diff --git a/Gemfile.lock b/Gemfile.lock index 59638474..6fd75eac 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -59,25 +59,25 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.2.8) - actionpack (= 5.2.8) + actioncable (5.2.8.1) + actionpack (= 5.2.8.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.8) - actionpack (= 5.2.8) - actionview (= 5.2.8) - activejob (= 5.2.8) + actionmailer (5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.8) - actionview (= 5.2.8) - activesupport (= 5.2.8) + actionpack (5.2.8.1) + actionview (= 5.2.8.1) + activesupport (= 5.2.8.1) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.8) - activesupport (= 5.2.8) + actionview (5.2.8.1) + activesupport (= 5.2.8.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -87,28 +87,28 @@ GEM activemodel (>= 4.1, < 7.1) case_transform (>= 0.2) jsonapi-renderer (>= 0.1.1.beta1, < 0.3) - activejob (5.2.8) - activesupport (= 5.2.8) + activejob (5.2.8.1) + activesupport (= 5.2.8.1) globalid (>= 0.3.6) - activemodel (5.2.8) - activesupport (= 5.2.8) - activerecord (5.2.8) - activemodel (= 5.2.8) - activesupport (= 5.2.8) + activemodel (5.2.8.1) + activesupport (= 5.2.8.1) + activerecord (5.2.8.1) + activemodel (= 5.2.8.1) + activesupport (= 5.2.8.1) arel (>= 9.0) - activestorage (5.2.8) - actionpack (= 5.2.8) - activerecord (= 5.2.8) + activestorage (5.2.8.1) + actionpack (= 5.2.8.1) + activerecord (= 5.2.8.1) marcel (~> 1.0.0) - activesupport (5.2.8) + activesupport (5.2.8.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) acts_as_tree (2.9.1) activerecord (>= 3.0.0) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) apivore (1.6.2) actionpack (>= 4, < 6) hashie (~> 3.3) @@ -130,12 +130,12 @@ GEM bindex (0.8.1) binding_of_caller (1.0.0) debug_inspector (>= 0.0.1) - bootsnap (1.11.1) + bootsnap (1.13.0) msgpack (~> 1.2) bootstrap-datepicker-rails (1.9.0.1) railties (>= 3.0) builder (3.2.4) - bullet (7.0.1) + bullet (7.0.3) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) capybara (3.36.0) @@ -160,7 +160,7 @@ GEM coffee-script-source (1.12.2) commonjs (0.2.7) concurrent-ruby (1.1.10) - connection_pool (2.2.5) + connection_pool (2.3.0) content_for_in_controllers (0.0.2) crass (1.0.6) daemons (1.4.1) @@ -180,15 +180,14 @@ GEM railties (>= 5.2) rainbow (>= 2.1.0) diff-lcs (1.5.0) - diffy (3.4.0) + diffy (3.4.2) docile (1.4.0) - doorkeeper (5.5.4) + doorkeeper (5.6.0) railties (>= 5) - doorkeeper-i18n (5.2.3) + doorkeeper-i18n (5.2.5) doorkeeper (>= 5.2) email_reply_trimmer (0.1.13) - erubi (1.10.0) - erubis (2.7.0) + erubi (1.11.0) eventmachine (1.2.7) exception_notification (4.5.0) actionmailer (>= 5.2, < 8) @@ -200,33 +199,28 @@ GEM factory_bot_rails (6.2.0) factory_bot (~> 6.2.0) railties (>= 5.0.0) - faker (2.21.0) + faker (2.22.0) i18n (>= 1.8.11, < 2) ffi (1.15.5) gaffe (1.2.0) rails (>= 4.0.0) globalid (1.0.0) activesupport (>= 5.0) - haml (5.2.2) - temple (>= 0.8.0) + haml (6.0.5) + temple (>= 0.8.2) + thor tilt - haml-rails (2.0.1) + haml-rails (2.1.0) actionpack (>= 5.1) activesupport (>= 5.1) - haml (>= 4.0.6, < 6.0) - html2haml (>= 1.0.1) + haml (>= 4.0.6) railties (>= 5.1) has_scope (0.8.0) actionpack (>= 5.2) activesupport (>= 5.2) hashie (3.4.6) - html2haml (2.2.0) - erubis (~> 2.7.0) - haml (>= 4.0, < 6) - nokogiri (>= 1.6.0) - ruby_parser (~> 3.5) htmlentities (4.3.4) - i18n (1.10.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) i18n-js (3.0.11) i18n (>= 0.6.6, < 2) @@ -271,7 +265,7 @@ GEM listen (3.7.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.18.0) + loofah (2.19.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -298,15 +292,15 @@ GEM mime-types-data (3.2022.0105) mini_mime (1.1.2) mini_portile2 (2.8.0) - minitest (5.15.0) + minitest (5.16.3) mono_logger (1.1.1) - msgpack (1.5.2) + msgpack (1.6.0) multi_json (1.15.0) - mustermann (1.1.1) + mustermann (3.0.0) ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) nio4r (2.5.8) - nokogiri (1.13.6) + nokogiri (1.13.8) mini_portile2 (~> 2.8.0) racc (~> 1.4) parallel (1.22.1) @@ -328,38 +322,38 @@ GEM pry-stack_explorer (0.6.1) binding_of_caller (~> 1.0) pry (~> 0.13) - public_suffix (4.0.7) - puma (5.6.4) + public_suffix (5.0.0) + puma (5.6.5) nio4r (~> 