diff --git a/.circleci/config.yml b/.circleci/config.yml index 41247df35..1e396a7ff 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -33,6 +33,10 @@ jobs: name: Bundle Install command: bundle check || bundle install + - run: + name: Bundle audit + command: bundle exec bundle audit update && bundle exec bundle audit check -v + - run: name: Rubocop command: bundle exec rubocop diff --git a/Gemfile b/Gemfile index 111003a5d..c064ea37b 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ ruby '2.6.5' ##-- base gems for rails --## gem 'rack-cors', require: 'rack/cors' -gem 'rails', '~> 6', github: 'rails/rails' +gem 'rails', '~> 6', git: 'https://github.com/rails/rails' # Reduces boot times through caching; required in config/boot.rb gem 'bootsnap', require: false @@ -80,6 +80,7 @@ group :test do end group :development, :test do + gem 'bundle-audit', require: false gem 'byebug', platform: :mri gem 'factory_bot_rails' gem 'faker' diff --git a/Gemfile.lock b/Gemfile.lock index 7fe144c32..f812d62d5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,34 @@ GIT - remote: git://github.com/rails/rails.git - revision: 7f6d2914c64e7b5224784152fc2d315b6b5b9d60 + remote: https://github.com/lynndylanhurley/devise_token_auth + revision: d886f476c625a1bf9673f03b95fb629e75ac2875 + specs: + devise_token_auth (1.1.3) + bcrypt (~> 3.0) + devise (> 3.5.2, < 5) + rails (>= 4.2.0, < 6.1) + sprockets (= 3.7.2) + +GIT + remote: https://github.com/mbleigh/acts-as-taggable-on + revision: fbf2b609b69a90edcd5813e9ba6395a7e293e977 + specs: + acts-as-taggable-on (6.0.1) + activerecord (>= 5.0, < 6.1) + +GIT + remote: https://github.com/plataformatec/devise + revision: c5de66245460920f9ce98af43c20188c8948f036 + specs: + devise (4.7.1) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0) + responders + warden (~> 1.2.3) + +GIT + remote: https://github.com/rails/rails + revision: 3f1473379ce3eafc6f8a9912a7c4fb410745cac6 specs: actioncable (6.1.0.alpha) actionpack (= 6.1.0.alpha) @@ -82,34 +110,6 @@ GIT rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) -GIT - remote: https://github.com/lynndylanhurley/devise_token_auth - revision: d886f476c625a1bf9673f03b95fb629e75ac2875 - specs: - devise_token_auth (1.1.3) - bcrypt (~> 3.0) - devise (> 3.5.2, < 5) - rails (>= 4.2.0, < 6.1) - sprockets (= 3.7.2) - -GIT - remote: https://github.com/mbleigh/acts-as-taggable-on - revision: fbf2b609b69a90edcd5813e9ba6395a7e293e977 - specs: - acts-as-taggable-on (6.0.1) - activerecord (>= 5.0, < 6.1) - -GIT - remote: https://github.com/plataformatec/devise - revision: c5de66245460920f9ce98af43c20188c8948f036 - specs: - devise (4.7.1) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - GIT remote: https://github.com/rspec/rspec-rails revision: bfa37ce6d6ab80257c48e407042406007c7cb724 @@ -157,10 +157,15 @@ GEM bindex (0.8.1) bootsnap (1.4.5) msgpack (~> 1.0) - brakeman (4.7.0) + brakeman (4.7.1) browser (2.7.0) buftok (0.2.0) builder (3.2.3) + bundle-audit (0.1.0) + bundler-audit + bundler-audit (0.6.1) + bundler (>= 1.2.0, < 3) + thor (~> 0.18) byebug (11.0.1) carrierwave (2.0.2) activemodel (>= 5.0.0) @@ -276,7 +281,7 @@ GEM mini_magick (4.9.5) mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.12.2) + minitest (5.13.0) mock_redis (0.22.0) msgpack (1.3.1) multi_xml (0.6.0) @@ -318,7 +323,7 @@ GEM rails-html-sanitizer (1.3.0) loofah (~> 2.3) rainbow (3.0.0) - rake (13.0.0) + rake (13.0.1) rb-fsevent (0.10.3) rb-inotify (0.10.0) ffi (~> 1.0) @@ -439,7 +444,7 @@ GEM websocket-extensions (>= 0.1.0) websocket-extensions (0.1.4) wisper (2.0.0) - zeitwerk (2.2.0) + zeitwerk (2.2.1) PLATFORMS ruby @@ -451,6 +456,7 @@ DEPENDENCIES bootsnap brakeman browser + bundle-audit byebug carrierwave-aws chargebee (~> 2)