From 6239fbe73cb5347fec6444edf5b9db0ebe3c86e8 Mon Sep 17 00:00:00 2001
From: Nelson Jovel <memoryman51@hotmail.com>
Date: Tue, 19 Nov 2024 18:15:54 -0800
Subject: [PATCH] fix: patch security vulnerabilities

---
 Gemfile      | 183 +--------------------------------------------------
 Gemfile.lock |   2 -
 package.json |  12 ++--
 yarn.lock    |  40 ++++-------
 4 files changed, 20 insertions(+), 217 deletions(-)

diff --git a/Gemfile b/Gemfile
index a2cb1ced..7a638451 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,7 +6,6 @@ git_source(:github) do |repo_name|
   "https://github.com/#{repo_name}.git"
 end
 
-<<<<<<< HEAD
 gem "activerecord-import"
 gem "bcrypt_pbkdf"
 gem "bootsnap", require: false
@@ -34,6 +33,7 @@ gem "watir"
 group :development do
   # Access an IRB console on exception pages or by using <%= console %> anywhere in the code.
   gem "brakeman"
+  gem "bullet"
   gem "dexter"
   gem "erb_lint", require: false
   gem "erblint-github"
@@ -52,187 +52,6 @@ group :development do
   # gem "web-console"
   # gem 'reek', require: false
 end
-||||||| parent of 66fc8f9 (chore: add deprecated gems to gemfile because they will get removed from the ruby standard library in the next version.  Also address security vulnerabilities)
-# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem "rails", "~> 7.1.3"
-gem "sprockets-rails"
-
-gem "pg"
-
-# Use Puma as the app server
-gem "puma", ">= 6.4.0"
-# Use Uglifier as compressor for JavaScript assets
-gem "uglifier", ">= 1.3.0"
-# See https://github.com/rails/execjs#readme for more supported runtimes
-# Use jquery as the JavaScript library
-gem "jquery-rails"
-# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
-gem "jbuilder", "~> 2.5"
-# Use Redis adapter to run Action Cable in production
-gem "redis", "~> 3.0"
-# Use ActiveModel has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
-
-gem "nokogiri"
-
-gem "bootsnap", require: false
-
-gem "haml"
-
-gem "friendly_id", "~> 5.1.0"
-
-gem "newrelic_rpm"
-
-gem "devise", git: "https://github.com/heartcombo/devise"
-
-gem "omniauth"
-
-gem "activerecord-import"
-
-gem "jsbundling-rails"
-
-gem "cssbundling-rails"
-
-gem "turbo-rails"
-
-gem "stimulus-rails"
-
-gem "watir"
-
-gem "bcrypt_pbkdf"
-gem "ed25519"
-gem "net-sftp"
-
-gem "standard_deviation"
-=======
-# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem "activerecord-import"
-gem "bcrypt_pbkdf"
-gem "bootsnap", require: false
-gem "cssbundling-rails"
-gem "devise", git: "https://github.com/heartcombo/devise"
-gem "ed25519"
-gem "friendly_id", "~> 5.1.0"
-gem "haml"
-gem "jbuilder", "~> 2.5"
-gem "jquery-rails"
-gem "jsbundling-rails"
-gem "logger"
-gem "net-sftp"
-gem "newrelic_rpm"
-gem "nokogiri"
-gem "omniauth"
-gem "ostruct"
-gem "pg"
-gem "puma", ">= 6.4.0"
-gem "rails", "~> 7.1.3"
-gem "redis", "~> 3.0"
-gem "sprockets-rails"
-gem "standard_deviation"
-gem "stimulus-rails"
-gem "turbo-rails"
-gem "uglifier", ">= 1.3.0"
-gem "watir"
->>>>>>> 66fc8f9 (chore: add deprecated gems to gemfile because they will get removed from the ruby standard library in the next version.  Also address security vulnerabilities)
-
-group :development, :test do
-  # Call 'byebug' anywhere in the code to stop execution and get a debugger console
-  gem "byebug", platform: :mri
-  gem "dotenv-rails"
-  gem "factory_bot_rails"
-  gem "parallel_tests"
-  gem "rack-mini-profiler"
-  gem "rspec-rails", "~> 6.0.3"
-end
-
-group :test do
-  gem "capybara"
-  gem "cuprite"
-  gem "database_cleaner"
-  gem "launchy"
-  gem "rails-controller-testing"
-  gem "simplecov", require: false
-  # gem "timecop"
-end
-
-# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
-gem "tzinfo-data", platforms: %i[mingw mswin x64_mingw jruby]
-
-# gem "reline", "~> 0.3.2"
-gem "puma", ">= 6.4.0"
-# Use Uglifier as compressor for JavaScript assets
-gem "uglifier", ">= 1.3.0"
-# See https://github.com/rails/execjs#readme for more supported runtimes
-# Use jquery as the JavaScript library
-gem "jquery-rails"
-# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
-gem "jbuilder", "~> 2.5"
-# Use Redis adapter to run Action Cable in production
-gem "redis", "~> 3.0"
-# Use ActiveModel has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
-
-gem "nokogiri"
-
-gem "bootsnap", require: false
-
-gem "haml"
-
-gem "friendly_id", "~> 5.1.0"
-
-gem "newrelic_rpm"
-
-gem "devise", git: "https://github.com/heartcombo/devise"
-
-gem "omniauth"
-
-gem "activerecord-import"
-
-gem "jsbundling-rails"
-
-gem "cssbundling-rails"
-
-gem "turbo-rails"
-
-gem "stimulus-rails"
-
-gem "watir"
-
-gem "bcrypt_pbkdf"
-gem "ed25519"
-gem "net-sftp"
-
-gem "standard_deviation"
-=======
-# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem "activerecord-import"
-gem "bcrypt_pbkdf"
-gem "bootsnap", require: false
-gem "cssbundling-rails"
-gem "devise", git: "https://github.com/heartcombo/devise"
-gem "ed25519"
-gem "friendly_id", "~> 5.1.0"
-gem "haml"
-gem "jbuilder", "~> 2.5"
-gem "jquery-rails"
-gem "jsbundling-rails"
-gem "logger"
-gem "net-sftp"
-gem "newrelic_rpm"
-gem "nokogiri"
-gem "omniauth"
-gem "ostruct"
-gem "pg"
-gem "puma", ">= 6.4.0"
-gem "rails", "~> 7.1.3"
-gem "redis", "~> 3.0"
-gem "sprockets-rails"
-gem "standard_deviation"
-gem "stimulus-rails"
-gem "turbo-rails"
-gem "uglifier", ">= 1.3.0"
-gem "watir"
->>>>>>> 66fc8f9 (chore: add deprecated gems to gemfile because they will get removed from the ruby standard library in the next version.  Also address security vulnerabilities)
 
