Merge pull request #321 from XeroAPI/PETOSS-519-Find-package-vulnerab…

…ilities-and-update-dependent-packages-for-Ruby Petoss 519 find package vulnerabilities and update dependent packages for ruby
XeroAPI · Oct 8, 2024 · b462d17 · b462d17
2 parents a6b0c4e + 56e6b7e
commit b462d17
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 52 deletions.
diff --git a/.github/workflows/build-test-lint.yml b/.github/workflows/build-test-lint.yml
@@ -24,6 +24,14 @@ jobs:
               run: bundle install
               working-directory: xero-ruby
 
+            - name: Check Vulnerable Packages
+              run: bundle audit
+              working-directory: xero-ruby
+
+            - name: Check Outdated Packages
+              run: bundle outdated || true
+              working-directory: xero-ruby
+
             - name: Compile Build
               run: find . -name "*.rb" | xargs -n 1 ruby -c > /dev/null 2>&1 || exit 1
               working-directory: xero-ruby

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
diff --git a/Gemfile b/Gemfile
@@ -3,7 +3,8 @@ source 'https://rubygems.org'
 gemspec
 
 group :development, :test do
-  gem 'rake', '~> 12.3.3'
+  gem 'rake', '~> 13.2.1'
   gem 'pry-byebug'
-  gem 'rubocop', '~> 0.70'
+  gem 'rubocop', '~> 1.66.1'
+  gem 'bundler-audit'
 end
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,43 +1,48 @@
 PATH
   remote: .
   specs:
-    xero-ruby (9.1.0)
+    xero-ruby (9.3.0)
       faraday (>= 2.0, < 3.0)
       json (~> 2.1, >= 2.1.0)
       json-jwt (~> 1.16, >= 1.16.3)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.1.3.4)
+    activesupport (7.2.1)
       base64
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      tzinfo (~> 2.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
     aes_key_wrap (1.1.0)
     ast (2.4.2)
     base64 (0.2.0)
     bigdecimal (3.1.8)
     bindata (2.5.0)
+    bundler-audit (0.9.2)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
     byebug (11.1.3)
     coderay (1.1.3)
-    concurrent-ruby (1.3.3)
+    concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     diff-lcs (1.5.1)
     drb (2.2.1)
-    faraday (2.10.1)
-      faraday-net_http (>= 2.0, < 3.2)
+    faraday (2.12.0)
+      faraday-net_http (>= 2.0, < 3.4)
+      json
       logger
     faraday-follow_redirects (0.3.0)
       faraday (>= 1, < 3)
-    faraday-net_http (3.1.1)
+    faraday-net_http (3.3.0)
       net-http
-    i18n (1.14.5)
+    i18n (1.14.6)
       concurrent-ruby (~> 1.0)
     json (2.7.2)
     json-jwt (1.16.6)
@@ -47,14 +52,14 @@ GEM
       bindata
       faraday (~> 2.0)
       faraday-follow_redirects
-    logger (1.6.0)
+    language_server-protocol (3.17.0.3)
+    logger (1.6.1)
     method_source (1.1.0)
-    minitest (5.24.1)
-    mutex_m (0.2.0)
+    minitest (5.25.1)
     net-http (0.4.1)
       uri
-    parallel (1.25.1)
-    parser (3.3.4.0)
+    parallel (1.26.3)
+    parser (3.3.5.0)
       ast (~> 2.4.1)
       racc
     pry (0.14.2)
@@ -65,50 +70,51 @@ GEM
       pry (>= 0.13, < 0.15)
     racc (1.8.1)
     rainbow (3.1.1)
-    rake (12.3.3)
+    rake (13.2.1)
     regexp_parser (2.9.2)
-    rexml (3.3.4)
-      strscan
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.0)
+    rspec-core (3.13.1)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.1)
+    rspec-expectations (3.13.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.1)
+    rspec-mocks (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.1)
-    rubocop (0.93.1)
+    rubocop (1.66.1)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 2.7.1.5)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8)
-      rexml
-      rubocop-ast (>= 0.6.0)
+      regexp_parser (>= 2.4, < 3.0)
+      rubocop-ast (>= 1.32.2, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (1.31.3)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.32.3)
       parser (>= 3.3.1.0)
     ruby-progressbar (1.13.0)
-    strscan (3.1.0)
+    securerandom (0.3.1)
+    thor (1.3.2)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (1.8.0)
-    uri (0.13.0)
+    unicode-display_width (2.6.0)
+    uri (0.13.1)
 
 PLATFORMS
   arm64-darwin-23
   ruby
 
 DEPENDENCIES
+  bundler-audit
   pry-byebug
-  rake (~> 12.3.3)
+  rake (~> 13.2.1)
   rspec (~> 3.6, >= 3.6.0)
-  rubocop (~> 0.70)
+  rubocop (~> 1.66.1)
   xero-ruby!
 
 BUNDLED WITH