Merge pull request #30 from EverFi/2908109-mend-security-alerts

Upgrade various Gems to comply with Mend security alerts

Gemfile

@@ -4,14 +4,18 @@ gemspec
 
 gem "rake"
 gem "minitest", ">= 5"
-gem "activerecord", "~> 7.0.0"
-gem "activejob", "~> 7.0.0", require: "active_job"
-gem "actionpack", "~> 7.0.0"
+gem "activerecord", "~> 7.1.0"
+gem "activejob", "~> 7.1.0", require: "active_job"
+gem "actionpack", "~> 7.1.0"
 gem "elasticsearch", "~> 7"
-gem "sqlite3"
+gem 'sqlite3', '~> 1.4'
 gem "gemoji-parser"
-gem "typhoeus"
 gem "redis", "~> 4"
 gem "connection_pool"
 gem "kaminari"
 gem "parallel_tests"
+gem "typhoeus"
+gem 'faraday-httpclient'
+gem 'faraday-net_http_persistent'
+gem 'faraday-net_http'
+gem 'faraday-typhoeus'

Gemfile.lock

@@ -8,78 +8,80 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (7.0.4)
-      actionview (= 7.0.4)
-      activesupport (= 7.0.4)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (7.1.3.2)
+      actionview (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.4)
-      activesupport (= 7.0.4)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actionview (7.1.3.2)
+      activesupport (= 7.1.3.2)
       builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.4)
-      activesupport (= 7.0.4)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activejob (7.1.3.2)
+      activesupport (= 7.1.3.2)
       globalid (>= 0.3.6)
-    activemodel (7.0.4)
-      activesupport (= 7.0.4)
-    activerecord (7.0.4)
-      activemodel (= 7.0.4)
-      activesupport (= 7.0.4)
-    activesupport (7.0.4)
+    activemodel (7.1.3.2)
+      activesupport (= 7.1.3.2)
+    activerecord (7.1.3.2)
+      activemodel (= 7.1.3.2)
+      activesupport (= 7.1.3.2)
+      timeout (>= 0.4.0)
+    activesupport (7.1.3.2)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
+    base64 (0.2.0)
+    bigdecimal (3.1.7)
     builder (3.2.4)
-    concurrent-ruby (1.1.10)
-    connection_pool (2.3.0)
+    concurrent-ruby (1.2.3)
+    connection_pool (2.4.1)
     crass (1.0.6)
-    elasticsearch (7.17.1)
-      elasticsearch-api (= 7.17.1)
-      elasticsearch-transport (= 7.17.1)
-    elasticsearch-api (7.17.1)
+    drb (2.2.1)
+    elasticsearch (7.17.10)
+      elasticsearch-api (= 7.17.10)
+      elasticsearch-transport (= 7.17.10)
+    elasticsearch-api (7.17.10)
       multi_json
-    elasticsearch-transport (7.17.1)
-      faraday (~> 1)
+    elasticsearch-transport (7.17.10)
+      faraday (>= 1, < 3)
       multi_json
-    erubi (1.11.0)
-    ethon (0.15.0)
+    erubi (1.12.0)
+    ethon (0.16.0)
       ffi (>= 1.15.0)
-    faraday (1.10.2)
-      faraday-em_http (~> 1.0)
-      faraday-em_synchrony (~> 1.0)
-      faraday-excon (~> 1.1)
-      faraday-httpclient (~> 1.0)
-      faraday-multipart (~> 1.0)
-      faraday-net_http (~> 1.0)
-      faraday-net_http_persistent (~> 1.0)
-      faraday-patron (~> 1.0)
-      faraday-rack (~> 1.0)
-      faraday-retry (~> 1.0)
-      ruby2_keywords (>= 0.0.4)
-    faraday-em_http (1.0.0)
-    faraday-em_synchrony (1.0.0)
-    faraday-excon (1.1.0)
-    faraday-httpclient (1.0.1)
-    faraday-multipart (1.0.4)
