From 4dfb07eefd2f81213c80cbbddf6d98eb81119609 Mon Sep 17 00:00:00 2001
From: Eric Boehs <eric@boehs.com>
Date: Fri, 26 Apr 2024 10:24:37 -0500
Subject: [PATCH] fix: upgrade Ruby to 3.2.4 to address CVE (#16521)

* fix: upgrade Ruby to 3.2.4 to address CVE

* Update workflows for new ruby
---
 .github/workflows/code_checks.yml             | 2 +-
 .github/workflows/income-limits-data-sync.yml | 2 +-
 .ruby-version                                 | 2 +-
 Dockerfile                                    | 2 +-
 Dockerfile-k8s                                | 2 +-
 Gemfile                                       | 2 +-
 Gemfile.lock                                  | 2 +-
 docs/setup/native.md                          | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/code_checks.yml b/.github/workflows/code_checks.yml
index 576d34c954e..1361e44f06d 100644
--- a/.github/workflows/code_checks.yml
+++ b/.github/workflows/code_checks.yml
@@ -12,7 +12,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7
+      - uses: ruby/setup-ruby@1198b074305f9356bd56dd4b311757cc0dab2f1c
         with:
           bundler-cache: true
 
diff --git a/.github/workflows/income-limits-data-sync.yml b/.github/workflows/income-limits-data-sync.yml
index efafea3ab3c..8d9ff622431 100644
--- a/.github/workflows/income-limits-data-sync.yml
+++ b/.github/workflows/income-limits-data-sync.yml
@@ -15,7 +15,7 @@ jobs:
   income_limits_data_sync:
     runs-on: self-hosted
     container:
-      image: public.ecr.aws/docker/library/ruby:3.2.2-bullseye
+      image: public.ecr.aws/docker/library/ruby:3.2.4-bullseye
       env:
         SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
         NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt
diff --git a/.ruby-version b/.ruby-version
index b347b11eac8..351227fca34 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-3.2.3
+3.2.4
diff --git a/Dockerfile b/Dockerfile
index 96c748bbb5a..80f2ad21a87 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ruby:3.2.3-slim-bookworm as rubyimg
+FROM ruby:3.2.4-slim-bookworm as rubyimg
 
 # XXX: using stretch here for pdftk dep, which is not availible after
 #      stretch (or in alpine) and is switched automatically to pdftk-java in buster
diff --git a/Dockerfile-k8s b/Dockerfile-k8s
index 92323fabfa6..d038a3ff5c2 100644
--- a/Dockerfile-k8s
+++ b/Dockerfile-k8s
@@ -1,4 +1,4 @@
-FROM ruby:3.2.3-slim-bullseye AS rubyimg
+FROM ruby:3.2.4-slim-bullseye AS rubyimg
 FROM rubyimg AS modules
 
 WORKDIR /tmp
diff --git a/Gemfile b/Gemfile
index 94355520763..f3a4bf79ce5 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,7 +2,7 @@
 
 source 'https://rubygems.org'
 
-ruby '~> 3.2.3'
+ruby '~> 3.2.4'
 
 # Modules
 path 'modules' do
diff --git a/Gemfile.lock b/Gemfile.lock
index 71be4a47622..934745c679c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1280,7 +1280,7 @@ DEPENDENCIES
   yard
 
 RUBY VERSION
-   ruby 3.2.3p157
+   ruby 3.2.4p170
 
 BUNDLED WITH
    2.4.9
diff --git a/docs/setup/native.md b/docs/setup/native.md
index a01b152f3a4..4204ae911cd 100644
--- a/docs/setup/native.md
+++ b/docs/setup/native.md
@@ -2,7 +2,7 @@
 
 Vets API requires:
 
-- Ruby 3.2.3
+- Ruby 3.2.4
 - PostgreSQL 15.x (including PostGIS 3)
 - Redis 6.2.x