security: Upgrade webpacker to fix CVE-2020-7660 (#1161)

- security: Upgrade webpack to fix CVE-2020-7660

Gemfile

@@ -47,7 +47,7 @@ gem 'redis-rack-cache'
 gem 'dotenv-rails'
 gem 'foreman'
 gem 'puma'
-gem 'webpacker'
+gem 'webpacker', '~> 5.x'
 
 ##--- gems for authentication & authorization ---##
 gem 'devise'

Gemfile.lock

@@ -141,7 +141,7 @@ GEM
     coderay (1.1.3)
     coercible (1.0.0)
       descendants_tracker (~> 0.0.1)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.7)
     connection_pool (2.2.3)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
@@ -242,7 +242,7 @@ GEM
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
     httpclient (2.8.3)
-    i18n (1.8.3)
+    i18n (1.8.5)
       concurrent-ruby (~> 1.0)
     ice_nine (0.11.2)
     inflecto (0.0.2)
@@ -304,7 +304,7 @@ GEM
     multipart-post (2.1.1)
     netrc (0.11.0)
     nio4r (2.5.2)
-    nokogiri (1.10.9)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
     oauth (0.5.4)
     orm_adapter (0.5.0)
@@ -533,7 +533,7 @@ GEM
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    webpacker (5.1.1)
+    webpacker (5.2.1)
       activesupport (>= 5.2)
       rack-proxy (>= 0.6.1)
       railties (>= 5.2)
@@ -545,7 +545,7 @@ GEM
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     wisper (2.0.0)
-    zeitwerk (2.3.0)
+    zeitwerk (2.4.0)
 
 PLATFORMS
   ruby
@@ -625,7 +625,7 @@ DEPENDENCIES
   valid_email2
   web-console
   webmock
-  webpacker
+  webpacker (~> 5.x)
   webpush
   wisper (= 2.0.0)
 

package.json

@@ -13,7 +13,7 @@
   },
   "dependencies": {
     "@rails/actioncable": "^6.0.0",
-    "@rails/webpacker": "^4.2.2",
+    "@rails/webpacker": "^5.2.0",
     "axios": "^0.19.0",
     "babel-plugin-syntax-jsx": "^6.18.0",
     "babel-plugin-transform-vue-jsx": "^3.7.0",