Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot updated sub-dependency, but completely discarded dependency limitation in Gemfile. #7673

Open
1 task done
skatkov opened this issue Jul 31, 2023 · 0 comments
Open
1 task done

Dependabot updated sub-dependency, but completely discarded dependency limitation in Gemfile. #7673

skatkov opened this issue Jul 31, 2023 · 0 comments
Labels
T: bug 🐞 Something isn't working

Comments

@skatkov
Copy link

skatkov commented Jul 31, 2023
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

bundler

Package manager version

2.4.10

Language version

Ruby 3.2.2

Manifest location and content before the Dependabot update

/Gemfile

source "https://rubygems.org"

ruby File.read(".ruby-version").strip

# Rails
gem "rails", "~> 7.0.3"
gem "sprockets-rails" # Rails 7 no longer depends on Sprockets automatically

gem "jsbundling-rails", "~> 1.0.3" # Bundle and transpile JavaScript [https://github.com/rails/jsbundling-rails]
gem "cssbundling-rails", "~> 1.1.1" # Bundle and process CSS [https://github.com/rails/cssbundling-rails]
gem "turbo-rails", "~> 1.3.2" # Hotwire's SPA-like page accelerator [https://turbo.hotwired.dev]
gem "stimulus-rails", "~> 1.1.0" # Hotwire's modest JavaScript framework [https://stimulus.hotwired.dev]
gem "heroicon"
gem "view_component"

gem "net-sftp"
# ed25519 and bcrypt_pbkdf are required to connect to the rakuten sftp server
gem "ed25519"
gem "bcrypt_pbkdf"

gem "puma", "~> 5.6"

gem "phony_rails", "~> 0.15.0"
gem "money-rails", "~> 1.12"

# Protobuf and Twirp
gem "google-protobuf", "~> 3.21.7", require: %w[google/protobuf google/protobuf/well_known_types] # google/protobuf/well_known_types is needed for things like Google::Protobuf::Timestamp#to_time
gem "twirp"
gem "rails_twirp"
gem "pbbuilder"

gem "googleauth", "~> 1.7.0"
gem "nokogiri", ">= 1.13.4"
gem "circuitbox"

gem "pg", "~> 1.4"
gem "activerecord-postgres_enum", "~> 2.0.1"
gem "rails-pg-extras" # heroku style pg analytics.
gem "pghero"
gem "pg_query" # require by `prosopite`
gem "prosopite"

gem "bcrypt", "~> 3.1.18"
gem "jwt", "~> 2.5.0"
gem "httpx"
gem "openssl", "~> 3"

gem "ffi", "~> 1.15.4"
gem "eyaml", ">= 0.1.2"

gem "google-cloud-storage", "~> 1.43", require: false

gem "google-cloud-monitoring" # export custom metrics to gcp

# gRPC installs a ton of binaries and creates about 300MB of junk
# in the Docker image, which we clean up. Also, gRPC version updates routinely
# break compatibility with M1 processors or x86 processors on macOS. In general,
# keeping gRPC up to date is a drag and a waste of time. Since the dependency is relatively
# stable, we pin gRPC here to avoid those hassles. Also: please, if you develop software,
# do not force people to talk to your software using gRPC.
gem "grpc", "1.54.0"

gem "aws-sdk-rails", require: false
gem "firebase-admin-sdk"

gem "bootsnap", ">= 1.4.4", require: false

# We have a number of additions to OAuth2 that we need for OpenBanking and if this gem needs
# updating we need to carefully review whether the additions work. For example, updating to 2.0
# would strip "client_id" from the request, breaking our integration with Starling bank
gem "oauth2", "~> 1.0"

gem "omniauth"
gem "omniauth-google-oauth2"
gem "omniauth-rails_csrf_protection"

gem "apple_id", "~> 1.6"

# Error reporting and debugger
gem "stackdriver"
gem "appsignal"

gem "image_processing", "~> 1.12"