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
diff --git a/Gemfile.lock b/Gemfile.lock
index 00aaec21..48dcbc45 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -468,7 +468,6 @@ GEM
       railties (>= 6.0.0)
     stringio (3.1.1)
     strscan (3.1.0)
-    temple (0.10.3)
     thor (1.3.2)
     tilt (2.3.0)
     timeout (0.4.1)
@@ -533,7 +532,6 @@ DEPENDENCIES
   newrelic_rpm
   nokogiri
   observer (~> 0.1.2)
-  omniauth
   ostruct
   parallel_tests
   pg
diff --git a/package.json b/package.json
index edc028fd..3bcb8122 100644
--- a/package.json
+++ b/package.json
@@ -17,13 +17,14 @@
     "@rails/actioncable": "^7.0.6",
     "@rails/activestorage": "^7.0.6",
     "@rails/ujs": "^7.0.6",
-    "bootstrap": "^5.1.3",
-    "braces": "^3.0.3",
+    "bootstrap": "^5.3.3",
+    "braces": "3.0.3",
     "debounce": "^1.2.1",
     "esbuild": "^0.18.12",
+    "micromatch": "^4.0.8",
     "sass": "^1.43.4",
-    "semver": "^7.5.2",
-    "ws": "^8.18.0"
+    "semver": "6.3.1",
+    "ws": "8.17.1"
   },
   "scripts": {
     "build": "esbuild app/javascript/*.* --bundle --outdir=app/assets/builds",
@@ -34,10 +35,9 @@
   },
   "devDependencies": {
     "eslint-plugin-cypress": "^2.13.3",
-    "jest": "^29.7.0",
+    "jest": "^29.6.1",
     "jest-environment-jsdom": "^29.6.1",
     "markdownlint": "^0.29.0",
-    "micromatch": "^4.0.8",
     "prettier": "3.0.0"
   },
   "jest": {
diff --git a/yarn.lock b/yarn.lock
index 1e788634..621a070b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1791,10 +1791,10 @@ binary-extensions@^2.0.0:
   resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-2.2.0.tgz#75f502eeaf9ffde42fc98829645be4ea76bd9e2d"
   integrity sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==
 