2.0) racc (1.6.0) - rack (2.2.3.1) + rack (2.2.4) rack-contrib (2.3.0) rack (~> 2.0) rack-cors (1.1.1) rack (>= 2.0.0) - rack-protection (2.2.0) + rack-protection (3.0.2) rack - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (5.2.8) - actioncable (= 5.2.8) - actionmailer (= 5.2.8) - actionpack (= 5.2.8) - actionview (= 5.2.8) - activejob (= 5.2.8) - activemodel (= 5.2.8) - activerecord (= 5.2.8) - activestorage (= 5.2.8) - activesupport (= 5.2.8) + rack-test (2.0.2) + rack (>= 1.3) + rails (5.2.8.1) + actioncable (= 5.2.8.1) + actionmailer (= 5.2.8.1) + actionpack (= 5.2.8.1) + actionview (= 5.2.8.1) + activejob (= 5.2.8.1) + activemodel (= 5.2.8.1) + activerecord (= 5.2.8.1) + activestorage (= 5.2.8.1) + activesupport (= 5.2.8.1) bundler (>= 1.3.0) - railties (= 5.2.8) + railties (= 5.2.8.1) sprockets-rails (>= 2.0.0) rails-assets-listjs (0.2.0.beta.4) railties (>= 3.1) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.2) + rails-html-sanitizer (1.4.3) loofah (~> 2.3) rails-i18n (5.1.3) i18n (>= 0.7, < 2) @@ -368,9 +362,9 @@ GEM rails (>= 4.2.0) rails_tokeninput (1.7.0) railties (>= 3.1.0) - railties (5.2.8) - actionpack (= 5.2.8) - activesupport (= 5.2.8) + railties (5.2.8.1) + actionpack (= 5.2.8.1) + activesupport (= 5.2.8.1) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) @@ -380,7 +374,7 @@ GEM activerecord (>= 5.2.4) activesupport (>= 5.2.4) i18n - rb-fsevent (0.11.1) + rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) recurring_select (3.0.0) @@ -389,15 +383,18 @@ GEM jquery-rails (>= 3.0) rails (>= 5.2) sass-rails (>= 4.0) - redis (4.6.0) - redis-namespace (1.8.2) - redis (>= 3.0.4) + redis (5.0.5) + redis-client (>= 0.9.0) + redis-client (0.9.0) + connection_pool + redis-namespace (1.9.0) + redis (>= 4) ref (2.0.0) - regexp_parser (2.4.0) + regexp_parser (2.6.0) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) - resque (2.2.1) + resque (2.4.0) mono_logger (~> 1.0) multi_json (~> 1.0) redis-namespace (~> 1.6) @@ -416,7 +413,7 @@ GEM rspec-mocks (~> 3.11.0) rspec-core (3.11.0) rspec-support (~> 3.11.0) - rspec-expectations (3.11.0) + rspec-expectations (3.11.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.11.0) rspec-mocks (3.11.1) @@ -432,7 +429,7 @@ GEM rspec-support (~> 3.10) rspec-rerun (1.1.0) rspec (~> 3.0) - rspec-support (3.11.0) + rspec-support (3.11.1) rubocop (1.36.0) json (~> 2.3) parallel (~> 1.10) @@ -455,10 +452,8 @@ GEM ruby-ole (1.2.12.2) ruby-prof (1.4.3) ruby-progressbar (1.11.0) - ruby-units (2.3.2) + ruby-units (3.0.0) ruby2_keywords (0.0.5) - ruby_parser (3.19.1) - sexp_processor (~> 4.16) rubyzip (2.3.2) sass-rails (6.0.0) sassc-rails (~> 2.1, >= 2.1.1) @@ -471,7 +466,6 @@ GEM sprockets-rails tilt select2-rails (4.0.13) - sexp_processor (4.16.1) simple-navigation (3.14.0) activesupport (>= 2.3.2) simple-navigation-bootstrap (1.0.2) @@ -487,10 +481,10 @@ GEM simplecov-html (0.12.3) simplecov-lcov (0.8.0) simplecov_json_formatter (0.1.4) - sinatra (2.2.0) - mustermann (~> 1.0) - rack (~> 2.2) - rack-protection (= 2.2.0) + sinatra (3.0.2) + mustermann (~> 3.0) + rack (~> 2.2, >= 2.2.4) + rack-protection (= 3.0.2) tilt (~> 2.0) skinny (0.2.2) eventmachine (~> 1.0) @@ -518,7 +512,7 @@ GEM rack (>= 1, < 3) thor (1.2.1) thread_safe (0.3.6) - tilt (2.0.10) + tilt (2.0.11) ttfunk (1.7.0) twitter-bootstrap-rails (2.2.8) actionpack (>= 3.1) @@ -527,14 +521,14 @@ GEM railties (>= 3.1) twitter-text (1.14.7) unf (~> 0.1.0) - tzinfo (1.2.9) + tzinfo (1.2.10) thread_safe (~> 0.1) uglifier (4.2.0) execjs (>= 0.3.0, < 3) unf (0.1.4) unf_ext unf_ext (0.0.8.2) - unicode-display_width (2.1.0) + unicode-display_width (2.3.0) uniform_notifier (1.16.0) web-console (3.7.0) actionview (>= 5.0) diff --git a/config/application.rb b/config/application.rb index 08433d63..544e534c 100644 --- a/config/application.rb +++ b/config/application.rb @@ -36,6 +36,9 @@ module Foodsoft # Configure the default encoding used in templates for Ruby 1.9. config.encoding = "utf-8" + # TODO: Remove this. See CVE-2022-32224 for details. + config.active_record.yaml_column_permitted_classes = [BigDecimal, Date, Symbol, Time] + # Enable escaping HTML in JSON. config.active_support.escape_html_entities_in_json = true