From 8e6ab5fd3900dcf682cb569cf834db6734a230b6 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 17 Jul 2024 17:01:08 +0000
Subject: [PATCH 1/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-REXML-7462086
---
 Gemfile      |  6 ++---
 Gemfile.lock | 63 +++++++++++++++++++++++++++++-----------------------
 2 files changed, 38 insertions(+), 31 deletions(-)

diff --git a/Gemfile b/Gemfile
index b2263a71..d1fdc659 100644
--- a/Gemfile
+++ b/Gemfile
@@ -30,9 +30,9 @@ end
 
 group :development do
   gem "listen"
-  gem "rubocop"
-  gem "rubocop-performance"
-  gem "rubocop-rails"
+  gem "rubocop", ">= 1.27.0"
+  gem "rubocop-performance", ">= 1.14.0"
+  gem "rubocop-rails", ">= 2.15.0"
   gem "spring"
   gem "web-console"
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index 778ad4aa..3bc38ec5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -73,7 +73,7 @@ GEM
     bindex (0.8.1)
     builder (3.2.4)
     byebug (11.1.3)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.3.3)
     connection_pool (2.2.5)
     crass (1.0.6)
     dalli (3.2.1)
@@ -120,14 +120,16 @@ GEM
     globalid (1.0.0)
       activesupport (>= 5.0)
     hashie (5.0.0)
-    i18n (1.10.0)
+    i18n (1.14.5)
       concurrent-ruby (~> 1.0)
     jquery-rails (4.4.0)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    json (2.7.2)
     jwt (2.3.0)
     kgio (2.11.4)
+    language_server-protocol (3.17.0.3)
     listen (3.7.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
@@ -141,7 +143,7 @@ GEM
     method_source (1.0.0)
     mini_mime (1.1.2)
     mini_portile2 (2.8.0)
-    minitest (5.15.0)
+    minitest (5.24.1)
     multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
@@ -191,15 +193,16 @@ GEM
       actionpack (>= 4.2)
       omniauth (~> 2.0)
     orm_adapter (0.5.0)
-    parallel (1.22.1)
-    parser (3.1.1.0)
+    parallel (1.25.1)
+    parser (3.3.4.0)
       ast (~> 2.4.1)
+      racc
     pg (1.3.5)
     public_suffix (4.0.6)
     puma (5.6.4)
       nio4r (~> 2.0)
     racc (1.6.0)
-    rack (2.2.3)
+    rack (2.2.9)
     rack-cache (1.13.0)
       rack (>= 0.4)
     rack-host-redirect (1.3.0)
@@ -239,31 +242,35 @@ GEM
     rb-fsevent (0.11.1)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    regexp_parser (2.2.1)
+    regexp_parser (2.9.2)
     responders (3.0.1)
       actionpack (>= 5.0)
       railties (>= 5.0)
-    rexml (3.2.5)
+    rexml (3.3.2)
+      strscan
     rtl (0.4.0)
-    rubocop (1.26.1)
+    rubocop (1.65.0)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.16.0, < 2.0)
+      regexp_parser (>= 2.4, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.16.0)
-      parser (>= 3.1.1.0)
-    rubocop-performance (1.13.3)
-      rubocop (>= 1.7.0, < 2.0)
-      rubocop-ast (>= 0.4.0)
-    rubocop-rails (2.14.2)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.31.3)
+      parser (>= 3.3.1.0)
+    rubocop-performance (1.21.1)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rails (2.25.1)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
-      rubocop (>= 1.7.0, < 2.0)
-    ruby-progressbar (1.11.0)
+      rubocop (>= 1.33.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     sassc (2.4.0)
       ffi (~> 1.9)
@@ -299,11 +306,11 @@ GEM
     turbolinks (5.2.1)
       turbolinks-source (~> 5.2)
     turbolinks-source (5.2.0)
-    tzinfo (2.0.4)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
-    unicode-display_width (2.1.0)
+    unicode-display_width (2.5.0)
     vcr (6.1.0)
     warden (1.2.9)
       rack (>= 2.0.9)
@@ -342,9 +349,9 @@ DEPENDENCIES
   rack-host-redirect
   rails (~> 7.0)
   rtl
-  rubocop
-  rubocop-performance
-  rubocop-rails
+  rubocop (>= 1.27.0)
+  rubocop-performance (>= 1.14.0)
+  rubocop-rails (>= 2.15.0)
   sassc-rails
   simplecov
   sitemap_generator
@@ -355,7 +362,7 @@ DEPENDENCIES
   web-console
 
 RUBY VERSION
-   ruby 3.1.0p0
+   ruby 2.7.8p225
 
 BUNDLED WITH
    2.3.6

From 61a30586e60de3b2854b790cf21c8a4546fdc777 Mon Sep 17 00:00:00 2001
From: Lint Action <lint-action@samuelmeuli.com>
Date: Wed, 17 Jul 2024 17:09:54 +0000
Subject: [PATCH 2/2] Fix code style issues with RuboCop

---
 Gemfile.lock                        | 2 +-
 app/controllers/users_controller.rb | 4 ++--
 config/environments/production.rb   | 8 ++++----
 config/initializers/devise.rb       | 4 ++--
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 3bc38ec5..b2c00bb3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -362,7 +362,7 @@ DEPENDENCIES
   web-console
 
 RUBY VERSION
-   ruby 2.7.8p225
+   ruby 3.1.0p0
 
 BUNDLED WITH
    2.3.6
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index b120e6b8..6eace810 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -168,8 +168,8 @@ def octokit
         if current_user && !Rails.env.test?
           config.access_token = current_user.oauth_token
         else
-          config.client_id = ENV["github_client_id"]
-          config.client_secret = ENV["github_client_secret"]
+          config.client_id = ENV.fetch("github_client_id", nil)
+          config.client_secret = ENV.fetch("github_client_secret", nil)
         end
       end
       client
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 2adbc7cb..595f3f3d 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -29,7 +29,7 @@
   config.public_file_server.headers = {
     "Cache-Control" => "public, max-age=31536000",
     # 6 months from now
-    "Expires" => (DateTime.now + 180.days).to_datetime.to_formatted_s(:rfc822),
+    "Expires" => (DateTime.now + 180.days).to_datetime.to_fs(:rfc822),
   }
 
   # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
@@ -59,8 +59,8 @@
   # Use a memcached cache store in production.
   client = Dalli::Client.new \
     (ENV["MEMCACHIER_SERVERS"] || "").split(","),
-    username: ENV["MEMCACHIER_USERNAME"],
-    password: ENV["MEMCACHIER_PASSWORD"],
+    username: ENV.fetch("MEMCACHIER_USERNAME", nil),
+    password: ENV.fetch("MEMCACHIER_PASSWORD", nil),
     failover: true,
     socket_timeout: 1.5,
     socket_failure_delay: 0.2,
@@ -89,7 +89,7 @@
   config.active_support.deprecation = :notify
 
   # Use default logging formatter so that PID and timestamp are not suppressed.
-  config.log_formatter = ::Logger::Formatter.new
+  config.log_formatter = Logger::Formatter.new
 
   # Use a different logger for distributed setups.
   # require 'syslog/logger'
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 93de39eb..60599173 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -248,8 +248,8 @@
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
   config.omniauth :github,
-                  ENV["github_client_id"],
-                  ENV["github_client_secret"],
+                  ENV.fetch("github_client_id", nil),
+                  ENV.fetch("github_client_secret", nil),
                   scope: ""
 
   # ==> Warden configuration