Dependency updates (#2937)

* Dependency update for javascript vulnerabilities
DFE-Digital · Aug 7, 2023 · 22e771c · 22e771c
1 parent 291e646
commit 22e771c
Show file tree

Hide file tree

Showing 4 changed files with 93 additions and 70 deletions.
diff --git a/Gemfile b/Gemfile
@@ -15,7 +15,7 @@ gem 'pg', '>= 0.18', '< 2.0'
 gem 'pg_search'
 
 # PostGIS adapter for Active Record
-gem 'activerecord-postgis-adapter'
+gem 'activerecord-postgis-adapter', '8.0.2'
 gem 'breasal'
 gem 'geocoder'
 
@@ -87,7 +87,7 @@ gem 'activerecord-import'
 # See https://github.com/adzap/validates_timeliness/pull/213
 gem "validates_timeliness", github: "mitsuru/validates_timeliness", ref: "f28a625"
 
-gem "get_into_teaching_api_client_faraday", github: "DFE-Digital/get-into-teaching-api-ruby-client", require: "api/client"
+gem "get_into_teaching_api_client_faraday", github: "DFE-Digital/get-into-teaching-api-ruby-client", ref: "6619b0f", require: "api/client"
 
 # See https://github.com/mikel/mail/pull/1439
 gem 'net-smtp', require: false
@@ -119,7 +119,7 @@ group :development, :test do
   gem 'rspec-rails', '~> 6.0.1'
   gem 'rspec-sonarqube-formatter'
 
-  gem 'brakeman', '>= 5.2.3'
+  gem 'brakeman', '>= 6.0.1'
 
   gem 'bullet'
 
@@ -128,7 +128,7 @@ end
 
 group :development do
   # Access an interactive console on exception pages or by calling 'console' anywhere in the code.
-  gem 'listen', '>= 3.0.5'
+  gem 'listen', '>= 3.8.0'
   gem 'web-console', '>= 4.2.0'
 
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
@@ -146,7 +146,7 @@ group :test do
 
   gem 'selenium-webdriver'
 
-  gem 'cucumber-rails', '>= 2.4.0', require: false
+  gem 'cucumber-rails', '>= 2.6.1', require: false
   gem 'database_cleaner'
 
   gem 'rails-controller-testing', '>= 1.0.5'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -9,11 +9,12 @@ GIT
 