# For CSS inlining in emails
gem "premailer-rails"

# Feature flags
gem "flipper"
gem "flipper-active_record"
gem "flipper-ui"

gem "good_job" # Job processing
gem "job-iteration" # Better job processing
gem "redcarpet" # Markdown
gem "faraday", "~> 2" # Open Banking API interactions
gem "faraday-retry"
gem "webmock" # google and apple auth interactions
gem "pagy" # Pagination

gem "namae" # For parsing natural persons names
gem "phonelib"
gem "cancancan"
gem "base58"

gem "idempo" # Idempotency keys

# Segment.com for analytics
gem "analytics-ruby", "~> 2.4", require: "segment/analytics"

# Zendesk for automatic ticket creation on suspended accounts
gem "zendesk_api", "~> 2"

# Customer.io for triggering broadcast emails
gem "customerio", github: "cheddar-me/customerio-ruby"

# Convenient range splitting
gem "range_utils"

# For storing raw transaction data
gem "zstd-ruby"

# For deployment tooling
gem "google-cloud-compute-v1"
gem "cli-ui"

# For loading the OB downtimes table
gem "reverse_markdown"

# For bulk-downloading from the admin
gem "zip_tricks"

# Pure ruby implementation of blowfish cypher as a replacement for one deprecated from OpenSSL v3
gem "blowfish", github: "cheddar-me/fork-blowfish"

gem "activesupport_cache_database"

gem "get_process_mem" # used to measure memory consumption for jobs.
gem "strong_migrations" # to detect potentially dangerous migrations

group :development, :test do
  gem "byebug", platforms: [:mri, :mingw, :x64_mingw]

  gem "progress_bar"
  gem "pry"
  gem "pry-rails"
  gem "pry-byebug"

  gem "awesome_print"
  gem "standard", require: false
  gem "erb_lint", require: false
  gem "vcr"

  gem "foreman"
  gem "capybara", require: false
  gem "selenium-webdriver", require: false
  gem "webdrivers", require: false

  gem "minitest-reporters"
  gem "rails-controller-testing"
  gem "minitest-stub_any_instance"
end

group :development do
  gem "listen", "~> 3.7"
  gem "magic_frozen_string_literal"
end

dependabot.yml content

version: 2
updates:

  • package-ecosystem: "bundler"
    versioning-strategy: "lockfile-only" # Do not edit Gemfile, just Gemfile.lock - if we pin a dependency we do it for a reason!
    directory: "/"
    schedule:
    interval: "weekly"

  • package-ecosystem: "npm"
    directory: "/"
    schedule:
    interval: "weekly"

  • package-ecosystem: "docker"
    directory: "/"
    schedule:
    interval: "weekly"

  • package-ecosystem: "github-actions"

    Checks for workflow files stored in the default location of .github/workflows

    directory: "/"
    schedule:
    interval: "weekly"

Updated dependency

Updates omniauth-google-oauth2 from 1.0.1 to 1.1.1
Updates blowfish from b121213 to 1.0.1
Updates customerio from bdad156 to 5.1.0
Updates oauth2 from 1.4.11 to 2.0.9

What you expected to see, versus what you actually saw

This bug is somehow similar to description "Dependabot bumped a subdependency from 8.x to 9.0" issue.

Dependabot tried to update omniauth-google-oauth2 dependency and bumped oauth2 from v1 to v2 version to do that. But he somehow didn't noticed, that Gemfile limits oauth2 gem to gem "oauth2", "~> 1".

Native package manager behavior

Bundler would not update omniauth-google-oauth2 or oauth2

Images of the diff or a link to the PR, issue, or logs

Screenshot 2023-07-31 at 16-28-36 Bump omniauth-google-oauth2 blowfish customerio and oauth2 by dependabot bot · Pull Request #3384 · cheddar-me_cheddarsvc

Smallest manifest that reproduces the issue

Gemfile provided above.

This is a Gemfile.lock

GIT
  remote: https://github.com/cheddar-me/customerio-ruby.git
  revision: bdad1560d940f36446a40580b862baede2307132
  specs:
    customerio (5.1.0)
      addressable (~> 2.8.0)
      multi_json (~> 1.0)

GIT
  remote: https://github.com/cheddar-me/fork-blowfish.git
  revision: b121213d273bdcd0331754abc88b3e3a5f3ca0e1
  specs:
    blowfish (1.0.1)

