Fix bundle-audit check by updating some gems

Updating Puma and Rexml. Ignoring a vulnerability in bootstrap-sass[^1], since we (as far as I can tell) don’t use the affected “carousel” component. [^1]: GHSA-9mvj-f7w8-pvh2
zendesk · Oct 14, 2024 · 4216278 · 4216278
1 parent 27d9522
commit 4216278
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -525,7 +525,7 @@ GEM
       binding_of_caller (>= 0.7)
       pry (>= 0.9.11)
     public_suffix (5.0.4)
-    puma (5.6.8)
+    puma (5.6.9)
       nio4r (~> 2.0)
     pyu-ruby-sasl (0.0.3.3)
     racc (1.8.0)
@@ -566,8 +566,7 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rexml (3.3.4)
-      strscan
+    rexml (3.3.8)
     rollbar (2.27.1)
     rollbar-user_informer (0.1.0)
       rollbar (~> 2.15)
@@ -638,7 +637,6 @@ GEM
     sqlite3 (1.6.9-x86_64-darwin)
     sqlite3 (1.6.9-x86_64-linux)
     stackprof (0.2.12)
-    strscan (3.1.0)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
     thor (1.3.1)

diff --git a/Rakefile b/Rakefile
@@ -60,7 +60,7 @@ end
 
 desc 'Scan for gem vulnerabilities'
 task :bundle_audit do
-  sh "bundle-audit check --update"
+  sh "bundle-audit check --update --ignore=CVE-2024-6484"
 end
 
 desc "Run rubocop"