 GIT
   remote: https://github.com/DFE-Digital/get-into-teaching-api-ruby-client.git
-  revision: a7a90dcad3504755cde124a7e180cdc9e6211c2d
+  revision: 6619b0f9e00db68618deb05ef493930d2dff3b5d
+  ref: 6619b0f
   specs:
-    get_into_teaching_api_client (3.2.0)
+    get_into_teaching_api_client (3.3.0)
       faraday (~> 1.0, >= 1.0.1)
-    get_into_teaching_api_client_faraday (3.2.0)
+    get_into_teaching_api_client_faraday (3.3.0)
       activesupport
       faraday
       faraday-encoding
@@ -103,7 +104,7 @@ GEM
       activesupport (= 7.0.4.3)
     activerecord-import (1.4.1)
       activerecord (>= 4.2)
-    activerecord-postgis-adapter (8.0.1)
+    activerecord-postgis-adapter (8.0.2)
       activerecord (~> 7.0.0)
       rgeo-activerecord (~> 7.0.0)
     activestorage (7.0.4.3)
@@ -132,7 +133,7 @@ GEM
     bindex (0.8.1)
     bootsnap (1.16.0)
       msgpack (~> 1.2)
-    brakeman (5.4.1)
+    brakeman (6.0.1)
     breasal (0.0.1)
     builder (3.2.4)
     bullet (7.0.4)
@@ -158,44 +159,38 @@ GEM
     crack (0.4.5)
       rexml
     crass (1.0.6)
-    cucumber (7.1.0)
+    cucumber (8.0.0)
       builder (~> 3.2, >= 3.2.4)
-      cucumber-core (~> 10.1, >= 10.1.0)
-      cucumber-create-meta (~> 6.0, >= 6.0.1)
-      cucumber-cucumber-expressions (~> 14.0, >= 14.0.0)
-      cucumber-gherkin (~> 22.0, >= 22.0.0)
-      cucumber-html-formatter (~> 17.0, >= 17.0.0)
-      cucumber-messages (~> 17.1, >= 17.1.1)
-      cucumber-wire (~> 6.2, >= 6.2.0)
-      diff-lcs (~> 1.4, >= 1.4.4)
-      mime-types (~> 3.3, >= 3.3.1)
-      multi_test (~> 0.1, >= 0.1.2)
+      cucumber-ci-environment (~> 9.0, >= 9.0.4)
+      cucumber-core (~> 11.0, >= 11.0.0)
+      cucumber-cucumber-expressions (~> 15.1, >= 15.1.1)
+      cucumber-gherkin (~> 23.0, >= 23.0.1)
+      cucumber-html-formatter (~> 19.1, >= 19.1.0)
+      cucumber-messages (~> 18.0, >= 18.0.0)
+      diff-lcs (~> 1.5, >= 1.5.0)
+      mime-types (~> 3.4, >= 3.4.1)
+      multi_test (~> 1.1, >= 1.1.0)
       sys-uname (~> 1.2, >= 1.2.2)
-    cucumber-core (10.1.1)
-      cucumber-gherkin (~> 22.0, >= 22.0.0)
-      cucumber-messages (~> 17.1, >= 17.1.1)
+    cucumber-ci-environment (9.2.0)
+    cucumber-core (11.0.0)
+      cucumber-gherkin (~> 23.0, >= 23.0.1)
+      cucumber-messages (~> 18.0, >= 18.0.0)
       cucumber-tag-expressions (~> 4.1, >= 4.1.0)
-    cucumber-create-meta (6.0.4)
-      cucumber-messages (~> 17.1, >= 17.1.1)
-      sys-uname (~> 1.2, >= 1.2.2)
-    cucumber-cucumber-expressions (14.0.0)
-    cucumber-gherkin (22.0.0)
-      cucumber-messages (~> 17.1, >= 17.1.1)
-    cucumber-html-formatter (17.0.0)
-      cucumber-messages (~> 17.1, >= 17.1.0)
-    cucumber-messages (17.1.1)
-    cucumber-rails (2.5.1)
+    cucumber-cucumber-expressions (15.2.0)
+    cucumber-gherkin (23.0.1)
+      cucumber-messages (~> 18.0, >= 18.0.0)
+    cucumber-html-formatter (19.2.0)
+      cucumber-messages (~> 18.0, >= 18.0.0)
+    cucumber-messages (18.0.0)
+    cucumber-rails (2.6.1)
       capybara (>= 2.18, < 4)
-      cucumber (>= 3.2, < 8)
+      cucumber (>= 3.2, < 9)
       mime-types (~> 3.3)
       nokogiri (~> 1.10)
       railties (>= 5.0, < 8)
       rexml (~> 3.0)
       webrick (~> 1.7)
     cucumber-tag-expressions (4.1.0)
-    cucumber-wire (6.2.1)
-      cucumber-core (~> 10.1, >= 10.1.0)
-      cucumber-cucumber-expressions (~> 14.0, >= 14.0.0)
     daemons (1.4.1)
     database_cleaner (2.0.2)
       database_cleaner-active_record (>= 2, < 3)
@@ -237,7 +232,7 @@ GEM
     faraday-encoding (0.0.5)
       faraday
     faraday-excon (1.1.0)
-    faraday-http-cache (2.4.1)
+    faraday-http-cache (2.5.0)
       faraday (>= 0.8)
     faraday-httpclient (1.0.1)
     faraday-multipart (1.0.4)
@@ -327,7 +322,7 @@ GEM
     kaminari-core (1.2.2)
     launchy (2.5.0)
       addressable (~> 2.7)
-    listen (3.7.1)
+    listen (3.8.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     loofah (2.21.3)
@@ -346,12 +341,12 @@ GEM
     method_source (1.0.0)
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2022.0105)
+    mime-types-data (3.2023.0218.1)
     mini_mime (1.1.2)
     minitest (5.18.0)
     msgpack (1.7.1)
     multi_json (1.15.0)
-    multi_test (0.1.2)
+    multi_test (1.1.0)
     multipart-post (2.3.0)
     net-imap (0.3.4)
       date
@@ -459,7 +454,7 @@ GEM
       zeitwerk (~> 2.5)
     rainbow (3.1.1)
     rake (13.0.6)
-    rb-fsevent (0.11.1)
+    rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     redis (4.8.1)
@@ -591,7 +586,7 @@ GEM
       activesupport (>= 3)
       attr_required (>= 0.0.5)
       httpclient (>= 2.4)
-    sys-uname (1.2.2)
+    sys-uname (1.2.3)
       ffi (~> 1.1)
     thor (1.2.2)
     timeliness (0.4.4)
@@ -660,20 +655,20 @@ PLATFORMS
 DEPENDENCIES
   actionpack-cloudfront (>= 1.2.0)
   activerecord-import
-  activerecord-postgis-adapter
+  activerecord-postgis-adapter (= 8.0.2)
   acts_as_list
   addressable
   amazing_print
   application_insights!
   bootsnap (>= 1.1.0)
-  brakeman (>= 5.2.3)
+  brakeman (>= 6.0.1)
   breasal
   bullet
   byebug
   capybara (>= 3.38.0)
   capybara-screenshot
   connection_pool
-  cucumber-rails (>= 2.4.0)
+  cucumber-rails (>= 2.6.1)
   daemons
   database_cleaner
   dfe-analytics!
@@ -689,10 +684,9 @@ DEPENDENCIES
   invisible_captcha (>= 2.0.0)
   json (>= 2.3.0)
   kaminari
-  listen (>= 3.0.5)
+  listen (>= 3.8.0)
   meta-tags (~> 2.17)
   net-smtp
-  nokogiri (>= 1.15.3)
   notifications-ruby-client
   openid_connect
   parallel_tests

