From eae62984c2555ec6bbf2ecb409ba885419645458 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 21 Aug 2025 00:19:22 +0000
Subject: [PATCH] fix: Gemfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-569156
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-2960802
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848599
- https://snyk.io/vuln/SNYK-RUBY-RAKE-552000
- https://snyk.io/vuln/SNYK-RUBY-JSON-560838
- https://snyk.io/vuln/SNYK-RUBY-RACK-10074187
- https://snyk.io/vuln/SNYK-RUBY-RACK-9398129
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569599
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569600
- https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-560837
- https://snyk.io/vuln/SNYK-RUBY-RACK-572377
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-11800112
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168647
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
- https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-2803851
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290052
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-1080913
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20270
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-3237239
- https://snyk.io/vuln/SNYK-RUBY-I18N-72582
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848600
- https://snyk.io/vuln/SNYK-RUBY-RACK-3356639
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274385
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168646
- https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290051
- https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-569601
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-2400638
- https://snyk.io/vuln/SNYK-RUBY-RACK-8720151
- https://snyk.io/vuln/SNYK-RUBY-THOR-10843853
- https://snyk.io/vuln/SNYK-RUBY-ACTIONMAILER-8220269
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-8220162
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-8220268
- https://snyk.io/vuln/SNYK-RUBY-RACK-9058602
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-2935879
- https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-20271
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028
- https://snyk.io/vuln/SNYK-RUBY-RACK-72567
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-22025
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168316
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237231
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237232
- https://snyk.io/vuln/SNYK-RUBY-ACTIVEJOB-72640
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242
- https://snyk.io/vuln/SNYK-RUBY-GLOBALID-3237234
- https://snyk.io/vuln/SNYK-RUBY-RACK-3237240
- https://snyk.io/vuln/SNYK-RUBY-RACK-538324
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274383
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274384
- https://snyk.io/vuln/SNYK-RUBY-RAILTIES-20454
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-5741907
- https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-632514
- https://snyk.io/vuln/SNYK-RUBY-ERUBIS-20482
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168648
- https://snyk.io/vuln/SNYK-RUBY-RACK-10074188
---
 Gemfile | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/Gemfile b/Gemfile
index b897dc0a7412c..06a60546f40cd 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem 'rails', '4.2.6'
+gem 'rails', '7.1.5.2'
 gem 'rails-deprecated_sanitizer', '~> 1.0.3'
 
 # Responders respond_to and respond_with
@@ -11,7 +11,7 @@ gem 'responders', '~> 2.0'
 gem 'sprockets', '~> 3.6.0'
 
 # Default values for AR models
-gem "default_value_for", "~> 3.0.0"
+gem "default_value_for", "~> 3.6.0"
 
 # Supported DBs
 gem "mysql2", '~> 0.3.16', group: :mysql
@@ -79,10 +79,10 @@ gem "kaminari", "~> 0.16.3"
 gem "haml-rails", '~> 0.9.0'
 
 # Files attachments
-gem "carrierwave", '~> 0.10.0'
+gem "carrierwave", "~> 0.11.0"
 
 # Drag and Drop UI
-gem 'dropzonejs-rails', '~> 0.7.1'
+gem 'dropzonejs-rails', '~> 0.7.3'
 
 # for aws storage
 gem "fog", "~> 1.36.0"
@@ -92,7 +92,7 @@ gem "unf", '~> 0.1.4'
 gem "six", '~> 0.2.0'
 
 # Seed data
-gem "seed-fu", '~> 2.3.5'
+gem "seed-fu", "~> 2.3.6"
 
 # Markdown and HTML processing
 gem 'html-pipeline', '~> 1.11.0'
@@ -121,12 +121,12 @@ group :unicorn do
 end
 
 # State machine
-gem "state_machines-activerecord", '~> 0.4.0'
+gem "state_machines-activerecord", "~> 0.6.0"
 # Run events after state machine commits
 gem 'after_commit_queue'
 
 # Issue tags
-gem 'acts-as-taggable-on', '~> 3.4'
+gem 'acts-as-taggable-on', '~> 4.0', '>= 4.0.0'
 
 # Background jobs
 gem 'sinatra', '~> 1.4.4', require: nil
@@ -245,7 +245,7 @@ group :development do
   gem 'rerun', '~> 0.11.0'
   gem 'bullet', require: false
   gem 'rblineprof', platform: :mri, require: false
-  gem 'web-console', '~> 2.0'
+  gem 'web-console', '~> 3.0', '>= 3.0.0'
 
   # Better errors handler
   gem 'better_errors', '~> 1.0.1'
@@ -306,7 +306,7 @@ group :test do
   gem 'shoulda-matchers', '~> 2.8.0', require: false
   gem 'email_spec', '~> 1.6.0'
   gem 'webmock', '~> 1.21.0'
-  gem 'test_after_commit', '~> 0.4.2'
+  gem 'test_after_commit', '~> 0.5.0'
   gem 'sham_rack'
 end
 
@@ -323,14 +323,14 @@ gem "mail_room", "~> 0.7"
 gem 'email_reply_parser', '~> 0.5.8'
 
 ## CI
-gem 'activerecord-session_store', '~> 1.0.0'
+gem 'activerecord-session_store', '~> 1.1.1'
 gem "nested_form", '~> 0.3.2'
 
 # OAuth
 gem 'oauth2', '~> 1.0.0'
 
 # Soft deletion
-gem "paranoia", "~> 2.0"
+gem "paranoia", "~> 2.6", ">= 2.6.3"
 
 # Health check
-gem 'health_check', '~> 1.5.1'
+gem 'health_check', '~> 1.7.2'