From 84e809106a6954a9a9258aaa890c47c2f9ce86bd Mon Sep 17 00:00:00 2001
From: Nick Budak <budak@stanford.edu>
Date: Thu, 6 Jun 2024 09:01:33 -0700
Subject: [PATCH] Update gems to address vulnerabilities

---
 Gemfile      |  2 ++
 Gemfile.lock | 26 +++++++++++++++++---------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/Gemfile b/Gemfile
index 19f50d67..d6ee994c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -57,6 +57,8 @@ group :deployment do
   gem 'dlss-capistrano'
   gem 'capistrano-shared_configs'
   gem 'capistrano-passenger'
+  gem "ed25519", "~> 1.3"
+  gem "bcrypt_pbkdf", "~> 1.1"
 end
 
 group :production do
diff --git a/Gemfile.lock b/Gemfile.lock
index c9c76e7a..fbba6913 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -83,6 +83,9 @@ GEM
       execjs (~> 2)
     base64 (0.2.0)
     bcrypt (3.1.20)
+    bcrypt_pbkdf (1.1.1)
+    bcrypt_pbkdf (1.1.1-arm64-darwin)
+    bcrypt_pbkdf (1.1.1-x86_64-darwin)
     bindex (0.8.1)
     blacklight (7.37.0)
       deprecation
@@ -142,7 +145,7 @@ GEM
       xpath (~> 3.2)
     chronic (0.10.2)
     coderay (1.1.3)
-    concurrent-ruby (1.2.3)
+    concurrent-ruby (1.3.1)
     config (5.4.0)
       deep_merge (~> 1.2, >= 1.2.1)
     connection_pool (2.4.1)
@@ -178,6 +181,7 @@ GEM
       capistrano-shared_configs
     docile (1.4.0)
     domain_name (0.6.20240107)
+    ed25519 (1.3.0)
     erubi (1.12.0)
     execjs (2.9.1)
     factory_bot (6.2.1)
@@ -310,13 +314,13 @@ GEM
     net-ssh (7.2.3)
     newrelic_rpm (9.8.0)
     nio4r (2.7.1)
-    nokogiri (1.16.4-aarch64-linux)
+    nokogiri (1.16.5-aarch64-linux)
       racc (~> 1.4)
-    nokogiri (1.16.4-arm64-darwin)
+    nokogiri (1.16.5-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.4-x86_64-darwin)
+    nokogiri (1.16.5-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.4-x86_64-linux)
+    nokogiri (1.16.5-x86_64-linux)
       racc (~> 1.4)
     okcomputer (1.18.5)
     orm_adapter (0.5.0)
@@ -332,7 +336,7 @@ GEM
     public_suffix (5.0.5)
     puma (5.6.8)
       nio4r (~> 2.0)
-    racc (1.7.3)
+    racc (1.8.0)
     rack (2.2.9)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
@@ -376,7 +380,7 @@ GEM
     recaptcha (5.16.0)
     redis (5.1.0)
       redis-client (>= 0.17.0)
-    redis-client (0.22.0)
+    redis-client (0.22.2)
       connection_pool
     regexp_parser (2.9.0)
     reline (0.5.1)
@@ -385,7 +389,8 @@ GEM
       actionpack (>= 5.2)
       railties (>= 5.2)
     retriable (3.1.2)
-    rexml (3.2.6)
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
     rgeo (3.0.1)
     rgeo-geojson (2.1.1)
       rgeo (>= 1.0.0)
@@ -459,7 +464,7 @@ GEM
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
       websocket (~> 1.0)
-    sidekiq (7.2.2)
+    sidekiq (7.2.4)
       concurrent-ruby (< 2)
       connection_pool (>= 2.3.0)
       rack (>= 2.2.4)
@@ -493,6 +498,7 @@ GEM
       net-sftp (>= 2.1.2)
       net-ssh (>= 2.8.0)
     stringio (3.1.0)
+    strscan (3.1.0)
     thor (1.3.1)
     tilt (2.3.0)
     timeout (0.4.1)
@@ -533,6 +539,7 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
+  bcrypt_pbkdf (~> 1.1)
   blacklight (~> 7.33)
   blacklight_dynamic_sitemap (~> 0.3)
   blacklight_range_limit (~> 7.0)
@@ -551,6 +558,7 @@ DEPENDENCIES
   devise-guests (>= 0.3.3)
   devise-remote-user
   dlss-capistrano
+  ed25519 (~> 1.3)
   factory_bot_rails (~> 6.2.0)
   faraday (~> 2.0)
   geo_combine (>= 0.9)