From a33a258f51438b3e22a4487dbcada0c1f8377bde Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 25 Aug 2022 21:18:10 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-OMNIAUTH-2987513
---
 Gemfile      |  4 ++--
 Gemfile.lock | 51 ++++++++++++++++++++++++++++-----------------------
 2 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/Gemfile b/Gemfile
index cdf798137..7979f4286 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,8 +5,8 @@ gem 'rails', '5.0.2'
 
 gem 'jquery-rails'
 gem 'pg'
-gem 'omniauth'
-gem 'omniauth-github'
+gem 'omniauth', '>= 2.0.0'
+gem 'omniauth-github', '>= 2.0.0'
 gem 'omniauth-twitter'
 gem 'octokit'
 gem 'rabl'
diff --git a/Gemfile.lock b/Gemfile.lock
index 44e3cebc3..2de8054ae 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -120,7 +120,7 @@ GEM
       activesupport (>= 4.1.0)
     gmaps4rails (2.1.2)
     hashdiff (0.3.2)
-    hashie (3.5.5)
+    hashie (5.0.0)
     highline (1.7.8)
     http (2.2.1)
       addressable (~> 2.3)
@@ -148,7 +148,7 @@ GEM
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
     json (2.0.3)
-    jwt (1.5.6)
+    jwt (2.3.0)
     kaminari (1.0.1)
       activesupport (>= 4.1.0)
       kaminari-actionview (= 1.0.1)
@@ -181,18 +181,19 @@ GEM
     mime-types-data (3.2016.0521)
     mini_portile2 (2.1.0)
     minitest (5.10.1)
-    multi_json (1.12.1)
+    multi_json (1.15.0)
     multi_xml (0.6.0)
-    multipart-post (2.0.0)
+    multipart-post (2.2.3)
     naught (1.1.0)
     newrelic_rpm (3.18.1.330)
     nio4r (2.0.0)
     nokogiri (1.7.0.1)
       mini_portile2 (~> 2.1.0)
-    oauth (0.5.1)
-    oauth2 (1.3.1)
-      faraday (>= 0.8, < 0.12)
-      jwt (~> 1.0)
+    oauth (0.6.1)
+      version_gem (~> 1.1)
+    oauth2 (1.4.8)
+      faraday (>= 0.8, < 3.0)
+      jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
@@ -203,18 +204,19 @@ GEM
       rails
     octokit (4.6.2)
       sawyer (~> 0.8.0, >= 0.5.3)
-    omniauth (1.6.1)
-      hashie (>= 3.4.6, < 3.6.0)
-      rack (>= 1.6.2, < 3)
-    omniauth-github (1.2.3)
-      omniauth (~> 1.5)
-      omniauth-oauth2 (>= 1.4.0, < 2.0)
-    omniauth-oauth (1.1.0)
+    omniauth (2.1.0)
+      hashie (>= 3.4.6)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-github (2.0.0)
+      omniauth (~> 2.0)
+      omniauth-oauth2 (~> 1.7.1)
+    omniauth-oauth (1.2.0)
       oauth
-      omniauth (~> 1.0)
-    omniauth-oauth2 (1.4.0)
-      oauth2 (~> 1.0)
-      omniauth (~> 1.2)
+      omniauth (>= 1.0, < 3)
+    omniauth-oauth2 (1.7.3)
+      oauth2 (>= 1.4, < 3)
+      omniauth (>= 1.9, < 3)
     omniauth-twitter (1.4.0)
       omniauth-oauth (~> 1.1)
       rack
@@ -230,7 +232,7 @@ GEM
     puma (3.7.1)
     rabl (0.13.1)
       activesupport (>= 2.3.14)
-    rack (2.0.1)
+    rack (2.2.4)
     rack-attack (5.0.1)
       rack
     rack-canonical-host (0.2.2)
@@ -241,6 +243,8 @@ GEM
     rack-google-analytics (1.2.0)
       actionpack
       activesupport
+    rack-protection (2.2.2)
+      rack
     rack-test (0.6.3)
       rack (>= 1.0)
     rails (5.0.2)
@@ -381,6 +385,7 @@ GEM
       unf_ext
     unf_ext (0.0.7.2)
     unicode-display_width (1.1.3)
+    version_gem (1.1.0)
     web-console (3.4.0)
       actionview (>= 5.0)
       activemodel (>= 5.0)
@@ -425,8 +430,8 @@ DEPENDENCIES
   newrelic_rpm
   octicons_helper
   octokit
-  omniauth
-  omniauth-github
+  omniauth (>= 2.0.0)
+  omniauth-github (>= 2.0.0)
   omniauth-twitter
   pg
   poltergeist
@@ -461,4 +466,4 @@ RUBY VERSION
    ruby 2.4.0p0
 
 BUNDLED WITH
-   1.14.6
+   1.17.3