From 0858a65600642a00b40c94ec45b01ab67a0ff9f0 Mon Sep 17 00:00:00 2001
From: Christina Chortaria <actspatial@gmail.com>
Date: Thu, 14 Sep 2023 17:53:17 -0400
Subject: [PATCH] [CVE-2023-26141] update sidekiq and sidekiq-pro
 https://github.com/pulibrary/bibdata/security/dependabot/67

---
 Gemfile                                       |  4 ++--
 Gemfile.lock                                  | 22 ++++++++++---------
 .../new_framework_defaults_6_1.rb             |  2 +-
 3 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/Gemfile b/Gemfile
index f8c22bd94..a85a963b1 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 source "https://gems.contribsys.com/" do
-  gem 'sidekiq-pro', '5.5.5'
+  gem 'sidekiq-pro'
 end
 
 gem 'alma', github: 'tulibraries/alma_rb', branch: 'main'
@@ -57,7 +57,7 @@ gem 'rubyXL'
 gem 'rubyzip', '>= 1.2.2'
 gem 'sass-rails'
 gem 'selenium-webdriver'
-gem 'sidekiq', '<7'
+gem 'sidekiq'
 gem 'stomp'
 gem 'stringex', github: "pulibrary/stringex", tag: 'vpton.2.5.2.2'
 gem 'terser'
diff --git a/Gemfile.lock b/Gemfile.lock
index 5421f9332..4f13a8650 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -50,8 +50,8 @@ GIT
 GEM
   remote: https://gems.contribsys.com/
   specs:
-    sidekiq-pro (5.5.5)
-      sidekiq (~> 6.0, >= 6.5.6)
+    sidekiq-pro (7.1.4)
+      sidekiq (>= 7.1.0, < 8)
 
 GEM
   remote: https://rubygems.org/
@@ -193,7 +193,7 @@ GEM
     chronic (0.10.2)
     coderay (1.1.3)
     concurrent-ruby (1.2.2)
-    connection_pool (2.3.0)
+    connection_pool (2.4.1)
     coveralls_reborn (0.25.0)
       simplecov (>= 0.18.1, < 0.22.0)
       term-ansicolor (~> 1.6)
@@ -431,7 +431,8 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    redis (4.8.0)
+    redis-client (0.17.0)
+      connection_pool
     regexp_parser (2.8.1)
     request_store (1.5.1)
       rack (>= 1.4)
@@ -509,10 +510,11 @@ GEM
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
       websocket (~> 1.0)
-    sidekiq (6.5.8)
-      connection_pool (>= 2.2.5, < 3)
-      rack (~> 2.0)
-      redis (>= 4.5.0, < 5)
+    sidekiq (7.1.4)
+      concurrent-ruby (< 2)
+      connection_pool (>= 2.3.0)
+      rack (>= 2.2.4)
+      redis-client (>= 0.14.0)
     simplecov (0.21.2)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -679,8 +681,8 @@ DEPENDENCIES
   rubyzip (>= 1.2.2)
   sass-rails
   selenium-webdriver
-  sidekiq (< 7)
-  sidekiq-pro (= 5.5.5)!
+  sidekiq
+  sidekiq-pro!
   simplecov
   solargraph
   solr_wrapper
diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb
index 9526b835a..3328a8f17 100644
--- a/config/initializers/new_framework_defaults_6_1.rb
+++ b/config/initializers/new_framework_defaults_6_1.rb
@@ -42,7 +42,7 @@
 # Use new connection handling API. For most applications this won't have any
 # effect. For applications using multiple databases, this new API provides
 # support for granular connection swapping.
-# Rails.application.config.active_record.legacy_connection_handling = false
+Rails.application.config.active_record.legacy_connection_handling = false
 
 # Make `form_with` generate non-remote forms by default.
 # Rails.application.config.action_view.form_with_generates_remote_forms = false