GEM
  remote: https://rubygems.org/
  specs:
    actioncable (7.0.6)
      actionpack (= 7.0.6)
      activesupport (= 7.0.6)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
    actionmailbox (7.0.6)
      actionpack (= 7.0.6)
      activejob (= 7.0.6)
      activerecord (= 7.0.6)
      activestorage (= 7.0.6)
      activesupport (= 7.0.6)
      mail (>= 2.7.1)
      net-imap
      net-pop
      net-smtp
    actionmailer (7.0.6)
      actionpack (= 7.0.6)
      actionview (= 7.0.6)
      activejob (= 7.0.6)
      activesupport (= 7.0.6)
      mail (~> 2.5, >= 2.5.4)
      net-imap
      net-pop
      net-smtp
      rails-dom-testing (~> 2.0)
    actionpack (7.0.6)
      actionview (= 7.0.6)
      activesupport (= 7.0.6)
      rack (~> 2.0, >= 2.2.4)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
    actiontext (7.0.6)
      actionpack (= 7.0.6)
      activerecord (= 7.0.6)
      activestorage (= 7.0.6)
      activesupport (= 7.0.6)
      globalid (>= 0.6.0)
      nokogiri (>= 1.8.5)
    actionview (7.0.6)
      activesupport (= 7.0.6)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.1, >= 1.2.0)
    activejob (7.0.6)
      activesupport (= 7.0.6)
      globalid (>= 0.3.6)
    activemodel (7.0.6)
      activesupport (= 7.0.6)
    activerecord (7.0.6)
      activemodel (= 7.0.6)
      activesupport (= 7.0.6)
    activerecord-postgres_enum (2.0.1)
      activerecord (>= 5.2)
      pg
    activestorage (7.0.6)
      actionpack (= 7.0.6)
      activejob (= 7.0.6)
      activerecord (= 7.0.6)
      activesupport (= 7.0.6)
      marcel (~> 1.0)
      mini_mime (>= 1.1.0)
    activesupport (7.0.6)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
      tzinfo (~> 2.0)
    activesupport_cache_database (0.4.0)
      activerecord (>= 6.0)
      activesupport (>= 6.0)
    addressable (2.8.4)
      public_suffix (>= 2.0.2, < 6.0)
    aes_key_wrap (1.1.0)
    analytics-ruby (2.4.0)
    ansi (1.5.0)
    apple_id (1.6.3)
      json-jwt (~> 1.16)
      openid_connect (~> 2.0)
      rack-oauth2 (~> 2.0)
    appsignal (3.3.6)
      rack
    ast (2.4.2)
    attr_required (1.0.1)
    awesome_print (1.9.2)
    aws-eventstream (1.2.0)
    aws-partitions (1.754.0)
    aws-record (2.10.1)
      aws-sdk-dynamodb (~> 1.18)
    aws-sdk-core (3.171.0)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.651.0)
      aws-sigv4 (~> 1.5)
      jmespath (~> 1, >= 1.6.1)
    aws-sdk-dynamodb (1.84.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
    aws-sdk-rails (3.7.1)
      aws-record (~> 2)
      aws-sdk-ses (~> 1)
      aws-sdk-sesv2 (~> 1)
      aws-sdk-sqs (~> 1)
      aws-sessionstore-dynamodb (~> 2)
      concurrent-ruby (~> 1)
      railties (>= 5.2.0)
    aws-sdk-ses (1.49.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
    aws-sdk-sesv2 (1.32.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
    aws-sdk-sqs (1.53.0)
      aws-sdk-core (~> 3, >= 3.165.0)
      aws-sigv4 (~> 1.1)
    aws-sessionstore-dynamodb (2.0.1)
      aws-sdk-dynamodb (~> 1)
      rack (~> 2)
    aws-sigv4 (1.5.2)
      aws-eventstream (~> 1, >= 1.0.2)
    base58 (0.2.3)
    bcrypt (3.1.18)
    bcrypt_pbkdf (1.1.0)
    better_html (2.0.2)
      actionview (>= 6.0)
      activesupport (>= 6.0)
      ast (~> 2.0)
      erubi (~> 1.4)
      parser (>= 2.4)
      smart_properties
    bindata (2.4.15)
    bootsnap (1.15.0)
      msgpack (~> 1.2)
    builder (3.2.4)
    byebug (11.1.3)
    cancancan (3.4.0)
    capybara (3.38.0)
      addressable
      matrix
      mini_mime (>= 0.1.3)
      nokogiri (~> 1.8)
      rack (>= 1.6.0)
      rack-test (>= 0.6.3)
      regexp_parser (>= 1.5, < 3.0)
