From 32a63eabba6d8867becf41492bd4e37359c3c91b Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Wed, 24 Jun 2026 12:23:08 -0500 Subject: [PATCH] Update dependencies for CVEs * Puma 6 did not receive CVE updates, so we update to 7. * Add turbolinks so that assets can still precompile without cache. * Patch-level updates for various other Gems to fix security isuses. --- Gemfile | 3 ++- Gemfile.lock | 35 ++++++++++++++++++++--------------- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/Gemfile b/Gemfile index 7a1f184..4c3dcf5 100644 --- a/Gemfile +++ b/Gemfile @@ -17,11 +17,12 @@ gem 'mysql2', '~> 0.5.4' gem 'nokogiri', '~> 1.18' gem 'okcomputer', '~> 1.19' gem 'ougai', '~> 1.8' -gem 'puma', '~> 6.6.1' +gem 'puma', '~> 7.2.1' gem 'puma-plugin-delayed_stop', '~> 0.1.2' gem 'rails', '~> 8.0.0' gem 'rake' gem 'sass-rails', '>= 6' +gem 'turbolinks' gem 'webpacker', '~> 5.4.3' gem 'will_paginate' diff --git a/Gemfile.lock b/Gemfile.lock index 558f54c..d098439 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -72,7 +72,7 @@ GEM securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) uri (>= 0.13.1) - addressable (2.8.8) + addressable (2.9.0) public_suffix (>= 2.0.2, < 8.0) amazing_print (1.8.1) ast (2.4.3) @@ -87,12 +87,12 @@ GEM colorize (~> 0.8.1) lograge (~> 0.11) ougai (~> 1.8) - bigdecimal (4.0.1) + bigdecimal (4.1.2) bindex (0.8.1) bootstrap-sass (3.4.1) autoprefixer-rails (>= 5.2.1) sassc (>= 2.0.0) - brakeman (8.0.4) + brakeman (8.0.5) racc builder (3.3.0) bundler-audit (0.9.2) @@ -116,14 +116,14 @@ GEM execjs coffee-script-source (1.12.2) colorize (0.8.1) - concurrent-ruby (1.3.6) + concurrent-ruby (1.3.7) connection_pool (3.0.2) crass (1.0.6) date (3.5.1) diff-lcs (1.6.2) docile (1.4.1) drb (2.2.3) - erb (6.0.2) + erb (6.0.4) erubi (1.13.1) execjs (2.10.0) ffi (1.17.2-aarch64-linux-gnu) @@ -177,7 +177,7 @@ GEM prism (~> 1.5) mysql2 (0.5.7) bigdecimal - net-imap (0.6.3) + net-imap (0.6.4.1) date net-protocol net-pop (0.1.2) @@ -187,13 +187,13 @@ GEM net-smtp (0.5.1) net-protocol nio4r (2.7.5) - nokogiri (1.19.2-aarch64-linux-gnu) + nokogiri (1.19.4-aarch64-linux-gnu) racc (~> 1.4) - nokogiri (1.19.2-arm64-darwin) + nokogiri (1.19.4-arm64-darwin) racc (~> 1.4) - nokogiri (1.19.2-x86_64-linux-gnu) + nokogiri (1.19.4-x86_64-linux-gnu) racc (~> 1.4) - oj (3.16.12) + oj (3.17.3) bigdecimal (>= 3.0) ostruct (>= 0.2) okcomputer (1.19.1) @@ -212,16 +212,16 @@ GEM psych (5.3.1) date stringio - public_suffix (7.0.0) - puma (6.6.1) + public_suffix (7.0.5) + puma (7.2.1) nio4r (~> 2.0) puma-plugin-delayed_stop (0.1.2) puma (>= 5.0, < 8) racc (1.8.1) - rack (3.2.5) + rack (3.2.6) rack-proxy (0.7.7) rack - rack-session (2.1.1) + rack-session (2.1.2) base64 (>= 0.1.0) rack (>= 3.0.0) rack-test (2.2.0) @@ -363,6 +363,9 @@ GEM tilt (2.6.1) timeout (0.6.1) tsort (0.2.0) + turbolinks (5.2.1) + turbolinks-source (~> 5.2) + turbolinks-source (5.2.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) unicode-display_width (3.2.0) @@ -393,6 +396,7 @@ GEM PLATFORMS aarch64-linux-gnu arm64-darwin-23 + arm64-darwin-24 x86_64-linux DEPENDENCIES @@ -414,7 +418,7 @@ DEPENDENCIES nokogiri (~> 1.18) okcomputer (~> 1.19) ougai (~> 1.8) - puma (~> 6.6.1) + puma (~> 7.2.1) puma-plugin-delayed_stop (~> 0.1.2) rails (~> 8.0.0) rake @@ -429,6 +433,7 @@ DEPENDENCIES selenium-webdriver simplecov simplecov-rcov + turbolinks web-console (>= 3.3.0) webpacker (~> 5.4.3) will_paginate