From 4c47d6fd978ccdfcfa4f8413576733cc4bb0b9b9 Mon Sep 17 00:00:00 2001
From: Pranav Raj S <pranav@chatwoot.com>
Date: Fri, 7 May 2021 00:59:22 +0530
Subject: [PATCH] fix: Upgrade rails to fix CVE-2021-22904 (#2233)

* fix: Upgrade rails to fix CVE-2021-22904
* chore: Update administrate

Co-authored-by: Sojan <sojan@pepalo.com>
---
 Gemfile.lock                                  | 125 +++++++++---------
 .../super_admin/application/index.html.erb    |   2 +-
 app/views/super_admin/users/index.html.erb    |   2 +-
 3 files changed, 63 insertions(+), 66 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 33b4a752b..06dbcfa0e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -18,58 +18,58 @@ GEM
   specs:
     action-cable-testing (0.6.1)
       actioncable (>= 5.0)
-    actioncable (6.0.3.6)
-      actionpack (= 6.0.3.6)
+    actioncable (6.0.3.7)
+      actionpack (= 6.0.3.7)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.0.3.6)
-      actionpack (= 6.0.3.6)
-      activejob (= 6.0.3.6)
-      activerecord (= 6.0.3.6)
-      activestorage (= 6.0.3.6)
-      activesupport (= 6.0.3.6)
+    actionmailbox (6.0.3.7)
+      actionpack (= 6.0.3.7)
+      activejob (= 6.0.3.7)
+      activerecord (= 6.0.3.7)
+      activestorage (= 6.0.3.7)
+      activesupport (= 6.0.3.7)
       mail (>= 2.7.1)
-    actionmailer (6.0.3.6)
-      actionpack (= 6.0.3.6)
-      actionview (= 6.0.3.6)
-      activejob (= 6.0.3.6)
+    actionmailer (6.0.3.7)
+      actionpack (= 6.0.3.7)
+      actionview (= 6.0.3.7)
+      activejob (= 6.0.3.7)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.0.3.6)
-      actionview (= 6.0.3.6)
-      activesupport (= 6.0.3.6)
+    actionpack (6.0.3.7)
+      actionview (= 6.0.3.7)
+      activesupport (= 6.0.3.7)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.0.3.6)
-      actionpack (= 6.0.3.6)
-      activerecord (= 6.0.3.6)
-      activestorage (= 6.0.3.6)
-      activesupport (= 6.0.3.6)
+    actiontext (6.0.3.7)
+      actionpack (= 6.0.3.7)
+      activerecord (= 6.0.3.7)
+      activestorage (= 6.0.3.7)
+      activesupport (= 6.0.3.7)
       nokogiri (>= 1.8.5)
-    actionview (6.0.3.6)
-      activesupport (= 6.0.3.6)
+    actionview (6.0.3.7)
+      activesupport (= 6.0.3.7)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.3.6)
-      activesupport (= 6.0.3.6)
+    activejob (6.0.3.7)
+      activesupport (= 6.0.3.7)
       globalid (>= 0.3.6)
-    activemodel (6.0.3.6)
-      activesupport (= 6.0.3.6)
-    activerecord (6.0.3.6)
-      activemodel (= 6.0.3.6)
-      activesupport (= 6.0.3.6)
+    activemodel (6.0.3.7)
+      activesupport (= 6.0.3.7)
+    activerecord (6.0.3.7)
+      activemodel (= 6.0.3.7)
+      activesupport (= 6.0.3.7)
     activerecord-import (1.0.7)
       activerecord (>= 3.2)
-    activestorage (6.0.3.6)
-      actionpack (= 6.0.3.6)
-      activejob (= 6.0.3.6)
-      activerecord (= 6.0.3.6)
+    activestorage (6.0.3.7)
+      actionpack (= 6.0.3.7)
+      activejob (= 6.0.3.7)
+      activerecord (= 6.0.3.7)
       marcel (~> 1.0.0)
-    activesupport (6.0.3.6)
+    activesupport (6.0.3.7)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -79,11 +79,10 @@ GEM
       activerecord (>= 5.0, < 6.1)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
-    administrate (0.14.0)
-      actionpack (>= 4.2)
-      actionview (>= 4.2)
-      activerecord (>= 4.2)
-      autoprefixer-rails (>= 6.0)
+    administrate (0.16.0)
+      actionpack (>= 5.0)
+      actionview (>= 5.0)
+      activerecord (>= 5.0)
       datetime_picker_rails (~> 0.0.7)
       jquery-rails (>= 4.0)
       kaminari (>= 1.0)
@@ -95,8 +94,6 @@ GEM
       rake (>= 10.4, < 14.0)
     ast (2.4.1)
     attr_extras (6.2.4)
-    autoprefixer-rails (9.8.6.3)
