From 6961fd46e76f516f747166234ef7bed6f4f7d49b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 23 Oct 2025 22:29:46 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378928
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378930
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378932
- https://snyk.io/vuln/SNYK-RUBY-RACK-13535097
- https://snyk.io/vuln/SNYK-RUBY-RACK-13524628
- https://snyk.io/vuln/SNYK-RUBY-URI-13506785
---
 Gemfile      |  4 ++--
 Gemfile.lock | 46 ++++++++++++++++++++++++----------------------
 2 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/Gemfile b/Gemfile
index 717259aa9..5ffb0f6db 100644
--- a/Gemfile
+++ b/Gemfile
@@ -52,7 +52,7 @@ gem 'csv'
 gem 'devise', '>= 4.8.1'
 gem 'fog-aws', '>= 3.15.0'
 gem 'jbuilder'
-gem 'jquery-rails'
+gem 'jquery-rails', '>= 4.6.1'
 gem 'kaminari'
 gem 'kramdown'
 gem 'mail'
@@ -86,7 +86,7 @@ end
 group :development do
   gem 'aasm-diagram'
   gem 'brakeman'
-  gem 'bullet'
+  gem 'bullet', '>= 8.1.0'
   gem 'bundler-audit'
   gem 'listen'
   gem 'rails-erd'
diff --git a/Gemfile.lock b/Gemfile.lock
index 501599281..f55f86db1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -149,8 +149,8 @@ GEM
       thread_safe (~> 0.3, >= 0.3.1)
     base64 (0.3.0)
     bcrypt (3.1.20)
-    benchmark (0.4.1)
-    bigdecimal (3.2.3)
+    benchmark (0.5.0)
+    bigdecimal (3.3.1)
     bindata (2.5.1)
     bindex (0.8.1)
     bootsnap (1.18.6)
@@ -158,7 +158,7 @@ GEM
     brakeman (7.1.0)
       racc
     builder (3.3.0)
-    bullet (8.0.8)
+    bullet (8.1.0)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
     bundler-audit (0.9.2)
@@ -210,7 +210,7 @@ GEM
     dotenv (3.1.8)
     drb (2.2.3)
     dumb_delegator (1.1.0)
-    erb (5.0.2)
+    erb (5.1.1)
     erubi (1.13.1)
     excon (1.3.0)
       logger
@@ -277,7 +277,7 @@ GEM
       actionview (>= 7.0.0)
       activesupport (>= 7.0.0)
     jmespath (1.6.2)
-    jquery-rails (4.6.0)
+    jquery-rails (4.6.1)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
@@ -332,7 +332,7 @@ GEM
     mini_magick (5.3.1)
       logger
     mini_mime (1.1.5)
-    minitest (5.25.5)
+    minitest (5.26.0)
     msgpack (1.8.0)
     multi_json (1.17.0)
     multi_xml (0.7.2)
@@ -350,21 +350,21 @@ GEM
       net-protocol
     newrelic_rpm (9.21.0)
     nio4r (2.7.4)
-    nokogiri (1.18.9-aarch64-linux-gnu)
+    nokogiri (1.18.10-aarch64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.9-aarch64-linux-musl)
+    nokogiri (1.18.10-aarch64-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.9-arm-linux-gnu)
+    nokogiri (1.18.10-arm-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.9-arm-linux-musl)
+    nokogiri (1.18.10-arm-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.9-arm64-darwin)
+    nokogiri (1.18.10-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.9-x86_64-darwin)
+    nokogiri (1.18.10-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.9-x86_64-linux-gnu)
+    nokogiri (1.18.10-x86_64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.9-x86_64-linux-musl)
+    nokogiri (1.18.10-x86_64-linux-musl)
       racc (~> 1.4)
     oauth2 (2.0.14)
       faraday (>= 0.17.3, < 4.0)
@@ -403,7 +403,7 @@ GEM
     pg (1.6.2-x86_64-darwin)
     pg (1.6.2-x86_64-linux)
     pg (1.6.2-x86_64-linux-musl)
-    pp (0.6.2)
+    pp (0.6.3)
       prettyprint
     prettyprint (0.2.0)
     prism (1.4.0)
@@ -417,7 +417,7 @@ GEM
     puma (6.6.1)
       nio4r (~> 2.0)
     racc (1.8.1)
-    rack (3.2.1)
+    rack (3.2.3)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
     rack-cors (3.0.0)
@@ -477,9 +477,10 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.11.1)
       ffi (~> 1.0)
-    rdoc (6.14.2)
+    rdoc (6.15.0)
       erb
       psych (>= 4.0.0)
+      tsort
     redis (5.4.1)
       redis-client (>= 0.22.0)
     redis-client (0.25.2)
@@ -591,6 +592,7 @@ GEM
     thread_safe (0.3.6)
     tilt (2.6.1)
     timeout (0.4.3)
+    tsort (0.2.0)
     turbo-rails (2.0.16)
       actionpack (>= 7.1.0)
       railties (>= 7.1.0)
@@ -600,7 +602,7 @@ GEM
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
     uniform_notifier (1.18.0)
-    uri (1.0.3)
+    uri (1.0.4)
     useragent (0.16.11)
     version_gem (1.1.9)
     virtus (2.0.0)
@@ -647,7 +649,7 @@ DEPENDENCIES
   axe-core-rspec
   bootsnap
   brakeman
-  bullet
+  bullet (>= 8.1.0)
   bundler-audit
   capybara
   carrierwave (>= 2.2.1)
@@ -661,7 +663,7 @@ DEPENDENCIES
   image_processing (~> 1.12)
   importmap-rails (>= 2.2.0)
   jbuilder
-  jquery-rails
+  jquery-rails (>= 4.6.1)
   json-jwt
   kaminari
   kramdown
@@ -700,7 +702,7 @@ DEPENDENCIES
   web-console
 
 RUBY VERSION
-   ruby 3.4.5p51
+   ruby 3.2.9p265
 
 BUNDLED WITH
-   2.7.1
+   2.4.19