-bootstrap@^5.1.3:
-  version "5.3.0"
-  resolved "https://registry.yarnpkg.com/bootstrap/-/bootstrap-5.3.0.tgz#0718a7cc29040ee8dbf1bd652b896f3436a87c29"
-  integrity sha512-UnBV3E3v4STVNQdms6jSGO2CvOkjUMdDAVR2V5N4uCMdaIkaQjbcEAMqRimDHIs4uqBYzDAKCQwCB+97tJgHQw==
+bootstrap@^5.3.3:
+  version "5.3.3"
+  resolved "https://registry.yarnpkg.com/bootstrap/-/bootstrap-5.3.3.tgz#de35e1a765c897ac940021900fcbb831602bac38"
+  integrity sha512-8HLCdWgyoMguSO9o+aH+iuZ+aht+mzW0u3HIMzVu7Srrpv7EBBxTnrFlSCskwdY1+EOFQSm7uMJhNQHkdPcmjg==
 
 brace-expansion@^1.1.7:
   version "1.1.11"
@@ -1804,7 +1804,7 @@ brace-expansion@^1.1.7:
     balanced-match "^1.0.0"
     concat-map "0.0.1"
 
-braces@^3.0.2, braces@^3.0.3, braces@~3.0.2:
+braces@3.0.3, braces@^3.0.3, braces@~3.0.2:
   version "3.0.3"
   resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789"
   integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==
@@ -2941,7 +2941,7 @@ jest-worker@^29.7.0:
     merge-stream "^2.0.0"
     supports-color "^8.0.0"
 
-jest@^29.7.0:
+jest@^29.6.1:
   version "29.7.0"
   resolved "https://registry.yarnpkg.com/jest/-/jest-29.7.0.tgz#994676fc24177f088f1c5e3737f5697204ff2613"
   integrity sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==
@@ -3057,13 +3057,6 @@ lru-cache@^5.1.1:
   dependencies:
     yallist "^3.0.2"
 
-lru-cache@^6.0.0:
-  version "6.0.0"
-  resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-6.0.0.tgz#6d6fe6570ebd96aaf90fcad1dafa3b2566db3a94"
-  integrity sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==
-  dependencies:
-    yallist "^4.0.0"
-
 make-dir@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/make-dir/-/make-dir-4.0.0.tgz#c3c2307a771277cd9638305f915c29ae741b614e"
@@ -3462,18 +3455,11 @@ saxes@^6.0.0:
   dependencies:
     xmlchars "^2.2.0"
 
-semver@^6.3.0, semver@^6.3.1:
+semver@6.3.1, semver@^6.3.0, semver@^6.3.1:
   version "6.3.1"
   resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4"
   integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==
 
-semver@^7.5.2:
-  version "7.5.3"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.3.tgz#161ce8c2c6b4b3bdca6caadc9fa3317a4c4fe88e"
-  integrity sha512-QBlUtyVk/5EeHbi7X0fw6liDZc7BBmEaSYn01fMU1OUYbf6GPsbTtd8WmnqbI20SeycoHSeiybkE/q1Q+qlThQ==
-  dependencies:
-    lru-cache "^6.0.0"
-
 semver@^7.5.3, semver@^7.5.4:
   version "7.6.3"
   resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143"
@@ -3803,7 +3789,12 @@ write-file-atomic@^4.0.2:
     imurmurhash "^0.1.4"
     signal-exit "^3.0.7"
 
-ws@^8.11.0, ws@^8.18.0:
+ws@8.17.1:
+  version "8.17.1"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b"
+  integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==
+
+ws@^8.11.0:
   version "8.18.0"
   resolved "https://registry.yarnpkg.com/ws/-/ws-8.18.0.tgz#0d7505a6eafe2b0e712d232b42279f53bc289bbc"
   integrity sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==
@@ -3828,11 +3819,6 @@ yallist@^3.0.2:
   resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.1.1.tgz#dbb7daf9bfd8bac9ab45ebf602b8cbad0d5d08fd"
   integrity sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==
 
-yallist@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/yallist/-/yallist-4.0.0.tgz#9bb92790d9c0effec63be73519e11a35019a3a72"
-  integrity sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==
-
 yargs-parser@^21.1.1:
   version "21.1.1"
   resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-21.1.1.tgz#9096bceebf990d21bb31fa9516e0ede294a77d35"