fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
Crown-Commercial-Service · Dec 29, 2023 · 7843085 · 7843085
1 parent af0ec40
commit 7843085
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/Gemfile b/Gemfile
@@ -16,7 +16,7 @@ gem 'sass-rails', '~> 6.0', '>= 6.0.0'
 
 gem 'sprockets-rails'
 
-gem 'shakapacker', '~> 7.1.0'
+gem 'shakapacker', '~> 7.2.0'
 
 gem 'turbolinks', '~> 5'
 

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -351,7 +351,7 @@ GEM
     net-smtp (0.3.3)
       net-protocol
     nio4r (2.5.9)
-    nokogiri (1.15.5)
+    nokogiri (1.16.0)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     oauth2 (2.0.4)
@@ -383,6 +383,7 @@ GEM
       validate_url
       webfinger (~> 1.2)
     orm_adapter (0.5.0)
+    package_json (0.1.0)
     parallel (1.23.0)
     parser (3.2.2.4)
       ast (~> 2.4.1)
@@ -553,8 +554,9 @@ GEM
       rubyzip (>= 1.2.2, < 3.0)
       websocket (~> 1.0)
     semantic_range (3.0.0)
-    shakapacker (7.1.0)
+    shakapacker (7.2.0)
       activesupport (>= 5.2)
+      package_json
       rack-proxy (>= 0.6.1)
       railties (>= 5.2)
       semantic_range (>= 2.3.0)
@@ -715,7 +717,7 @@ DEPENDENCIES
   rubyzip (>= 1.2.1)
   sass-rails (~> 6.0, >= 6.0.0)
   selenium-webdriver (>= 3.142.3)
-  shakapacker (~> 7.1.0)
+  shakapacker (~> 7.2.0)
   shoulda-matchers (>= 4.2.0)
   show_me_the_cookies (>= 6.0.0)
   sidekiq (~> 7.2.0)
@@ -736,4 +738,4 @@ RUBY VERSION
    ruby 3.2.2p53
 
 BUNDLED WITH
-   2.4.8
+   2.4.6