chore: Ruby 3.4 upgrade and full dependency security update

.github/workflows/BundlerAudit.yml

@@ -10,9 +10,12 @@ jobs:
   audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - name: 'Bundler Audit'
-        # uses: andrewmcodes/bundler-audit-action@main
-        uses: laicuRoot/bundler-audit-action@use-ruby-3.2.2 # Temporarily fixes Ruby 3 issue: andrewmcodes/bundler-audit-action#6
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - uses: actions/checkout@v5
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - name: Run bundler-audit
+        run: |
+          gem install bundler-audit
+          bundle-audit check --update

.github/workflows/DockerLint.yml

@@ -45,7 +45,7 @@ jobs:
       # Checkout the code base #
       ##########################
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           # super-linter needs the full git history to get the
           # list of files that changed across commits

.github/workflows/nativeruby.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Toolkit Repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2023-01-09 23:31:25 UTC using RuboCop version 1.42.0.
+# on 2026-03-28 00:33:27 UTC using RuboCop version 1.86.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -12,46 +12,63 @@ Layout/EmptyLineAfterGuardClause:
   Exclude:
     - 'tasks/connectors/cobaltio/lib/cobaltio_helper.rb'
 
+# Offense count: 2
+# This cop supports safe autocorrection (--autocorrect).
+Layout/EmptyLinesAroundMethodBody:
+  Exclude:
+    - 'tasks/utilities/csv2kdi/lib/csv2kdi_helper.rb'
+
 # Offense count: 1
+# Configuration parameters: AllowedParentClasses.
 Lint/MissingSuper:
   Exclude:
     - 'tasks/base.rb'
 
-# Offense count: 1
+# Offense count: 3
+# This cop supports safe autocorrection (--autocorrect).
 Lint/UselessAssignment:
   Exclude:
     - 'tasks/connectors/cobaltio/lib/cobaltio_helper.rb'
+    - 'tasks/connectors/digital_footprint/riskiq/lib/riskiq_helper.rb'
+    - 'tasks/connectors/ms_defender_atp/ms_defender_atp.rb'
 
-# Offense count: 179
-# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, CountRepeatedAttributes.
+# Offense count: 4
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: CheckForMethodsWithNoSideEffects.
+Lint/Void:
+  Exclude:
+    - 'tasks/connectors/edgescan/lib/edgescan_vulnerability.rb'
+    - 'tasks/connectors/insight_appsec/lib/insight_appsec_client.rb'
+    - 'tasks/utilities/csv2kdi/lib/csv2kdi_helper.rb'
+
+# Offense count: 195
+# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
   Max: 585
 
-# Offense count: 46
-# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Offense count: 102
+# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
 # AllowedMethods: refine
 Metrics/BlockLength:
-  Max: 233
-  Exclude:
-    - 'spec/**/*'
+  Max: 393
 
-# Offense count: 14
-# Configuration parameters: CountBlocks.
+# Offense count: 7
+# Configuration parameters: CountBlocks, CountModifierForms.
 Metrics/BlockNesting:
   Max: 5
 
-# Offense count: 55
+# Offense count: 60
 # Configuration parameters: CountComments, CountAsOne.
 Metrics/ClassLength:
   Max: 417
 
-# Offense count: 76
-# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Offense count: 79
+# Configuration parameters: AllowedMethods, AllowedPatterns.
 Metrics/CyclomaticComplexity:
   Max: 107
 
-# Offense count: 316
-# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Offense count: 333
+# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
 Metrics/MethodLength:
   Max: 325
 
@@ -60,18 +77,18 @@ Metrics/MethodLength:
 Metrics/ModuleLength:
   Max: 438
 
-# Offense count: 28
+# Offense count: 30
 # Configuration parameters: CountKeywordArgs, MaxOptionalParameters.
 Metrics/ParameterLists:
   Max: 22
 
-# Offense count: 65
-# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Offense count: 69
+# Configuration parameters: AllowedMethods, AllowedPatterns.
 Metrics/PerceivedComplexity:
   Max: 119
 
 # Offense count: 66
-# Configuration parameters: EnforcedStyle, AllowedIdentifiers, AllowedPatterns.
+# Configuration parameters: EnforcedStyle, AllowedIdentifiers, AllowedPatterns, ForbiddenIdentifiers, ForbiddenPatterns.
 # SupportedStyles: snake_case, camelCase
 Naming/VariableName:
   Exclude:
@@ -84,16 +101,25 @@ Style/ClassVars:
   Exclude:
     - 'tasks/connectors/cobaltio/lib/cobaltio_helper.rb'
 
