From f9e2c95167d5603bcc9b555447a8d0542d96082c Mon Sep 17 00:00:00 2001 From: arpit-jain_atko Date: Fri, 13 Mar 2026 09:44:16 +0530 Subject: [PATCH 1/2] fix(deps): upgrade dev dependencies to resolve Snyk security vulnerabilities --- Gemfile | 2 - Gemfile.lock | 115 +++----------------------------------------------- auth0.gemspec | 2 +- 3 files changed, 7 insertions(+), 112 deletions(-) diff --git a/Gemfile b/Gemfile index bf4e022d..1245d4cc 100644 --- a/Gemfile +++ b/Gemfile @@ -5,10 +5,8 @@ gemspec group :development do gem 'terminal-notifier-guard', require: false unless ENV['CIRCLECI'] - gem 'coveralls', require: false gem 'rubocop', require: false gem 'rubocop-rails', require: false - gem 'irb', require: false end group :test do diff --git a/Gemfile.lock b/Gemfile.lock index 7d2f05bf..1a1a2694 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,22 +11,6 @@ PATH GEM remote: https://rubygems.org/ specs: - actionpack (8.1.2) - actionview (= 8.1.2) - activesupport (= 8.1.2) - nokogiri (>= 1.8.5) - rack (>= 2.2.4) - rack-session (>= 1.0.1) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.2) - rails-html-sanitizer (~> 1.6) - useragent (~> 0.16) - actionview (8.1.2) - activesupport (= 8.1.2) - builder (~> 3.1) - erubi (~> 1.11) - rails-dom-testing (~> 2.2) - rails-html-sanitizer (~> 1.6) activesupport (8.1.2) base64 bigdecimal @@ -45,31 +29,17 @@ GEM ast (2.4.3) base64 (0.3.0) bigdecimal (4.0.1) - builder (3.3.0) coderay (1.1.3) concurrent-ruby (1.3.6) connection_pool (3.0.2) - coveralls (0.7.1) - multi_json (~> 1.3) - rest-client - simplecov (>= 0.7) - term-ansicolor - thor crack (1.0.0) bigdecimal rexml - crass (1.0.6) - date (3.5.1) diff-lcs (1.6.2) docile (1.4.1) domain_name (0.6.20240107) - dotenv (2.8.1) - dotenv-rails (2.8.1) - dotenv (= 2.8.1) - railties (>= 3.2) + dotenv (3.2.0) drb (2.2.3) - erb (6.0.1) - erubi (1.13.0) faker (2.23.0) i18n (>= 1.8.11, < 2) ffi (1.17.0-aarch64-linux-gnu) @@ -106,11 +76,6 @@ GEM domain_name (~> 0.5) i18n (1.14.8) concurrent-ruby (~> 1.0) - io-console (0.8.2) - irb (1.16.0) - pp (>= 0.6.0) - rdoc (>= 4.0.0) - reline (>= 0.4.2) json (2.18.0) jwt (2.10.2) base64 @@ -120,40 +85,16 @@ GEM rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) logger (1.7.0) - loofah (2.23.1) - crass (~> 1.0.2) - nokogiri (>= 1.12.0) lumberjack (1.2.10) method_source (1.1.0) mime-types (3.6.0) logger mime-types-data (~> 3.2015) mime-types-data (3.2024.1105) - mini_portile2 (2.8.9) minitest (6.0.1) prism (~> 1.5) - multi_json (1.15.0) nenv (0.3.0) netrc (0.11.0) - nokogiri (1.19.1) - mini_portile2 (~> 2.8.2) - racc (~> 1.4) - nokogiri (1.19.1-aarch64-linux-gnu) - racc (~> 1.4) - nokogiri (1.19.1-aarch64-linux-musl) - racc (~> 1.4) - nokogiri (1.19.1-arm-linux-gnu) - racc (~> 1.4) - nokogiri (1.19.1-arm-linux-musl) - racc (~> 1.4) - nokogiri (1.19.1-arm64-darwin) - racc (~> 1.4) - nokogiri (1.19.1-x86_64-darwin) - racc (~> 1.4) - nokogiri (1.19.1-x86_64-linux-gnu) - racc (~> 1.4) - nokogiri (1.19.1-x86_64-linux-musl) - racc (~> 1.4) notiffany (0.1.3) nenv (~> 0.1) shellany (~> 0.0) @@ -168,54 +109,22 @@ GEM pry (0.15.0) coderay (~> 