-      execjs
     aws-eventstream (1.1.0)
     aws-partitions (1.360.0)
     aws-sdk-core (3.105.0)
@@ -205,7 +202,7 @@ GEM
       faraday (~> 1.0)
     fcm (1.0.2)
       faraday (~> 1.0.0)
-    ffi (1.14.2)
+    ffi (1.15.0)
     flag_shih_tzu (0.3.23)
     foreman (0.87.2)
     fugit (1.4.1)
@@ -283,7 +280,7 @@ GEM
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
     httpclient (2.8.3)
-    i18n (1.8.9)
+    i18n (1.8.10)
       concurrent-ruby (~> 1.0)
     ice_nine (0.11.2)
     inflecto (0.0.2)
@@ -320,12 +317,12 @@ GEM
     listen (3.3.3)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.9.0)
+    loofah (2.9.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    marcel (1.0.0)
+    marcel (1.0.1)
     maxminddb (0.1.22)
     memoist (0.16.2)
     method_source (1.0.0)
@@ -333,8 +330,8 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2020.0512)
     mini_magick (4.10.1)
-    mini_mime (1.0.3)
-    mini_portile2 (2.5.0)
+    mini_mime (1.1.0)
+    mini_portile2 (2.5.1)
     minitest (5.14.4)
     momentjs-rails (2.20.1)
       railties (>= 3.1)
@@ -346,7 +343,7 @@ GEM
       connection_pool (~> 2.2)
     netrc (0.11.0)
     nio4r (2.5.7)
-    nokogiri (1.11.2)
+    nokogiri (1.11.3)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
     oauth (0.5.6)
@@ -377,29 +374,29 @@ GEM
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.0.3.6)
-      actioncable (= 6.0.3.6)
-      actionmailbox (= 6.0.3.6)
-      actionmailer (= 6.0.3.6)
-      actionpack (= 6.0.3.6)
-      actiontext (= 6.0.3.6)
-      actionview (= 6.0.3.6)
-      activejob (= 6.0.3.6)
-      activemodel (= 6.0.3.6)
-      activerecord (= 6.0.3.6)
-      activestorage (= 6.0.3.6)
-      activesupport (= 6.0.3.6)
+    rails (6.0.3.7)
+      actioncable (= 6.0.3.7)
+      actionmailbox (= 6.0.3.7)
+      actionmailer (= 6.0.3.7)
+      actionpack (= 6.0.3.7)
+      actiontext (= 6.0.3.7)
+      actionview (= 6.0.3.7)
+      activejob (= 6.0.3.7)
+      activemodel (= 6.0.3.7)
+      activerecord (= 6.0.3.7)
+      activestorage (= 6.0.3.7)
+      activesupport (= 6.0.3.7)
       bundler (>= 1.3.0)
-      railties (= 6.0.3.6)
+      railties (= 6.0.3.7)
       sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.0.3.6)
-      actionpack (= 6.0.3.6)
-      activesupport (= 6.0.3.6)
+    railties (6.0.3.7)
+      actionpack (= 6.0.3.7)
+      activesupport (= 6.0.3.7)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.20.3, < 2.0)
diff --git a/app/views/super_admin/application/index.html.erb b/app/views/super_admin/application/index.html.erb
index 80a5ae24c..951792711 100644
--- a/app/views/super_admin/application/index.html.erb
+++ b/app/views/super_admin/application/index.html.erb
@@ -46,7 +46,7 @@ It renders the `_table` partial to display details about the resources.
         "administrate.actions.new_resource",
         name: page.resource_name.titleize.downcase
       ),
-      [:new, namespace, page.resource_path],
+      [:new, namespace, page.resource_path.to_sym],
       class: "button",
     ) if valid_action?(:new) && show_action?(:new, new_resource) %>
   </div>
diff --git a/app/views/super_admin/users/index.html.erb b/app/views/super_admin/users/index.html.erb
index 80a5ae24c..951792711 100644
--- a/app/views/super_admin/users/index.html.erb
+++ b/app/views/super_admin/users/index.html.erb
@@ -46,7 +46,7 @@ It renders the `_table` partial to display details about the resources.
         "administrate.actions.new_resource",
         name: page.resource_name.titleize.downcase
       ),
-      [:new, namespace, page.resource_path],
+      [:new, namespace, page.resource_path.to_sym],
       class: "button",
     ) if valid_action?(:new) && show_action?(:new, new_resource) %>
   </div>