diff --git a/package.json b/package.json
@@ -10,7 +10,7 @@
     "@babel/plugin-proposal-private-methods": "7.18.6",
     "@babel/plugin-transform-function-name": "^7.22.5",
     "@babel/helper-compilation-targets": "7.22.6",
-    "@babel/preset-env":  "^7.22.7",
+    "@babel/preset-env":  "^7.22.9",
     "@babel/runtime": "^7.22.3",
     "@googlemaps/js-api-loader": "^1.15.1",
     "@stimulus/polyfills": "^2.0.0",
@@ -28,17 +28,17 @@
     "json5": "2.2.3",
     "mini-css-extract-plugin": "^2.7.6",
     "postcss-preset-env": "^6.7.1",
-    "sass": "^1.63.4",
+    "sass": "^1.64.2",
     "sass-loader": "^13.3.2",
     "semver": "^7.5.2",
     "shakapacker": "6.6.0",
     "stimulus": "^3.2.1",
-    "style-loader": "^3.3.2",
+    "style-loader": "^3.3.3",
     "terser-webpack-plugin": "^5.3.9",
     "webpack": "^5.69.1",
     "webpack-assets-manifest": "^5.1.0",
     "webpack-cli": "^5.1.4",
-    "webpack-merge": "^5.8.0",
+    "webpack-merge": "^5.9.0",
     "webpack-sources": "^3.2.3"
   },
   "devDependencies": {

diff --git a/yarn.lock b/yarn.lock
@@ -51,6 +51,11 @@
   resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.22.5.tgz#b1f6c86a02d85d2dd3368a2b67c09add8cd0c255"
   integrity sha512-4Jc/YuIaYqKnDDz892kPIledykKg12Aw1PYX5i/TY28anJtacvM1Rrr8wbieB9GfEJwlzqT0hUEao0CxEebiDA==
 