      xpath (~> 3.2)
    circuitbox (1.1.1)
      activesupport
      moneta
    cli-ui (2.1.0)
    coderay (1.1.3)
    concurrent-ruby (1.2.2)
    crack (0.4.5)
      rexml
    crass (1.0.6)
    css_parser (1.12.0)
      addressable
    cssbundling-rails (1.1.1)
      railties (>= 6.0.0)
    date (3.3.3)
    declarative (0.0.20)
    digest-crc (0.6.4)
      rake (>= 12.0.0, < 14.0.0)
    ed25519 (1.3.0)
    erb_lint (0.4.0)
      activesupport
      better_html (>= 2.0.1)
      parser (>= 2.7.1.4)
      rainbow
      rubocop
      smart_properties
    erubi (1.12.0)
    et-orbi (1.2.7)
      tzinfo
    eyaml (0.3.0)
      rbnacl (~> 7.1)
      thor (~> 1.1)
    faraday (2.7.10)
      faraday-net_http (>= 2.0, < 3.1)
      ruby2_keywords (>= 0.0.4)
    faraday-follow_redirects (0.3.0)
      faraday (>= 1, < 3)
    faraday-multipart (1.0.4)
      multipart-post (~> 2)
    faraday-net_http (3.0.2)
    faraday-retry (1.0.3)
    ffi (1.15.5)
    firebase-admin-sdk (0.2.0)
      faraday (> 1, < 3)
      googleauth (> 0.16, < 2.0)
      jwt (>= 1.5, < 3.0)
    flipper (0.28.3)
      concurrent-ruby (< 2)
    flipper-active_record (0.28.3)
      activerecord (>= 4.2, < 8)
      flipper (~> 0.28.3)
    flipper-ui (0.28.3)
      erubi (>= 1.0.0, < 2.0.0)
      flipper (~> 0.28.3)
      rack (>= 1.4, < 3)
      rack-protection (>= 1.5.3, <= 4.0.0)
      sanitize (< 7)
    foreman (0.87.2)
    fugit (1.7.2)
      et-orbi (~> 1, >= 1.2.7)
      raabro (~> 1.4)
    gapic-common (0.10.0)
      faraday (>= 1.9, < 3.a)
      faraday-retry (>= 1.0, < 3.a)
      google-protobuf (~> 3.14)
      googleapis-common-protos (>= 1.3.12, < 2.a)
      googleapis-common-protos-types (>= 1.3.1, < 2.a)
      googleauth (~> 1.0)
      grpc (~> 1.36)
    get_process_mem (0.2.7)
      ffi (~> 1.0)
    globalid (1.1.0)
      activesupport (>= 5.0)
    good_job (3.15.11)
      activejob (>= 6.0.0)
      activerecord (>= 6.0.0)
      concurrent-ruby (>= 1.0.2)
      fugit (>= 1.1)
      railties (>= 6.0.0)
      thor (>= 0.14.1)
      webrick (>= 1.3)
    google-apis-core (0.9.1)
      addressable (~> 2.5, >= 2.5.1)
      googleauth (>= 0.16.2, < 2.a)
      httpclient (>= 2.8.1, < 3.a)
      mini_mime (~> 1.0)
      representable (~> 3.0)
      retriable (>= 2.0, < 4.a)
      rexml
      webrick
    google-apis-iamcredentials_v1 (0.15.0)
      google-apis-core (>= 0.9.0, < 2.a)
    google-apis-storage_v1 (0.19.0)
      google-apis-core (>= 0.9.0, < 2.a)
    google-cloud-common (1.0.0)
      google-protobuf (~> 3.14)
      googleapis-common-protos-types (~> 1.2)
    google-cloud-compute-v1 (1.3.0)
      gapic-common (>= 0.7, < 2.a)
      google-cloud-common (~> 1.0)
      google-cloud-errors (~> 1.0)
    google-cloud-core (1.6.0)
      google-cloud-env (~> 1.0)
      google-cloud-errors (~> 1.0)
    google-cloud-env (1.6.0)
      faraday (>= 0.17.3, < 3.0)
    google-cloud-error_reporting (0.42.1)
      concurrent-ruby (~> 1.1)
      google-cloud-core (~> 1.5)
      google-cloud-error_reporting-v1beta1 (~> 0.0)
      stackdriver-core (~> 1.3)
    google-cloud-error_reporting-v1beta1 (0.4.3)
      gapic-common (>= 0.7, < 2.a)
      google-cloud-errors (~> 1.0)
    google-cloud-errors (1.3.0)
    google-cloud-logging (2.2.1)
      concurrent-ruby (~> 1.1)
      google-cloud-core (~> 1.5)
      google-cloud-logging-v2 (~> 0.0)
      stackdriver-core (~> 1.3)
    google-cloud-logging-v2 (0.5.4)
      gapic-common (>= 0.7, < 2.a)
      google-cloud-errors (~> 1.0)
    google-cloud-monitoring (1.4.1)
      google-cloud-core (~> 1.6)
      google-cloud-monitoring-dashboard-v1 (>= 0.5, < 2.a)
      google-cloud-monitoring-metrics_scope-v1 (>= 0.0, < 2.a)