-# Offense count: 132
+# Offense count: 138
 # Configuration parameters: AllowedConstants.
 Style/Documentation:
   Enabled: false
 
-# Offense count: 169
+# Offense count: 174
 # Configuration parameters: AllowedVariables.
 Style/GlobalVars:
   Enabled: false
 
+# Offense count: 2
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AllowedReceivers.
+# AllowedReceivers: Thread.current
+Style/HashEachMethods:
+  Exclude:
+    - 'tasks/base.rb'
+    - 'tasks/connectors/contrast/contrast.rb'
+
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
 Style/Not:
@@ -102,14 +128,14 @@ Style/Not:
 
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle, AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Configuration parameters: EnforcedStyle, AllowedMethods, AllowedPatterns.
 # SupportedStyles: predicate, comparison
 Style/NumericPredicate:
   Exclude:
     - 'spec/**/*'
     - 'tasks/connectors/cobaltio/lib/cobaltio_helper.rb'
 
-# Offense count: 9
+# Offense count: 12
 # Configuration parameters: AllowedMethods.
 # AllowedMethods: respond_to_missing?
 Style/OptionalBooleanParameter:
@@ -120,6 +146,36 @@ Style/OptionalBooleanParameter:
     - 'lib/http.rb'
     - 'lib/kdi/kdi_helpers.rb'
 
+# Offense count: 3
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: infinite?, nonzero?
+Style/RedundantCondition:
+  Exclude:
+    - 'lib/data/mapping/digi_footprint_finding_mapper.rb'
+    - 'tasks/utilities/csv2kdi/csv2kdi.rb'
+    - 'tasks/utilities/csv2kdi/lib/csv2kdi_helper.rb'
+
+# Offense count: 37
+# This cop supports safe autocorrection (--autocorrect).
+Style/RedundantParentheses:
+  Exclude:
+    - 'lib/data/mapping/digi_footprint_finding_mapper.rb'
+    - 'tasks/base.rb'
+    - 'tasks/connectors/aqua/aqua.rb'
+    - 'tasks/connectors/asimily/lib/asimily_client.rb'
+    - 'tasks/connectors/bugcrowd/bugcrowd_task.rb'
+    - 'tasks/connectors/contrast/contrast.rb'
+    - 'tasks/connectors/digital_footprint/bitsight/bitsight.rb'
+    - 'tasks/connectors/digital_footprint/bitsight/lib/bitsight_helpers.rb'
+    - 'tasks/connectors/digital_footprint/riskiq/lib/riskiq_helper.rb'
+    - 'tasks/connectors/digital_footprint/security_scorecard/security_scorecard.rb'
+    - 'tasks/connectors/lacework/lacework.rb'
+    - 'tasks/connectors/lacework/lib/lacework_helper.rb'
+    - 'tasks/utilities/asset_upload_tag/add_assets.rb'
+    - 'tasks/utilities/csv2kdi/csv2kdi.rb'
+    - 'toolkit.rb'
+
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods, MaxChainLength.
@@ -149,7 +205,7 @@ Style/SoleNestedConditional:
     - 'tasks/connectors/snyk/snyk.rb'
     - 'tasks/connectors/snyk_findings/snyk_findings.rb'
 
-# Offense count: 7968
+# Offense count: 9276
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
 # SupportedStyles: single_quotes, double_quotes
@@ -159,32 +215,31 @@ Style/StringLiterals:
 # Offense count: 5
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyleForMultiline.
-# SupportedStylesForMultiline: comma, consistent_comma, no_comma
+# SupportedStylesForMultiline: comma, consistent_comma, diff_comma, no_comma
 Style/TrailingCommaInHashLiteral:
   Exclude:
     - 'tasks/connectors/cobaltio/cobaltio.rb'
 
-# Offense count: 2
+# Offense count: 14
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: WordRegex.
 # SupportedStyles: percent, brackets
 Style/WordArray:
   EnforcedStyle: percent
   MinSize: 6
 
