This PR merges all ruby security dependency updates made as part of https://github.com/epimorphics/hmlr-linked-data/issues/127 into the lift and shift branch. I've left the npm security dependency updates out of this PR as npm packages on dev-infrastructure are a bit different than dev, and replacing yarn.lock with the one from dev crashes the app. Since dependabot works against the main branch, the best way forward with this is to wait for the lift and shift to happen, make dev-infrastructure the new main branch afterwards, and let dependabot re-run all the checks against the new branch. After this we can address the remaining alerts
This PR merges all
ruby
security dependency updates made as part of https://github.com/epimorphics/hmlr-linked-data/issues/127 into the lift and shift branch. I've left thenpm
security dependency updates out of this PR asnpm
packages ondev-infrastructure
are a bit different thandev
, and replacingyarn.lock
with the one fromdev
crashes the app. Since dependabot works against the main branch, the best way forward with this is to wait for the lift and shift to happen, makedev-infrastructure
the new main branch afterwards, and let dependabot re-run all the checks against the new branch. After this we can address the remaining alerts