From 921165da51908f096618408627173dea3d9ec36b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 3 May 2022 16:39:14 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-SINATRA-2806372 --- Gemfile | 4 +-- Gemfile.lock | 70 +++++++++++++++++++++++++--------------------------- 2 files changed, 36 insertions(+), 38 deletions(-) diff --git a/Gemfile b/Gemfile index d423050..8503b9f 100644 --- a/Gemfile +++ b/Gemfile @@ -1,11 +1,11 @@ source 'https://rubygems.org' gem 'activerecord' -gem 'sinatra' +gem 'sinatra', '>= 2.2.0' gem 'sqlite3' gem 'sinatra-activerecord' -gem 'sinatra-contrib', require: false +gem 'sinatra-contrib', '>= 2.2.0', require: false gem 'sinatra-flash' gem 'validate_url' diff --git a/Gemfile.lock b/Gemfile.lock index 4e535d1..b17523a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,20 +1,18 @@ GEM remote: https://rubygems.org/ specs: - activemodel (5.1.4) - activesupport (= 5.1.4) - activerecord (5.1.4) - activemodel (= 5.1.4) - activesupport (= 5.1.4) - arel (~> 8.0) - activesupport (5.1.4) + activemodel (7.0.2.4) + activesupport (= 7.0.2.4) + activerecord (7.0.2.4) + activemodel (= 7.0.2.4) + activesupport (= 7.0.2.4) + activesupport (7.0.2.4) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) - minitest (~> 5.1) - tzinfo (~> 1.1) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) addressable (2.5.2) public_suffix (>= 2.0.2, < 4.0) - arel (8.0.0) aws-sdk (2.10.53) aws-sdk-resources (= 2.10.53) aws-sdk-core (2.10.53) @@ -23,7 +21,6 @@ GEM aws-sdk-resources (2.10.53) aws-sdk-core (= 2.10.53) aws-sigv4 (1.0.2) - backports (3.8.0) bigdecimal (1.3.2) capybara (2.15.1) addressable @@ -34,14 +31,15 @@ GEM xpath (~> 2.0) cliver (0.3.2) coderay (1.1.2) - concurrent-ruby (1.0.5) + concurrent-ruby (1.1.10) database_cleaner (1.6.1) diff-lcs (1.3) dotenv (2.2.1) factory_girl (4.8.0) activesupport (>= 3.0.0) ffi (1.9.18) - i18n (0.8.6) + i18n (1.10.0) + concurrent-ruby (~> 1.0) jmespath (1.3.1) launchy (2.4.3) addressable (~> 2.3) @@ -52,9 +50,10 @@ GEM method_source (0.9.0) mini_mime (0.1.4) mini_portile2 (2.3.0) - minitest (5.10.3) - multi_json (1.12.2) - mustermann (1.0.1) + minitest (5.15.0) + multi_json (1.15.0) + mustermann (1.1.1) + ruby2_keywords (~> 0.0.1) nokogiri (1.8.1) mini_portile2 (~> 2.3.0) poltergeist (1.16.0) @@ -65,8 +64,8 @@ GEM coderay (~> 1.1.0) method_source (~> 0.9.0) public_suffix (3.0.0) - rack (2.0.3) - rack-protection (2.0.0) + rack (2.2.3) + rack-protection (2.2.0) rack rack-test (0.7.0) rack (>= 1.0, < 3) @@ -89,22 +88,22 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.6.0) rspec-support (3.6.0) + ruby2_keywords (0.0.5) ruby_dep (1.5.0) - sinatra (2.0.0) + sinatra (2.2.0) mustermann (~> 1.0) - rack (~> 2.0) - rack-protection (= 2.0.0) + rack (~> 2.2) + rack-protection (= 2.2.0) tilt (~> 2.0) - sinatra-activerecord (2.0.13) - activerecord (>= 3.2) + sinatra-activerecord (2.0.25) + activerecord (>= 4.1) sinatra (>= 1.0) - sinatra-contrib (2.0.0) - backports (>= 2.0) + sinatra-contrib (2.2.0) multi_json mustermann (~> 1.0) - rack-protection (= 2.0.0) - sinatra (= 2.0.0) - tilt (>= 1.3, < 3) + rack-protection (= 2.2.0) + sinatra (= 2.2.0) + tilt (~> 2.0) sinatra-flash (0.3.0) sinatra (>= 1.0.0) slim (3.0.8) @@ -112,10 +111,9 @@ GEM tilt (>= 1.3.3, < 2.1) sqlite3 (1.3.13) temple (0.8.0) - thread_safe (0.3.6) - tilt (2.0.8) - tzinfo (1.2.3) - thread_safe (~> 0.1) + tilt (2.0.10) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) tzinfo-data (1.2017.2) tzinfo (>= 1.0.0) validate_url (1.0.2) @@ -143,9 +141,9 @@ DEPENDENCIES rake rerun rspec - sinatra + sinatra (>= 2.2.0) sinatra-activerecord - sinatra-contrib + sinatra-contrib (>= 2.2.0) sinatra-flash slim sqlite3 @@ -153,4 +151,4 @@ DEPENDENCIES validate_url BUNDLED WITH - 1.15.3 + 1.17.3