      google-cloud-monitoring-v3 (>= 0.4, < 2.a)
    google-cloud-monitoring-dashboard-v1 (0.8.0)
      gapic-common (>= 0.10, < 2.a)
      google-cloud-errors (~> 1.0)
    google-cloud-monitoring-metrics_scope-v1 (0.2.0)
      gapic-common (>= 0.10, < 2.a)
      google-cloud-errors (~> 1.0)
    google-cloud-monitoring-v3 (0.9.0)
      gapic-common (>= 0.10, < 2.a)
      google-cloud-errors (~> 1.0)
    google-cloud-storage (1.43.0)
      addressable (~> 2.8)
      digest-crc (~> 0.4)
      google-apis-iamcredentials_v1 (~> 0.1)
      google-apis-storage_v1 (~> 0.19.0)
      google-cloud-core (~> 1.6)
      googleauth (>= 0.16.2, < 2.a)
      mini_mime (~> 1.0)
    google-cloud-trace (0.41.3)
      concurrent-ruby (~> 1.1)
      google-cloud-core (~> 1.5)
      google-cloud-trace-v1 (~> 0.0)
      google-cloud-trace-v2 (~> 0.0)
      stackdriver-core (~> 1.3)
    google-cloud-trace-v1 (0.3.3)
      gapic-common (>= 0.7, < 2.a)
      google-cloud-errors (~> 1.0)
    google-cloud-trace-v2 (0.3.3)
      gapic-common (>= 0.7, < 2.a)
      google-cloud-errors (~> 1.0)
    google-protobuf (3.21.12)
    googleapis-common-protos (1.3.12)
      google-protobuf (~> 3.14)
      googleapis-common-protos-types (~> 1.2)
      grpc (~> 1.27)
    googleapis-common-protos-types (1.3.2)
      google-protobuf (~> 3.14)
    googleauth (1.7.0)
      faraday (>= 0.17.3, < 3.a)
      jwt (>= 1.4, < 3.0)
      memoist (~> 0.16)
      multi_json (~> 1.11)
      os (>= 0.9, < 2.0)
      signet (>= 0.16, < 2.a)
    grpc (1.54.0)
      google-protobuf (~> 3.21)
      googleapis-common-protos-types (~> 1.0)
    grpc (1.54.0-x86_64-darwin)
      google-protobuf (~> 3.21)
      googleapis-common-protos-types (~> 1.0)
    grpc (1.54.0-x86_64-linux)
      google-protobuf (~> 3.21)
      googleapis-common-protos-types (~> 1.0)
    hashdiff (1.0.1)
    hashie (5.0.0)
    heroicon (1.0.0)
      rails (>= 5.2)
    highline (2.1.0)
    htmlentities (4.3.4)
    http-2-next (0.5.1)
    httpclient (2.8.3)
    httpx (0.24.1)
      http-2-next (>= 0.4.1)
    i18n (1.14.1)
      concurrent-ruby (~> 1.0)
    idempo (0.2.0)
      measurometer (~> 1.3)
      msgpack
      rack
    image_processing (1.12.2)
      mini_magick (>= 4.9.5, < 5)
      ruby-vips (>= 2.0.17, < 3)
    inflection (1.0.0)
    jmespath (1.6.2)
    job-iteration (1.3.6)
      activejob (>= 5.2)
    jsbundling-rails (1.0.3)
      railties (>= 6.0.0)
    json (2.6.3)
    json-jwt (1.16.3)
      activesupport (>= 4.2)
      aes_key_wrap
      bindata
      faraday (~> 2.0)
      faraday-follow_redirects
    jwt (2.5.0)
    language_server-protocol (3.17.0.3)
    lint_roller (1.1.0)
    listen (3.7.1)
      rb-fsevent (~> 0.10, >= 0.10.3)
      rb-inotify (~> 0.9, >= 0.9.10)
    loofah (2.21.3)
      crass (~> 1.0.2)
      nokogiri (>= 1.12.0)
    magic_frozen_string_literal (1.2.0)
    mail (2.8.1)
      mini_mime (>= 0.1.1)
      net-imap
      net-pop
      net-smtp
    marcel (1.0.2)
    matrix (0.4.2)
    measurometer (1.3.0)
    memoist (0.16.2)
    method_source (1.0.0)
    mini_magick (4.11.0)
    mini_mime (1.1.2)
    minitest (5.18.1)
    minitest-reporters (1.6.0)
      ansi
      builder
      minitest (>= 5.0)
      ruby-progressbar
    minitest-stub_any_instance (1.0.3)
    moneta (1.5.2)
    monetize (1.11.0)
      money (~> 6.12)
    money (6.16.0)
      i18n (>= 0.6.4, <= 2)
    money-rails (1.15.0)
      activesupport (>= 3.0)
      monetize (~> 1.9)
      money (~> 6.13)
      railties (>= 3.0)
    msgpack (1.6.0)
    multi_json (1.15.0)
    multi_xml (0.6.0)
    multipart-post (2.3.0)
    namae (1.1.1)
    net-imap (0.3.6)
