails-i18n (~> 7.0.0)
  rdoc (>= 2.4.2)
  request_store (~> 1.5.0)
  responders (~> 3.0)
@ -1085,7 +1093,7 @@ DEPENDENCIES
  retriable (~> 3.1.1)
  rinku (~> 2.0.4)
  roar (~> 1.1.0)
-  rouge (~> 3.26.0)
+  rouge (~> 3.27.0)
  rspec (~> 3.10.0)
  rspec-rails (~> 5.0.0)
  rspec-retry (~> 0.6.1)
--- a/app/models/custom_actions/actions/serializer.rb
+++ b/app/models/custom_actions/actions/serializer.rb
@ -33,7 +33,7 @@ class CustomActions::Actions::Serializer
    return [] unless value

    YAML
-      .safe_load(value, [Symbol])
+      .safe_load(value, permitted_classes: [Symbol])
      .map do |key, values|
      klass = nil

--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@ -149,7 +149,7 @@ class Setting < ApplicationRecord
  end

  def formatted_value(value)
-    return value unless value.present?
+    return value if value.blank?

    default = @@available_settings[name]

@ -314,7 +314,7 @@ class Setting < ApplicationRecord
    default = @@available_settings[name]

    if default['serialized'] && v.is_a?(String)
-      YAML::load(v)
+      YAML::safe_load(v, permitted_classes: [Symbol, ActiveSupport::HashWithIndifferentAccess, Date, Time])
    elsif v.present?
      read_formatted_setting v, default["format"]
    else
--- a/modules/two_factor_authentication/openproject-two_factor_authentication.gemspec
+++ b/modules/two_factor_authentication/openproject-two_factor_authentication.gemspec
@ -15,5 +15,5 @@ Gem::Specification.new do |s|
  s.add_dependency 'messagebird-rest', '~> 1.4.2'
  s.add_dependency 'rotp', '~> 6.1'

-  s.add_dependency 'aws-sdk-sns', '~> 1.49.0'
+  s.add_dependency 'aws-sdk-sns', '~> 1.50.0'
 end