+"@babel/compat-data@^7.22.9":
+  version "7.22.9"
+  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.22.9.tgz#71cdb00a1ce3a329ce4cbec3a44f9fef35669730"
+  integrity sha512-5UamI7xkUcJ3i9qVDS+KFDEK8/7oJ55/sJMB1Ge7IEapr7KfdfV/HErR+koZwOfd+SgtFKOKRhRakdg++DcJpQ==
+
 "@babel/core@^7.11.6":
   version "7.17.10"
   resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.17.10.tgz#74ef0fbf56b7dfc3f198fc2d927f4f03e12f4b05"
@@ -222,6 +227,17 @@
     lru-cache "^5.1.1"
     semver "^6.3.0"
 
+"@babel/helper-compilation-targets@^7.22.9":
+  version "7.22.9"
+  resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.22.9.tgz#f9d0a7aaaa7cd32a3f31c9316a69f5a9bcacb892"
+  integrity sha512-7qYrNM6HjpnPHJbopxmb8hSPoZ0gsX8IvUS32JGVoy+pU9e5N0nLr1VjJoR6kA4d9dmGLxNYOjeB8sUDal2WMw==
+  dependencies:
+    "@babel/compat-data" "^7.22.9"
+    "@babel/helper-validator-option" "^7.22.5"
+    browserslist "^4.21.9"
+    lru-cache "^5.1.1"
+    semver "^6.3.1"
+
 "@babel/helper-create-class-features-plugin@^7.18.6", "@babel/helper-create-class-features-plugin@^7.21.0", "@babel/helper-create-class-features-plugin@^7.22.5":
   version "7.22.6"
   resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.22.6.tgz#58564873c889a6fea05a538e23f9f6d201f10950"
@@ -1193,13 +1209,13 @@
     "@babel/helper-create-regexp-features-plugin" "^7.22.5"
     "@babel/helper-plugin-utils" "^7.22.5"
 
-"@babel/preset-env@^7.22.7":
-  version "7.22.7"
-  resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.22.7.tgz#a1ef34b64a80653c22ce4d9c25603cfa76fc168a"
-  integrity sha512-1whfDtW+CzhETuzYXfcgZAh8/GFMeEbz0V5dVgya8YeJyCU6Y/P2Gnx4Qb3MylK68Zu9UiwUvbPMPTpFAOJ+sQ==
+"@babel/preset-env@^7.22.9":
+  version "7.22.9"
+  resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.22.9.tgz#57f17108eb5dfd4c5c25a44c1977eba1df310ac7"
+  integrity sha512-wNi5H/Emkhll/bqPjsjQorSykrlfY5OWakd6AulLvMEytpKasMVUpVy8RL4qBIBs5Ac6/5i0/Rv0b/Fg6Eag/g==
   dependencies:
-    "@babel/compat-data" "^7.22.6"
-    "@babel/helper-compilation-targets" "^7.22.6"
+    "@babel/compat-data" "^7.22.9"
+    "@babel/helper-compilation-targets" "^7.22.9"
     "@babel/helper-plugin-utils" "^7.22.5"
     "@babel/helper-validator-option" "^7.22.5"
     "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression" "^7.22.5"
@@ -1273,11 +1289,11 @@
     "@babel/plugin-transform-unicode-sets-regex" "^7.22.5"
     "@babel/preset-modules" "^0.1.5"
     "@babel/types" "^7.22.5"
-    "@nicolo-ribaudo/semver-v6" "^6.3.3"
     babel-plugin-polyfill-corejs2 "^0.4.4"
     babel-plugin-polyfill-corejs3 "^0.8.2"
     babel-plugin-polyfill-regenerator "^0.5.1"
     core-js-compat "^3.31.0"
+    semver "^6.3.1"
 
 "@babel/preset-modules@^0.1.5":
   version "0.1.5"
@@ -6098,10 +6114,10 @@ sass-loader@^13.3.2:
   dependencies:
     neo-async "^2.6.2"
 
