Update dependencies for CVEs

* Puma 6 did not receive CVE updates, so we update to 7.

* Add turbolinks so that assets can still precompile without cache.

* Patch-level updates for various other Gems to fix security isuses.

Author: awilfox

Gemfile

@@ -17,11 +17,12 @@ gem 'mysql2', '~> 0.5.4'
 gem 'nokogiri', '~> 1.18'
 gem 'okcomputer', '~> 1.19'
 gem 'ougai', '~> 1.8'
-gem 'puma', '~> 6.6.1'
+gem 'puma', '~> 7.2.1'
 gem 'puma-plugin-delayed_stop', '~> 0.1.2'
 gem 'rails', '~> 8.0.0'
 gem 'rake'
 gem 'sass-rails', '>= 6'
+gem 'turbolinks'
 gem 'webpacker', '~> 5.4.3'
 gem 'will_paginate'
 

Gemfile.lock

@@ -72,7 +72,7 @@ GEM
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
       uri (>= 0.13.1)
-    addressable (2.8.8)
+    addressable (2.9.0)
       public_suffix (>= 2.0.2, < 8.0)
     amazing_print (1.8.1)
     ast (2.4.3)
@@ -87,12 +87,12 @@ GEM
       colorize (~> 0.8.1)
       lograge (~> 0.11)
       ougai (~> 1.8)
-    bigdecimal (4.0.1)
+    bigdecimal (4.1.2)
     bindex (0.8.1)
     bootstrap-sass (3.4.1)
       autoprefixer-rails (>= 5.2.1)
       sassc (>= 2.0.0)
-    brakeman (8.0.4)
+    brakeman (8.0.5)
       racc
     builder (3.3.0)
     bundler-audit (0.9.2)
@@ -116,14 +116,14 @@ GEM
       execjs
     coffee-script-source (1.12.2)
     colorize (0.8.1)
-    concurrent-ruby (1.3.6)
+    concurrent-ruby (1.3.7)
     connection_pool (3.0.2)
     crass (1.0.6)
     date (3.5.1)
     diff-lcs (1.6.2)
     docile (1.4.1)
     drb (2.2.3)
-    erb (6.0.2)
+    erb (6.0.4)
     erubi (1.13.1)
     execjs (2.10.0)
     ffi (1.17.2-aarch64-linux-gnu)
@@ -177,7 +177,7 @@ GEM
       prism (~> 1.5)
     mysql2 (0.5.7)
       bigdecimal
-    net-imap (0.6.3)
+    net-imap (0.6.4.1)
       date
       net-protocol
     net-pop (0.1.2)
@@ -187,13 +187,13 @@ GEM
     net-smtp (0.5.1)
       net-protocol
     nio4r (2.7.5)
-    nokogiri (1.19.2-aarch64-linux-gnu)
+    nokogiri (1.19.4-aarch64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.19.2-arm64-darwin)
+    nokogiri (1.19.4-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.19.2-x86_64-linux-gnu)
+    nokogiri (1.19.4-x86_64-linux-gnu)
       racc (~> 1.4)
-    oj (3.16.12)
+    oj (3.17.3)
       bigdecimal (>= 3.0)
       ostruct (>= 0.2)
     okcomputer (1.19.1)
@@ -212,16 +212,16 @@ GEM
     psych (5.3.1)
       date
       stringio
-    public_suffix (7.0.0)
-    puma (6.6.1)
+    public_suffix (7.0.5)
+    puma (7.2.1)
       nio4r (~> 2.0)
     puma-plugin-delayed_stop (0.1.2)
       puma (>= 5.0, < 8)
     racc (1.8.1)
-    rack (3.2.5)
+    rack (3.2.6)
     rack-proxy (0.7.7)
       rack
-    rack-session (2.1.1)
+    rack-session (2.1.2)
       base64 (>= 0.1.0)
       rack (>= 3.0.0)
     rack-test (2.2.0)
@@ -363,6 +363,9 @@ GEM
     tilt (2.6.1)
     timeout (0.6.1)
     tsort (0.2.0)
+    turbolinks (5.2.1)
+      turbolinks-source (~> 5.2)
+    turbolinks-source (5.2.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (3.2.0)
@@ -393,6 +396,7 @@ GEM
 PLATFORMS
   aarch64-linux-gnu
   arm64-darwin-23
+  arm64-darwin-24
   x86_64-linux
 
 DEPENDENCIES
@@ -414,7 +418,7 @@ DEPENDENCIES
   nokogiri (~> 1.18)
   okcomputer (~> 1.19)
   ougai (~> 1.8)
-  puma (~> 6.6.1)
+  puma (~> 7.2.1)
   puma-plugin-delayed_stop (~> 0.1.2)
   rails (~> 8.0.0)
   rake
@@ -429,6 +433,7 @@ DEPENDENCIES
   selenium-webdriver
   simplecov
   simplecov-rcov
+  turbolinks
   web-console (>= 3.3.0)
   webpacker (~> 5.4.3)
   will_paginate