-      multipart-post (~> 2)
-    faraday-net_http (1.0.1)
-    faraday-net_http_persistent (1.2.0)
-    faraday-patron (1.0.0)
-    faraday-rack (1.0.0)
-    faraday-retry (1.0.3)
-    ffi (1.15.5)
-    gemoji (3.0.1)
+    faraday (2.9.0)
+      faraday-net_http (>= 2.0, < 3.2)
+    faraday-httpclient (2.0.1)
+      httpclient (>= 2.2)
+    faraday-net_http (3.1.0)
+      net-http
+    faraday-net_http_persistent (2.1.0)
+      faraday (~> 2.5)
+      net-http-persistent (~> 4.0)
+    faraday-typhoeus (1.1.0)
+      faraday (~> 2.0)
+      typhoeus (~> 1.4)
+    ffi (1.16.3)
+    gemoji (4.1.0)
     gemoji-parser (1.3.1)
       gemoji (>= 2.1.0)
-    globalid (1.0.0)
-      activesupport (>= 5.0)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
     hashie (5.0.0)
-    i18n (1.12.0)
+    httpclient (2.8.3)
+    i18n (1.14.4)
       concurrent-ruby (~> 1.0)
     kaminari (1.2.2)
       activesupport (>= 4.1.0)
@@ -93,61 +95,74 @@ GEM
       activerecord
       kaminari-core (= 1.2.2)
     kaminari-core (1.2.2)
-    loofah (2.19.0)
+    loofah (2.22.0)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    minitest (5.16.3)
+      nokogiri (>= 1.12.0)
+    minitest (5.22.3)
     multi_json (1.15.0)
-    multipart-post (2.2.3)
-    nokogiri (1.13.8-arm64-darwin)
+    mutex_m (0.2.0)
+    net-http (0.4.1)
+      uri
+    net-http-persistent (4.0.2)
+      connection_pool (~> 2.2)
+    nokogiri (1.16.4-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.13.8-x86_64-darwin)
+    nokogiri (1.16.4-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.13.8-x86_64-linux)
+    nokogiri (1.16.4-x86_64-linux)
       racc (~> 1.4)
-    parallel (1.22.1)
-    parallel_tests (3.13.0)
+    parallel (1.24.0)
+    parallel_tests (4.7.1)
       parallel
-    racc (1.6.0)
-    rack (2.2.4)
-    rack-test (2.0.2)
+    racc (1.7.3)
+    rack (3.0.10)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
+    rack-test (2.1.0)
       rack (>= 1.3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
-    rake (13.0.6)
-    redis (4.8.0)
-    ruby2_keywords (0.0.5)
-    sqlite3 (1.5.0-arm64-darwin)
-    sqlite3 (1.5.0-x86_64-darwin)
-    sqlite3 (1.5.0-x86_64-linux)
-    typhoeus (1.4.0)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    rake (13.2.1)
+    redis (4.8.1)
+    sqlite3 (1.7.3-arm64-darwin)
+    sqlite3 (1.7.3-x86_64-darwin)
+    sqlite3 (1.7.3-x86_64-linux)
+    timeout (0.4.1)
+    typhoeus (1.4.1)
       ethon (>= 0.9.0)
-    tzinfo (2.0.5)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
+    uri (0.13.0)
 
 PLATFORMS
   arm64-darwin-21
   x86_64-darwin-22
   x86_64-linux
 
 DEPENDENCIES
-  actionpack (~> 7.0.0)
-  activejob (~> 7.0.0)
-  activerecord (~> 7.0.0)
+  actionpack (~> 7.1.0)
+  activejob (~> 7.1.0)
+  activerecord (~> 7.1.0)
   connection_pool
   elasticsearch (~> 7)
+  faraday-httpclient
+  faraday-net_http
+  faraday-net_http_persistent
+  faraday-typhoeus
   gemoji-parser
   kaminari
   minitest (>= 5)
   parallel_tests
   rake
   redis (~> 4)
   searchkick!
-  sqlite3
+  sqlite3 (~> 1.4)
   typhoeus
 
 BUNDLED WITH
-   2.2.32
+   2.3.12