-sass@^1.63.4:
-  version "1.63.4"
-  resolved "https://registry.yarnpkg.com/sass/-/sass-1.63.4.tgz#caf60643321044c61f6a0fe638a07abbd31cfb5d"
-  integrity sha512-Sx/+weUmK+oiIlI+9sdD0wZHsqpbgQg8wSwSnGBjwb5GwqFhYNwwnI+UWZtLjKvKyFlKkatRK235qQ3mokyPoQ==
+sass@^1.64.2:
+  version "1.64.2"
+  resolved "https://registry.yarnpkg.com/sass/-/sass-1.64.2.tgz#0d9805ad6acf31c59c3acc725fcfb91b7fcc6909"
+  integrity sha512-TnDlfc+CRnUAgLO9D8cQLFu/GIjJIzJCGkE7o4ekIGQOH7T3GetiRR/PsTWJUHhkzcSPrARkPI+gNWn5alCzDg==
   dependencies:
     chokidar ">=3.0.0 <4.0.0"
     immutable "^4.0.0"
@@ -6148,7 +6164,12 @@ selfsigned@^2.0.0:
   dependencies:
     node-forge "^1.2.0"
 
-semver@^7.5.2:
+semver@^6.0.0, semver@^6.3.0, semver@^6.3.1:
+  version "6.3.1"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4"
+  integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==
+
+semver@^7.3.5, semver@^7.3.8, semver@^7.5.2:
   version "7.5.4"
   resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e"
   integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==
@@ -6453,10 +6474,10 @@ strip-json-comments@^3.1.1:
   resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006"
   integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==
 
-style-loader@^3.3.2:
-  version "3.3.2"
-  resolved "https://registry.yarnpkg.com/style-loader/-/style-loader-3.3.2.tgz#eaebca714d9e462c19aa1e3599057bc363924899"
-  integrity sha512-RHs/vcrKdQK8wZliteNK4NKzxvLBzpuHMqYmUVWeKa6MkaIQ97ZTOS0b+zapZhy6GcrgWnvWYCMHRirC3FsUmw==
+style-loader@^3.3.3:
+  version "3.3.3"
+  resolved "https://registry.yarnpkg.com/style-loader/-/style-loader-3.3.3.tgz#bba8daac19930169c0c9c96706749a597ae3acff"
+  integrity sha512-53BiGLXAcll9maCYtZi2RCQZKa8NQQai5C4horqKyRmHj9H7QmcUyucrH+4KW/gBQbXM2AsB0axoEcFZPlfPcw==
 
 stylehacks@^6.0.0:
   version "6.0.0"
@@ -6804,14 +6825,22 @@ webpack-dev-server@^4.7.4:
     webpack-dev-middleware "^5.3.1"
     ws "^8.4.2"
 
-webpack-merge@^5.7.3, webpack-merge@^5.8.0:
+webpack-merge@^5.7.3:
   version "5.8.0"
   resolved "https://registry.yarnpkg.com/webpack-merge/-/webpack-merge-5.8.0.tgz#2b39dbf22af87776ad744c390223731d30a68f61"
   integrity sha512-/SaI7xY0831XwP6kzuwhKWVKDP9t1QY1h65lAFLbZqMPIuYcD9QAW4u9STIbU9kaJbPBB/geU/gLr1wDjOhQ+Q==
   dependencies:
     clone-deep "^4.0.1"
     wildcard "^2.0.0"
 
+webpack-merge@^5.9.0:
+  version "5.9.0"
+  resolved "https://registry.yarnpkg.com/webpack-merge/-/webpack-merge-5.9.0.tgz#dc160a1c4cf512ceca515cc231669e9ddb133826"
+  integrity sha512-6NbRQw4+Sy50vYNTw7EyOn41OZItPiXB8GNv3INSoe3PSFaHJEz3SHTrYVaRm2LilNGnFUzh0FAwqPEmU/CwDg==
+  dependencies:
+    clone-deep "^4.0.1"
+    wildcard "^2.0.0"
+
 webpack-sources@^3.2.3:
   version "3.2.3"
   resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.2.3.tgz#2d4daab8451fd4b240cc27055ff6a0c2ccea0cde"