From 903ed8de7e5b616109dbba01843e4230a6eb49d5 Mon Sep 17 00:00:00 2001
From: Andy Tinkham <andy.tinkham@cyberark.com>
Date: Thu, 6 May 2021 13:37:13 -0500
Subject: [PATCH] Update rails to 5.2.6 and remove debase

Signed-off-by: Andy Tinkham <andy.tinkham@cyberark.com>
---
 CHANGELOG.md |  3 ++
 Gemfile      |  1 -
 Gemfile.lock | 90 +++++++++++++++++++++++++---------------------------
 NOTICES.txt  |  8 ++---
 4 files changed, 50 insertions(+), 52 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 26d525e3e3..d78abdda38 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Security
+- Upgrade Rails to 5.2.5 to resolve CVE-2021-22885 
+  [cyberark/conjur#2149](https://github.com/cyberark/conjur/issues/2149)
 
 ## [1.11.6] - 2021-04-28
 
diff --git a/Gemfile b/Gemfile
index 1987aabba2..3a6f1f5e6b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -95,7 +95,6 @@ group :development, :test do
   gem 'csr'
   gem 'cucumber'
   gem 'database_cleaner'
-  gem 'debase'
   gem 'json_spec'
   gem 'net-ssh'
   gem 'parallel'
diff --git a/Gemfile.lock b/Gemfile.lock
index 7bcab2608c..7ae95a65e3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -17,43 +17,43 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.5)
-      actionpack (= 5.2.5)
+    actioncable (5.2.6)
+      actionpack (= 5.2.6)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.5)
-      actionpack (= 5.2.5)
-      actionview (= 5.2.5)
-      activejob (= 5.2.5)
+    actionmailer (5.2.6)
+      actionpack (= 5.2.6)
+      actionview (= 5.2.6)
+      activejob (= 5.2.6)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.5)
-      actionview (= 5.2.5)
-      activesupport (= 5.2.5)
+    actionpack (5.2.6)
+      actionview (= 5.2.6)
+      activesupport (= 5.2.6)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.5)
-      activesupport (= 5.2.5)
+    actionview (5.2.6)
+      activesupport (= 5.2.6)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.5)
-      activesupport (= 5.2.5)
+    activejob (5.2.6)
+      activesupport (= 5.2.6)
       globalid (>= 0.3.6)
-    activemodel (5.2.5)
-      activesupport (= 5.2.5)
-    activerecord (5.2.5)
-      activemodel (= 5.2.5)
-      activesupport (= 5.2.5)
+    activemodel (5.2.6)
+      activesupport (= 5.2.6)
+    activerecord (5.2.6)
+      activemodel (= 5.2.6)
+      activesupport (= 5.2.6)
       arel (>= 9.0)
-    activestorage (5.2.5)
-      actionpack (= 5.2.5)
-      activerecord (= 5.2.5)
+    activestorage (5.2.6)
+      actionpack (= 5.2.6)
+      activerecord (= 5.2.6)
       marcel (~> 1.0.0)
-    activesupport (5.2.5)
+    activesupport (5.2.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -139,9 +139,6 @@ GEM
     cucumber-tag_expressions (1.1.1)
     cucumber-wire (0.0.1)
     database_cleaner (1.8.4)
-    debase (0.2.4.1)
-      debase-ruby_core_source (>= 0.10.2)
-    debase-ruby_core_source (0.10.9)
     deep_merge (1.2.1)
     diff-lcs (1.3)
     docile (1.1.5)
@@ -202,7 +199,7 @@ GEM
     http-parser (1.2.1)
       ffi-compiler (>= 1.0, < 2.0)
     httpclient (2.8.3)
-    i18n (1.8.9)
+    i18n (1.8.10)
       concurrent-ruby (~> 1.0)
     ice_nine (0.11.2)
     inflecto (0.0.2)
@@ -229,18 +226,18 @@ GEM
     listen (3.2.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.9.0)
+    loofah (2.9.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    marcel (1.0.0)
+    marcel (1.0.1)
     method_source (1.0.0)
     mime-types (3.3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2019.1009)
-    mini_mime (1.0.3)
-    mini_portile2 (2.5.0)
+    mini_mime (1.1.0)
+    mini_portile2 (2.5.1)
     minitest (5.14.4)
     multi_json (1.14.1)
     multi_test (0.1.2)
@@ -248,10 +245,10 @@ GEM
     net-ssh (5.2.0)
     netrc (0.11.0)
     nio4r (2.5.7)
-    nokogiri (1.11.2)
+    nokogiri (1.11.3)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
-    nokogiri (1.11.2-x86_64-darwin)
+    nokogiri (1.11.3-x86_64-darwin)
       racc (~> 1.4)
     openid_connect (1.2.0)
       activemodel
@@ -290,18 +287,18 @@ GEM
     rack-rewrite (1.5.1)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.5)
-      actioncable (= 5.2.5)
-      actionmailer (= 5.2.5)
-      actionpack (= 5.2.5)
-      actionview (= 5.2.5)
-      activejob (= 5.2.5)
-      activemodel (= 5.2.5)
-      activerecord (= 5.2.5)
-      activestorage (= 5.2.5)
-      activesupport (= 5.2.5)
+    rails (5.2.6)
+      actioncable (= 5.2.6)
+      actionmailer (= 5.2.6)
+      actionpack (= 5.2.6)
+      actionview (= 5.2.6)
+      activejob (= 5.2.6)
+      activemodel (= 5.2.6)
+      activerecord (= 5.2.6)
+      activestorage (= 5.2.6)
+      activesupport (= 5.2.6)
       bundler (>= 1.3.0)
-      railties (= 5.2.5)
+      railties (= 5.2.6)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -318,9 +315,9 @@ GEM
     rails_layout (1.0.42)
     rails_serve_static_assets (0.0.5)
     rails_stdout_logging (0.0.5)
-    railties (5.2.5)
-      actionpack (= 5.2.5)
-      activesupport (= 5.2.5)
+    railties (5.2.6)
+      actionpack (= 5.2.6)
+      activesupport (= 5.2.6)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
@@ -456,7 +453,6 @@ DEPENDENCIES
   csr
   cucumber
   database_cleaner
-  debase
   dry-struct (~> 0.4.0)
   dry-types (~> 0.12.2)
   event_emitter
diff --git a/NOTICES.txt b/NOTICES.txt
index db15d8c59c..d45ebceb53 100644
--- a/NOTICES.txt
+++ b/NOTICES.txt
@@ -23,7 +23,7 @@ Section 3: BSD-3-Clause
 