      date
      net-protocol
    net-pop (0.1.2)
      net-protocol
    net-protocol (0.2.1)
      timeout
    net-sftp (4.0.0)
      net-ssh (>= 5.0.0, < 8.0.0)
    net-smtp (0.3.3)
      net-protocol
    net-ssh (7.0.1)
    nio4r (2.5.9)
    nokogiri (1.15.3-arm64-darwin)
      racc (~> 1.4)
    nokogiri (1.15.3-x86_64-darwin)
      racc (~> 1.4)
    nokogiri (1.15.3-x86_64-linux)
      racc (~> 1.4)
    oauth2 (1.4.11)
      faraday (>= 0.17.3, < 3.0)
      jwt (>= 1.0, < 3.0)
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 4)
    omniauth (2.1.1)
      hashie (>= 3.4.6)
      rack (>= 2.2.3)
      rack-protection
    omniauth-google-oauth2 (0.8.1)
      jwt (>= 2.0)
      oauth2 (~> 1.1)
      omniauth (>= 1.1.1)
      omniauth-oauth2 (>= 1.6)
    omniauth-oauth2 (1.8.0)
      oauth2 (>= 1.4, < 3)
      omniauth (~> 2.0)
    omniauth-rails_csrf_protection (1.0.1)
      actionpack (>= 4.2)
      omniauth (~> 2.0)
    openid_connect (2.2.0)
      activemodel
      attr_required (>= 1.0.0)
      faraday (~> 2.0)
      faraday-follow_redirects
      json-jwt (>= 1.16)
      net-smtp
      rack-oauth2 (~> 2.2)
      swd (~> 2.0)
      tzinfo
      validate_email
      validate_url
      webfinger (~> 2.0)
    openssl (3.0.1)
    options (2.3.2)
    os (1.1.4)
    pagy (6.0.2)
    parallel (1.23.0)
    parser (3.2.2.3)
      ast (~> 2.4.1)
      racc
    pbbuilder (0.15.1)
      activesupport
      google-protobuf
    pg (1.5.3)
    pg_query (4.2.0)
      google-protobuf (>= 3.19.2)
    pghero (3.3.3)
      activerecord (>= 6)
    phonelib (0.7.7)
    phony (2.19.5)
    phony_rails (0.15.0)
      activesupport (>= 3.0)
      phony (>= 2.18.12)
    premailer (1.18.0)
      addressable
      css_parser (>= 1.12.0)
      htmlentities (>= 4.0.0)
    premailer-rails (1.12.0)
      actionmailer (>= 3)
      net-smtp
      premailer (~> 1.7, >= 1.7.9)
    progress_bar (1.3.3)
      highline (>= 1.6, < 3)
      options (~> 2.3.0)
    prosopite (1.3.1)
    pry (0.14.2)
      coderay (~> 1.1)
      method_source (~> 1.0)
    pry-byebug (3.10.1)
      byebug (~> 11.0)
      pry (>= 0.13, < 0.15)
    pry-rails (0.3.9)
      pry (>= 0.10.4)
    public_suffix (5.0.3)
    puma (5.6.4)
      nio4r (~> 2.0)
    raabro (1.4.0)
    racc (1.7.1)
    rack (2.2.8)
    rack-oauth2 (2.2.0)
      activesupport
      attr_required
      faraday (~> 2.0)
      faraday-follow_redirects
      json-jwt (>= 1.11.0)
      rack (>= 2.1.0)
    rack-protection (3.0.6)
      rack
    rack-test (2.1.0)
      rack (>= 1.3)
    rails (7.0.6)
      actioncable (= 7.0.6)
      actionmailbox (= 7.0.6)
      actionmailer (= 7.0.6)
      actionpack (= 7.0.6)
      actiontext (= 7.0.6)
      actionview (= 7.0.6)
      activejob (= 7.0.6)
      activemodel (= 7.0.6)
      activerecord (= 7.0.6)
      activestorage (= 7.0.6)
      activesupport (= 7.0.6)
      bundler (>= 1.15.0)
      railties (= 7.0.6)
    rails-controller-testing (1.0.5)
      actionpack (>= 5.0.1.rc1)
      actionview (>= 5.0.1.rc1)
      activesupport (>= 5.0.1.rc1)
    rails-dom-testing (2.1.1)
      activesupport (>= 5.0.0)
      minitest
      nokogiri (>= 1.6)
    rails-html-sanitizer (1.6.0)
      loofah (~> 2.21)
      nokogiri (~> 1.14)
    rails-pg-extras (5.2.5)
      rails
      ruby-pg-extras (= 5.2.5)
    rails_twirp (0.14)
      rails (>= 6.1.3)
      twirp (>= 1.9, < 1.11)
    railties (7.0.6)
      actionpack (= 7.0.6)
      activesupport (= 7.0.6)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
      zeitwerk (~> 2.5)
    rainbow (3.1.1)
    rake (13.0.6)
    range_utils (2.0.0)
    rb-fsevent (0.11.0)
    rb-inotify (0.10.1)
