Skip to content

Commit 71bb62c

Browse files
MichaelPlathanusMichaelPlathanus
authored
fix(security): patch jwt and faraday CVEs reported by Snyk
[Snyk] Fix for 2 vulnerabilities
2 parents 4340fa7 + 6f4b11d commit 71bb62c

2 files changed

Lines changed: 15 additions & 15 deletions

File tree

Gemfile

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -58,9 +58,9 @@ gem 'sidekiq-scheduler'
5858
# Environment variables
5959
gem 'dotenv-rails'
6060

61-
# HTTP client for Riot API — >= 2.14.2 fixes SSRF CVE
61+
# HTTP client for Riot API
6262
gem 'faraday', '>= 2.14.2'
63-
gem 'faraday-retry'
63+
gem 'faraday-retry', '>= 2.4.0'
6464

6565
# Authorization
6666
gem 'pundit'
@@ -80,13 +80,13 @@ gem 'rswag-api'
8080
gem 'rswag-ui'
8181

8282
# Elasticsearch client (for analytics queries)
83-
gem 'elasticsearch', '~> 8.19'
83+
gem 'elasticsearch', '~> 9.0', '>= 9.0.0'
8484

8585
# Meilisearch — full-text search for players, organizations, scouting targets, etc.
8686
gem 'meilisearch', '~> 0.33'
8787

8888
# LLM Integration for Support Chatbot
89-
gem 'ruby-openai', '~> 7.0'
89+
gem 'ruby-openai', '~> 8.0', '>= 8.0.0'
9090

9191
# S3-compatible storage for file uploads (Supabase Storage)
9292
gem 'aws-sdk-s3', '~> 1.0'

Gemfile.lock

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -146,11 +146,11 @@ GEM
146146
elastic-transport (8.5.1)
147147
faraday (< 3)
148148
multi_json
149-
elasticsearch (8.19.3)
149+
elasticsearch (9.4.0)
150150
elastic-transport (~> 8.3)
151-
elasticsearch-api (= 8.19.3)
152-
ostruct
153-
elasticsearch-api (8.19.3)
151+
elasticsearch-api (= 9.4.0)
152+
elasticsearch-api (9.4.0)
153+
base64
154154
multi_json
155155
erb (6.0.4)
156156
erubi (1.13.1)
@@ -172,7 +172,7 @@ GEM
172172
multipart-post (~> 2.0)
173173
faraday-net_http (3.4.2)
174174
net-http (~> 0.5)
175-
faraday-retry (2.3.2)
175+
faraday-retry (2.4.0)
176176
faraday (~> 2.0)
177177
ffi (1.17.4-x86_64-linux-gnu)
178178
ffi-compiler (1.4.2)
@@ -253,7 +253,7 @@ GEM
253253
mini_mime (1.1.5)
254254
minitest (5.27.0)
255255
msgpack (1.8.0)
256-
multi_json (1.20.1)
256+
multi_json (1.21.1)
257257
multi_xml (0.8.1)
258258
bigdecimal (>= 3.1, < 5)
259259
multipart-post (2.4.1)
@@ -417,7 +417,7 @@ GEM
417417
rubocop-rspec (3.7.0)
418418
lint_roller (~> 1.1)
419419
rubocop (~> 1.72, >= 1.72.1)
420-
ruby-openai (7.4.0)
420+
ruby-openai (8.3.0)
421421
event_stream_parser (>= 0.3.0, < 2.0.0)
422422
faraday (>= 1)
423423
faraday-multipart (>= 1)
@@ -490,11 +490,11 @@ DEPENDENCIES
490490
database_cleaner-active_record
491491
debug
492492
dotenv-rails
493-
elasticsearch (~> 8.19)
493+
elasticsearch (~> 9.0, >= 9.0.0)
494494
factory_bot_rails
495495
faker
496496
faraday (>= 2.14.2)
497-
faraday-retry
497+
faraday-retry (>= 2.4.0)
498498
hashid-rails (~> 1.0)
499499
jwt (>= 3.2.0)
500500
kamal (~> 2.0)
@@ -519,7 +519,7 @@ DEPENDENCIES
519519
rubocop
520520
rubocop-rails
521521
rubocop-rspec
522-
ruby-openai (~> 7.0)
522+
ruby-openai (~> 8.0, >= 8.0.0)
523523
securerandom
524524
shoulda-matchers
525525
sidekiq (~> 7.0)
@@ -533,4 +533,4 @@ RUBY VERSION
533533
ruby 3.4.8p72
534534

535535
BUNDLED WITH
536-
2.3.27
536+
2.6.9

0 commit comments

Comments
 (0)