Upgrade aws-sdk-rails 4.0.3 -> 5.1.0 (#390)

Co-authored-by: snyk-bot <[email protected]>

.trivyignore

@@ -1,4 +1,7 @@
-# List of vulnerabilities to ignore for the trivy scan
+# List of vulnerabilities to ignore for the trivy scan.
+# See also the `trivy-secret.yaml` file, which ignores specific files relating
+# to inadvertent secret disclosure.
+#
 # Please add safelists in the following format to make it easier when checking
 # Package/module name: URL to vulnerability for checking updates
 #  Versions:     URL to the version history

app/Gemfile

@@ -60,6 +60,8 @@ gem "faraday", "~> 2.9.0"
 gem "wicked_pdf"
 gem "actioncable-enhanced-postgresql-adapter"
 gem "aws-sdk-rails"
+gem "aws-sdk-s3"
+gem "aws-actionmailer-ses"
 
 # https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123/
 gem "rexml", "~> 3.3.9"

app/Gemfile.lock

@@ -87,56 +87,37 @@ GEM
       public_suffix (>= 2.0.2, < 7.0)
     afm (0.2.2)
     ast (2.4.2)
+    aws-actionmailer-ses (1.0.0)
+      actionmailer (>= 7.1.0)
+      aws-sdk-ses (~> 1, >= 1.50.0)
+      aws-sdk-sesv2 (~> 1, >= 1.34.0)
     aws-eventstream (1.3.0)
-    aws-partitions (1.962.0)
-    aws-record (2.13.1)
-      aws-sdk-dynamodb (~> 1, >= 1.85.0)
-    aws-sdk-core (3.201.3)
+    aws-partitions (1.1021.0)
+    aws-sdk-core (3.214.0)
       aws-eventstream (~> 1, >= 1.3.0)
-      aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.8)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-dynamodb (1.118.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
-      aws-sigv4 (~> 1.5)
-    aws-sdk-kms (1.88.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
+    aws-sdk-kms (1.96.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-rails (4.0.3)
-      actionmailbox (>= 7.0.0)
-      aws-record (~> 2)
-      aws-sdk-s3 (~> 1, >= 1.123.0)
-      aws-sdk-ses (~> 1, >= 1.50.0)
-      aws-sdk-sesv2 (~> 1, >= 1.34.0)
-      aws-sdk-sns (~> 1, >= 1.61.0)
-      aws-sdk-sqs (~> 1, >= 1.56.0)
-      aws-sessionstore-dynamodb (~> 2)
-      concurrent-ruby (~> 1.3, >= 1.3.1)
-      railties (>= 7.0.0)
+    aws-sdk-rails (5.1.0)
+      aws-sdk-core (~> 3)
+      railties (>= 7.1.0)
     aws-sdk-rds (1.241.0)
       aws-sdk-core (~> 3, >= 3.201.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.157.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
+    aws-sdk-s3 (1.176.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sdk-ses (1.68.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
-      aws-sigv4 (~> 1.5)
-    aws-sdk-sesv2 (1.55.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
+    aws-sdk-ses (1.78.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-sns (1.82.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
+    aws-sdk-sesv2 (1.68.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-sqs (1.80.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
-      aws-sigv4 (~> 1.5)
-    aws-sessionstore-dynamodb (2.2.0)
-      aws-sdk-dynamodb (~> 1, >= 1.85.0)
-      rack (>= 2, < 4)
-      rack-session (>= 1, < 3)
-    aws-sigv4 (1.9.1)
+    aws-sigv4 (1.10.1)
       aws-eventstream (~> 1, >= 1.0.2)
     base64 (0.2.0)
     bcrypt (3.1.20)
@@ -234,7 +215,7 @@ GEM
       rails-i18n
       rainbow (>= 2.2.2, < 4.0)
       terminal-table (>= 1.5.1)
-    io-console (0.7.2)
+    io-console (0.8.0)
     irb (1.14.1)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
@@ -249,7 +230,7 @@ GEM
       base64
     language_server-protocol (3.17.0.3)
     lint_roller (1.1.0)
-    logger (1.6.1)
+    logger (1.6.2)
     loofah (2.23.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
@@ -263,11 +244,11 @@ GEM
     method_source (1.1.0)
     mini_mime (1.1.5)
     mini_portile2 (2.8.7)
-    minitest (5.25.1)
+    minitest (5.25.4)
     msgpack (1.7.2)
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
-    mutex_m (0.2.0)
+    mutex_m (0.3.0)
     net-http (0.4.1)
       uri
     net-imap (0.4.17)
@@ -281,13 +262,13 @@ GEM
       net-protocol
     newrelic_rpm (9.12.0)
     nio4r (2.7.3)
-    nokogiri (1.16.8-aarch64-linux)
+    nokogiri (1.17.1-aarch64-linux)
       racc (~> 1.4)
-    nokogiri (1.16.8-arm64-darwin)
+    nokogiri (1.17.1-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.8-x86_64-darwin)
+    nokogiri (1.17.1-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.8-x86_64-linux)
+    nokogiri (1.17.1-x86_64-linux)
       racc (~> 1.4)
     oauth2 (2.0.9)
       faraday (>= 0.17.3, < 3.0)
@@ -331,7 +312,8 @@ GEM
       actionmailer (>= 3)
       net-smtp
       premailer (~> 1.7, >= 1.7.9)
-    psych (5.1.2)
+    psych (5.2.1)
+      date
       stringio
     public_suffix (6.0.1)
     puma (6.4.3)
@@ -345,7 +327,7 @@ GEM
       rack (< 3)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rackup (1.0.0)
+    rackup (1.0.1)
       rack (< 3)
       webrick
     rails (7.1.5.1)
@@ -391,11 +373,11 @@ GEM
       zeitwerk (~> 2.6)
     rainbow (3.1.1)
     rake (13.2.1)
-    rdoc (6.7.0)
+    rdoc (6.8.1)
       psych (>= 4.0.0)
     redis (4.8.1)
     regexp_parser (2.9.2)
-    reline (0.5.10)
+    reline (0.5.12)
       io-console (~> 0.5)
     responders (3.1.1)
       actionpack (>= 5.2)
@@ -490,7 +472,7 @@ GEM
       rubocop-performance (~> 1.21.0)
     stimulus-rails (1.3.3)
       railties (>= 6.0.0)
-    stringio (3.1.1)
+    stringio (3.1.2)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
     thor (1.3.2)
@@ -522,7 +504,7 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    webrick (1.8.2)
+    webrick (1.9.1)
     websocket (1.2.11)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
@@ -532,7 +514,7 @@ GEM
     wkhtmltopdf-binary (0.12.6.7)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.7.0)
+    zeitwerk (2.7.1)
 
