chore: fix security vulnerabilities for gems (#309)

* chore: fix security vunlerabilities for gems

* chore: update podfile.lock and xcode proj

* fix: code review

* fix: ci

* fix: ci

Author: hurali97

.github/actions/setup/action.yml

@@ -32,6 +32,7 @@ runs:
           .turbo
           apps/*/.turbo
           packages/*/.turbo
-        key: ${{ runner.os }}-turbo-${{ hashFiles('.turbo', '**/.turbo') }}
+        key: ${{ runner.os }}-turbo-${{ hashFiles('yarn.lock', 'package-lock.json', 'pnpm-lock.yaml', 'turbo.json', 'apps/*/turbo.json', 'packages/*/turbo.json') }}
         restore-keys: |
           ${{ runner.os }}-turbo-
+

apps/RNApp/Gemfile

@@ -1,10 +1,9 @@
 source 'https://rubygems.org'
 
 # You may use http://rbenv.org/ or https://rvm.io/ to install and use this version
-ruby '>= 2.6.10'
+ruby '>= 3.1.0'
 
-# Exclude problematic versions of cocoapods and activesupport that causes build failures.
-gem 'activesupport', '>= 6.1.7.5', '!= 7.1.0'
+gem 'activesupport', '~> 7.2.3', '>= 7.2.3.1'
 gem 'cocoapods', '>= 1.13', '!= 1.15.0', '!= 1.15.1'
 gem 'concurrent-ruby', '< 1.3.4'
 gem 'xcodeproj', '< 1.26.0'

apps/RNApp/Gemfile.lock

@@ -2,17 +2,25 @@ GEM
   remote: https://rubygems.org/
   specs:
     CFPropertyList (3.0.8)
-    activesupport (7.0.8.7)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+    activesupport (7.2.3.1)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
-      minitest (>= 5.1)
-      tzinfo (~> 2.0)
-    addressable (2.8.8)
+      logger (>= 1.4.2)
+      minitest (>= 5.1, < 6)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+    addressable (2.9.0)
       public_suffix (>= 2.0.2, < 8.0)
     algoliasearch (1.27.5)
       httpclient (~> 2.8, >= 2.8.3)
       json (>= 1.5.1)
     atomos (0.1.3)
+    base64 (0.3.0)
     benchmark (0.5.0)
     bigdecimal (4.0.1)
     claide (1.1.0)
@@ -55,6 +63,8 @@ GEM
     cocoapods-try (1.2.0)
     colored2 (3.1.2)
     concurrent-ruby (1.3.3)
+    connection_pool (3.0.2)
+    drb (2.2.3)
     escape (0.0.4)
     ethon (0.15.0)
       ffi (>= 1.15.0)
@@ -68,7 +78,7 @@ GEM
       concurrent-ruby (~> 1.0)
     json (2.19.2)
     logger (1.7.0)
-    minitest (5.26.1)
+    minitest (5.27.0)
     molinillo (0.8.0)
     mutex_m (0.3.0)
     nanaimo (0.3.0)
@@ -78,6 +88,7 @@ GEM
     public_suffix (4.0.7)
     rexml (3.4.4)
     ruby-macho (2.5.1)
+    securerandom (0.4.1)
     typhoeus (1.5.0)
       ethon (>= 0.9.0, < 0.16.0)
     tzinfo (2.0.6)
@@ -94,7 +105,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  activesupport (>= 6.1.7.5, != 7.1.0)
+  activesupport (~> 7.2.3, >= 7.2.3.1)
   benchmark
   bigdecimal
   cocoapods (>= 1.13, != 1.15.1, != 1.15.0)
@@ -105,7 +116,7 @@ DEPENDENCIES
   xcodeproj (< 1.26.0)
 
 RUBY VERSION
-   ruby 2.7.6p219
+   ruby 3.3.6p108
 
 BUNDLED WITH
    2.4.12