      ffi (~> 1.0)
    rbnacl (7.1.1)
      ffi
    redcarpet (3.6.0)
    regexp_parser (2.8.1)
    representable (3.2.0)
      declarative (< 0.1.0)
      trailblazer-option (>= 0.1.1, < 0.2.0)
      uber (< 0.2.0)
    retriable (3.1.2)
    reverse_markdown (2.1.1)
      nokogiri
    rexml (3.2.5)
    rubocop (1.52.1)
      json (~> 2.3)
      parallel (~> 1.10)
      parser (>= 3.2.2.3)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml (>= 3.2.5, < 4.0)
      rubocop-ast (>= 1.28.0, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 2.4.0, < 3.0)
    rubocop-ast (1.29.0)
      parser (>= 3.2.1.0)
    rubocop-performance (1.18.0)
      rubocop (>= 1.7.0, < 2.0)
      rubocop-ast (>= 0.4.0)
    ruby-pg-extras (5.2.5)
      pg
      terminal-table
    ruby-progressbar (1.13.0)
    ruby-vips (2.1.4)
      ffi (~> 1.12)
    ruby2_keywords (0.0.5)
    rubyzip (2.3.2)
    sanitize (6.0.2)
      crass (~> 1.0.2)
      nokogiri (>= 1.12.0)
    selenium-webdriver (4.7.1)
      rexml (~> 3.2, >= 3.2.5)
      rubyzip (>= 1.2.2, < 3.0)
      websocket (~> 1.0)
    signet (0.17.0)
      addressable (~> 2.8)
      faraday (>= 0.17.5, < 3.a)
      jwt (>= 1.5, < 3.0)
      multi_json (~> 1.10)
    smart_properties (1.17.0)
    sprockets (4.0.2)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
    sprockets-rails (3.4.2)
      actionpack (>= 5.2)
      activesupport (>= 5.2)
      sprockets (>= 3.0.0)
    stackdriver (0.21.1)
      google-cloud-error_reporting (~> 0.41)
      google-cloud-logging (~> 2.1)
      google-cloud-trace (~> 0.40)
    stackdriver-core (1.5.0)
      google-cloud-core (~> 1.2)
    standard (1.30.1)
      language_server-protocol (~> 3.17.0.2)
      lint_roller (~> 1.0)
      rubocop (~> 1.52.0)
      standard-custom (~> 1.0.0)
      standard-performance (~> 1.1.0)
    standard-custom (1.0.1)
      lint_roller (~> 1.0)
    standard-performance (1.1.1)
      lint_roller (~> 1.1)
      rubocop-performance (~> 1.18.0)
    stimulus-rails (1.1.1)
      railties (>= 6.0.0)
    strong_migrations (1.4.4)
      activerecord (>= 5.2)
    swd (2.0.2)
      activesupport (>= 3)
      attr_required (>= 0.0.5)
      faraday (~> 2.0)
      faraday-follow_redirects
    terminal-table (3.0.2)
      unicode-display_width (>= 1.1.1, < 3)
    thor (1.2.2)
    timeout (0.4.0)
    trailblazer-option (0.1.2)
    turbo-rails (1.3.2)
      actionpack (>= 6.0.0)
      activejob (>= 6.0.0)
      railties (>= 6.0.0)
    twirp (1.10.0)
      faraday (< 3)
      google-protobuf (~> 3.0, >= 3.7.0)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
    uber (0.1.0)
    unicode-display_width (2.4.2)
    validate_email (0.1.6)
      activemodel (>= 3.0)
      mail (>= 2.2.5)
    validate_url (1.0.15)
      activemodel (>= 3.0.0)
      public_suffix
    vcr (6.1.0)
    view_component (3.4.0)
      activesupport (>= 5.2.0, < 8.0)
      concurrent-ruby (~> 1.0)
      method_source (~> 1.0)
    webdrivers (5.2.0)
      nokogiri (~> 1.6)
      rubyzip (>= 1.3.0)
      selenium-webdriver (~> 4.0)
    webfinger (2.1.2)
      activesupport
      faraday (~> 2.0)
      faraday-follow_redirects
    webmock (3.18.1)
      addressable (>= 2.8.0)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
    webrick (1.7.0)
    websocket (1.2.9)
    websocket-driver (0.7.5)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    xpath (3.2.0)
      nokogiri (~> 1.8)
    zeitwerk (2.6.8)
    zendesk_api (2.0.1)
      faraday (> 2.0.0)
      faraday-multipart
      hashie (>= 3.5.2, < 6.0.0)
      inflection
      mini_mime
      multipart-post (~> 2.0)
    zip_tricks (5.6.0)
    zstd-ruby (1.5.4.0)