 Section 4: MIT
 
->>> https://rubygems.org/gems/activesupport/versions/5.2.4.5
+>>> https://rubygems.org/gems/activesupport/versions/5.2.6
 >>> https://rubygems.org/gems/base58/versions/0.2.3
 >>> https://rubygems.org/gems/bcrypt/versions/3.1.13
 >>> https://rubygems.org/gems/command_class/versions/0.0.2
@@ -44,7 +44,7 @@ Section 4: MIT
 >>> https://rubygems.org/gems/nokogiri/versions/1.11.1
 >>> https://rubygems.org/gems/openid_connect/versions/1.2.0
 >>> https://rubygems.org/gems/rack-rewrite/versions/1.5.1
->>> https://rubygems.org/gems/rails/versions/5.2.4.5
+>>> https://rubygems.org/gems/rails/versions/5.2.6
 >>> https://rubygems.org/gems/rake/versions/13.0.1
 >>> https://rubygems.org/gems/ruby_dep/versions/1.3.1
 >>> https://rubygems.org/gems/sequel/versions/4.49.0
@@ -225,7 +225,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 MIT License is applicable to the following component(s).
 
->>> https://rubygems.org/gems/activesupport/versions/5.2.4.5
+>>> https://rubygems.org/gems/activesupport/versions/5.2.6
 
 Copyright (c) 2005-2018 David Heinemeier Hansson
 
@@ -701,7 +701,7 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
->>> https://rubygems.org/gems/rails/versions/5.2.4.5
+>>> https://rubygems.org/gems/rails/versions/5.2.6
 
 Copyright (c) 2005-2018 David Heinemeier Hansson