 PLATFORMS
   aarch64-linux
@@ -544,7 +526,9 @@ PLATFORMS
 
 DEPENDENCIES
   actioncable-enhanced-postgresql-adapter
+  aws-actionmailer-ses
   aws-sdk-rails
+  aws-sdk-s3
   bootsnap
   brakeman (~> 5.2)
   bundler-audit (~> 0.9)

app/config/environments/production.rb

@@ -75,7 +75,7 @@
   # config.active_job.queue_name_prefix = "iv_cbv_payroll_production"
 
   config.action_mailer.perform_caching = false
-  config.action_mailer.delivery_method = :sesv2
+  config.action_mailer.delivery_method = :ses_v2
 
   # Ignore bad email addresses and do not raise email delivery errors.
   # Set this to true and configure the email server for immediate delivery to raise delivery errors.

trivy-secret.yaml

@@ -1,4 +1,4 @@
 allow-rules:
   - id: jwt-token
     description: skip jwt secret for ruby deps
-    path: /usr/local/bundle/ruby/3.3.0/gems/aws-sdk-core-3.201.3/lib/aws-sdk-ssooidc/client.rb
+    path: /usr/local/bundle/ruby/3.3.0/gems/aws-sdk-core-.*/lib/aws-sdk-ssooidc/client.rb