-# Offense count: 20
+# Offense count: 14
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/ZeroLengthPredicate:
   Exclude:
     - 'tasks/connectors/cobaltio/lib/cobaltio_helper.rb'
     - 'tasks/connectors/nozomi/nozomi.rb'
     - 'tasks/connectors/snyk/snyk.rb'
     - 'tasks/connectors/snyk_findings/snyk_findings.rb'
-    - 'tasks/connectors/snyk_v2/snyk_v2_task.rb'
 
-# Offense count: 419
+# Offense count: 452
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, IgnoredPatterns.
+# Configuration parameters: AllowHeredoc, AllowURI, AllowQualifiedName, URISchemes, AllowRBSInlineAnnotation, AllowCopDirectives, AllowedPatterns, SplitStrings.
 # URISchemes: http, https
 Layout/LineLength:
   Max: 834

.ruby-version

@@ -1 +1 @@
-3.2.2
+3.4.9

Containerfile

@@ -1,19 +1,15 @@
-FROM ruby:3.2.2
+FROM ruby:3.4
 HEALTHCHECK NONE
 
 # Update the base image.
-RUN apt-get update -y && apt-get upgrade -y 
+RUN apt-get update -y && apt-get upgrade -y
 
 # Copy Files To Container.
 COPY . "/opt/app/toolkit/"
 
 # Run Bundle Install
 WORKDIR "/opt/app/toolkit/"
 RUN gem install bundler && \
-	# CVE-2023-36617
-	gem install uri -v 0.12.2 && \
-	# CVE-2023-28756
-	gem install time -v 0.2.2 && \
 	bundle install
 
 # Set Entrypoint

Gemfile

@@ -2,46 +2,39 @@
 
 source "https://rubygems.org"
 
-ruby "3.2.2"
-# git_source(:github) do |repo_name|
-#  repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
-#  "https://github.com/#{repo_name}.git"
-# end
+ruby "~> 3.4.0"
 
-# Only required for file upload types (Guardium and Qualys to Kenna Direct), comment out if unneeded:
-# gem 'nokogiri'
-
-gem "activesupport"
-gem "addressable"
-gem "aws-sdk-guardduty"
-gem "aws-sdk-inspector"
-gem "aws-sdk-inspector2"
-gem "faraday", "~> 2.13"
-gem 'faraday-multipart'
+gem "activesupport", "~> 7.2"
+gem "addressable", "~> 2.8"
+gem "aws-sdk-guardduty", "~> 1.62"
+gem "aws-sdk-inspector", "~> 1.44"
+gem "aws-sdk-inspector2", "~> 1.10"
+gem "faraday", "~> 2.14"
+gem "faraday-multipart", "~> 1.2"
 gem "faraday-retry", "~> 2.3"
-gem "httparty"
-gem "ipaddress"
-gem "rest-client"
-gem "rexml", ">= 3.3.6"
-gem "ruby-limiter"
-gem "sanitize"
-gem "strscan"
-gem "tty-pager"
+gem "httparty", "~> 0.22"
+gem "ipaddress", "~> 0.8"
+gem "rest-client", "~> 2.1"
+gem "rexml", "~> 3.4"
+gem "ruby-limiter", "~> 2.2"
+gem "sanitize", "~> 6.1"
+gem "strscan", "~> 3.1"
+gem "tty-pager", "~> 0.14"
 
 group :development, :test do
-  gem "pry"
-  gem "pry-byebug"
-  gem "rspec"
-  gem "rubocop", require: false
-  gem 'simplecov'
-  gem 'simplecov-cobertura'
-  gem "solargraph", require: false
-  gem "timecop"
-  gem "vcr", "~> 6.1"
-  gem "webmock", "~> 3.18"
-  gem 'yard', '>= 0.9.36'
+  gem "pry", "~> 0.14"
+  gem "pry-byebug", "~> 3.10"
+  gem "rspec", "~> 3.13"
+  gem "rubocop", "~> 1.69", require: false
+  gem "simplecov", "~> 0.22"
+  gem "simplecov-cobertura", "~> 3.1"
+  gem "solargraph", "~> 0.50", require: false
+  gem "timecop", "~> 0.9"
+  gem "vcr", "~> 6.3"
+  gem "webmock", "~> 3.24"
+  gem "yard", "~> 0.9", ">= 0.9.37"
 end
 
 group :test do
-  gem 'rspec-github', require: false
+  gem "rspec-github", "~> 2.4", require: false
 end