fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-CARRIERWAVE-6095123
qkunst · Nov 30, 2023 · 99c992e · 99c992e
1 parent 9b494a7
commit 99c992e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/Gemfile b/Gemfile
@@ -48,7 +48,7 @@ gem "pg"
 gem "devise" # , git: "https://github.com/heartcombo/devise.git"
 # gem 'omniauth-facebook'
 # gem 'omniauth-google-oauth2'
-gem "carrierwave"
+gem "carrierwave", ">= 2.2.5"
 gem "carrierwave-imageoptimizer"
 gem "mini_magick" # transforming images
 gem "nokogiri"

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -168,7 +168,7 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
-    carrierwave (2.2.4)
+    carrierwave (2.2.5)
       activemodel (>= 5.0.0)
       activesupport (>= 5.0.0)
       addressable (~> 2.6)
@@ -362,7 +362,7 @@ GEM
       ast (~> 2.4.1)
       racc
     pg (1.5.4)
-    public_suffix (5.0.3)
+    public_suffix (5.0.4)
     puma (6.4.0)
       nio4r (~> 2.0)
     raabro (1.4.0)
@@ -474,7 +474,7 @@ GEM
       rubocop-ast (>= 0.4.0)
     ruby-ole (1.2.12.2)
     ruby-progressbar (1.13.0)
-    ruby-vips (2.1.4)
+    ruby-vips (2.2.0)
       ffi (~> 1.12)
     ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
@@ -606,7 +606,7 @@ DEPENDENCIES
   capistrano-rbenv
   capistrano-sidekiq
   capybara
-  carrierwave
+  carrierwave (>= 2.2.5)
   carrierwave-imageoptimizer
   daemons
   dalli