1.1) method_source (~> 1.0) - psych (5.3.1) - date - stringio public_suffix (7.0.0) racc (1.8.1) rack (3.2.5) - rack-session (2.1.1) - base64 (>= 0.1.0) - rack (>= 3.0.0) - rack-test (2.1.0) - rack (>= 1.3) - rackup (2.2.1) - rack (>= 3) - rails-dom-testing (2.2.0) - activesupport (>= 5.0.0) - minitest - nokogiri (>= 1.6) - rails-html-sanitizer (1.6.0) - loofah (~> 2.21) - nokogiri (~> 1.14) - railties (8.1.2) - actionpack (= 8.1.2) - activesupport (= 8.1.2) - irb (~> 1.13) - rackup (>= 1.0.0) - rake (>= 12.2) - thor (~> 1.0, >= 1.2.2) - tsort (>= 0.2) - zeitwerk (~> 2.6) rainbow (3.1.1) rake (13.3.1) rb-fsevent (0.11.2) rb-inotify (0.11.1) ffi (~> 1.0) - rdoc (7.1.0) - erb - psych (>= 4.0.0) - tsort regexp_parser (2.11.3) - reline (0.6.3) - io-console (~> 0.5) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) retryable (3.0.5) - rexml (3.3.9) + rexml (3.4.4) rspec (3.13.2) rspec-core (~> 3.13.0) rspec-expectations (~> 3.13.0) @@ -256,36 +165,26 @@ GEM docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) - simplecov-cobertura (2.1.0) + simplecov-cobertura (3.1.0) rexml simplecov (~> 0.19) simplecov-html (0.13.1) simplecov_json_formatter (0.1.4) - stringio (3.2.0) - sync (0.5.0) - term-ansicolor (1.11.2) - tins (~> 1.0) terminal-notifier-guard (1.7.0) - thor (1.3.2) + thor (1.5.0) timecop (0.9.10) - tins (1.37.0) - bigdecimal - sync - tsort (0.2.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) unicode-display_width (3.2.0) unicode-emoji (~> 4.1) unicode-emoji (4.2.0) uri (1.1.1) - useragent (0.16.10) vcr (6.4.0) - webmock (3.24.0) + webmock (3.26.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) zache (0.15.2) - zeitwerk (2.7.1) PLATFORMS aarch64-linux @@ -306,12 +205,10 @@ PLATFORMS DEPENDENCIES auth0! bundler - coveralls - dotenv-rails (~> 2.0) + dotenv (~> 3.0) faker (~> 2.0) fuubar (~> 2.0) guard-rspec (~> 4.5) - irb pp rake (~> 13.0) rspec (~> 3.11) diff --git a/auth0.gemspec b/auth0.gemspec index 2074d027..5978d9c5 100644 --- a/auth0.gemspec +++ b/auth0.gemspec @@ -26,7 +26,7 @@ Gem::Specification.new do |s| s.add_development_dependency 'rake', '~> 13.0' s.add_development_dependency 'fuubar', '~> 2.0' s.add_development_dependency 'guard-rspec', '~> 4.5' unless ENV['CIRCLECI'] - s.add_development_dependency 'dotenv-rails', '~> 2.0' + s.add_development_dependency 'dotenv', '~> 3.0' s.add_development_dependency 'rspec', '~> 3.11' s.add_development_dependency 'simplecov', '~> 0.9' s.add_development_dependency 'faker', '~> 2.0' From 92428556e5e8f0cb8b4d5e84d374917ecc47219e Mon Sep 17 00:00:00 2001 From: arpit-jain_atko Date: Fri, 13 Mar 2026 09:55:09 +0530 Subject: [PATCH 2/2] fix(deps): upgrade dev dependencies to resolve Snyk security vulnerabilities --- .snyk | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.snyk b/.snyk index e1de5d04..0cbef262 100644 --- a/.snyk +++ b/.snyk @@ -9,3 +9,6 @@ ignore: - dotenv-rails > railties > actionpack > rack-test: reason: No direct upgrade available expires: "2023-11-02T12:00:00.000Z" + snyk:lic:rubygems:json:Ruby: + - '*': + reason: Ruby standard library gem, Ruby license is acceptable