PLATFORMS
  arm64-darwin-20
  arm64-darwin-21
  arm64-darwin-22
  x86_64-darwin-21
  x86_64-linux

DEPENDENCIES
  activerecord-postgres_enum (~> 2.0.1)
  activesupport_cache_database
  analytics-ruby (~> 2.4)
  apple_id (~> 1.6)
  appsignal
  awesome_print
  aws-sdk-rails
  base58
  bcrypt (~> 3.1.18)
  bcrypt_pbkdf
  blowfish!
  bootsnap (>= 1.4.4)
  byebug
  cancancan
  capybara
  circuitbox
  cli-ui
  cssbundling-rails (~> 1.1.1)
  customerio!
  ed25519
  erb_lint
  eyaml (>= 0.1.2)
  faraday (~> 2)
  faraday-retry
  ffi (~> 1.15.4)
  firebase-admin-sdk
  flipper
  flipper-active_record
  flipper-ui
  foreman
  get_process_mem
  good_job
  google-cloud-compute-v1
  google-cloud-monitoring
  google-cloud-storage (~> 1.43)
  google-protobuf (~> 3.21.7)
  googleauth (~> 1.7.0)
  grpc (= 1.54.0)
  heroicon
  httpx
  idempo
  image_processing (~> 1.12)
  job-iteration
  jsbundling-rails (~> 1.0.3)
  jwt (~> 2.5.0)
  listen (~> 3.7)
  magic_frozen_string_literal
  minitest-reporters
  minitest-stub_any_instance
  money-rails (~> 1.12)
  namae
  net-sftp
  nokogiri (>= 1.13.4)
  oauth2 (~> 1.0)
  omniauth
  omniauth-google-oauth2
  omniauth-rails_csrf_protection
  openssl (~> 3)
  pagy
  pbbuilder
  pg (~> 1.4)
  pg_query
  pghero
  phonelib
  phony_rails (~> 0.15.0)
  premailer-rails
  progress_bar
  prosopite
  pry
  pry-byebug
  pry-rails
  puma (~> 5.6)
  rails (~> 7.0.3)
  rails-controller-testing
  rails-pg-extras
  rails_twirp
  range_utils
  redcarpet
  reverse_markdown
  selenium-webdriver
  sprockets-rails
  stackdriver
  standard
  stimulus-rails (~> 1.1.0)
  strong_migrations
  turbo-rails (~> 1.3.2)
  twirp
  vcr
  view_component
  webdrivers
  webmock
  zendesk_api (~> 2)
  zip_tricks
  zstd-ruby

RUBY VERSION
   ruby 3.2.2p53

BUNDLED WITH
   2.4.10
@skatkov skatkov added the T: bug 🐞 Something isn't working label Jul 31, 2023
@skatkov skatkov changed the title Dependabot update sub-dependency, but completely discarded dependency limitation in Gemfile. Dependabot updated sub-dependency, but completely discarded dependency limitation in Gemfile. Jul 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@skatkov