From ffb3efd0b998caa2b68f5fa0487057aa82cd1143 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 12 Jun 2018 06:05:45 +0000
Subject: [PATCH] fix: Gemfile.lock & Gemfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014
- https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-22019
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-22017
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-22027
---
 Gemfile      | 10 +++---
 Gemfile.lock | 88 +++++++++++++++++++++++++++-------------------------
 2 files changed, 50 insertions(+), 48 deletions(-)

diff --git a/Gemfile b/Gemfile
index d423050..19389e9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,12 +1,12 @@
 source 'https://rubygems.org'
 
 gem 'activerecord'
-gem 'sinatra'
+gem 'sinatra', '>= 2.0.2'
 gem 'sqlite3'
 
-gem 'sinatra-activerecord'
-gem 'sinatra-contrib', require: false
-gem 'sinatra-flash'
+gem 'sinatra-activerecord', '>= 2.0.13'
+gem 'sinatra-contrib', '>= 2.0.2', require: false
+gem 'sinatra-flash', '>= 0.3.0'
 gem 'validate_url'
 
 gem 'slim'
@@ -20,7 +20,7 @@ gem 'tzinfo-data'
 
 group :development do
   gem 'rspec'
-  gem 'poltergeist'
+  gem 'poltergeist', '>= 1.16.0'
   gem 'factory_girl'
   gem 'database_cleaner'
   gem 'launchy'
diff --git a/Gemfile.lock b/Gemfile.lock
index 4e535d1..65d21bb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,20 +1,20 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (5.1.4)
-      activesupport (= 5.1.4)
-    activerecord (5.1.4)
-      activemodel (= 5.1.4)
-      activesupport (= 5.1.4)
-      arel (~> 8.0)
-    activesupport (5.1.4)
+    activemodel (5.2.0)
+      activesupport (= 5.2.0)
+    activerecord (5.2.0)
+      activemodel (= 5.2.0)
+      activesupport (= 5.2.0)
+      arel (>= 9.0)
+    activesupport (5.2.0)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
     addressable (2.5.2)
       public_suffix (>= 2.0.2, < 4.0)
-    arel (8.0.0)
+    arel (9.0.0)
     aws-sdk (2.10.53)
       aws-sdk-resources (= 2.10.53)
     aws-sdk-core (2.10.53)
@@ -23,15 +23,15 @@ GEM
     aws-sdk-resources (2.10.53)
       aws-sdk-core (= 2.10.53)
     aws-sigv4 (1.0.2)
-    backports (3.8.0)
+    backports (3.11.3)
     bigdecimal (1.3.2)
-    capybara (2.15.1)
+    capybara (3.2.1)
       addressable
       mini_mime (>= 0.1.3)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (~> 2.0)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      xpath (~> 3.1)
     cliver (0.3.2)
     coderay (1.1.2)
     concurrent-ruby (1.0.5)
@@ -41,7 +41,8 @@ GEM
     factory_girl (4.8.0)
       activesupport (>= 3.0.0)
     ffi (1.9.18)
-    i18n (0.8.6)
+    i18n (1.0.1)
+      concurrent-ruby (~> 1.0)
     jmespath (1.3.1)
     launchy (2.4.3)
       addressable (~> 2.3)
@@ -50,25 +51,25 @@ GEM
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
     method_source (0.9.0)
-    mini_mime (0.1.4)
+    mini_mime (1.0.0)
     mini_portile2 (2.3.0)
-    minitest (5.10.3)
-    multi_json (1.12.2)
-    mustermann (1.0.1)
-    nokogiri (1.8.1)
+    minitest (5.11.3)
+    multi_json (1.13.1)
+    mustermann (1.0.2)
+    nokogiri (1.8.2)
       mini_portile2 (~> 2.3.0)
-    poltergeist (1.16.0)
-      capybara (~> 2.1)
+    poltergeist (1.18.1)
+      capybara (>= 2.1, < 4)
       cliver (~> 0.3.1)
       websocket-driver (>= 0.2.0)
     pry (0.11.1)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    public_suffix (3.0.0)
-    rack (2.0.3)
-    rack-protection (2.0.0)
+    public_suffix (3.0.2)
+    rack (2.0.5)
+    rack-protection (2.0.3)
       rack
-    rack-test (0.7.0)
+    rack-test (1.0.0)
       rack (>= 1.0, < 3)
     rake (12.1.0)
     rb-fsevent (0.10.2)
@@ -90,20 +91,21 @@ GEM
       rspec-support (~> 3.6.0)
     rspec-support (3.6.0)
     ruby_dep (1.5.0)
-    sinatra (2.0.0)
+    sinatra (2.0.3)
       mustermann (~> 1.0)
       rack (~> 2.0)
-      rack-protection (= 2.0.0)
+      rack-protection (= 2.0.3)
       tilt (~> 2.0)
     sinatra-activerecord (2.0.13)
       activerecord (>= 3.2)
       sinatra (>= 1.0)
-    sinatra-contrib (2.0.0)
-      backports (>= 2.0)
+    sinatra-contrib (2.0.3)
+      activesupport (>= 4.0.0)
+      backports (>= 2.8.2)
       multi_json
       mustermann (~> 1.0)
-      rack-protection (= 2.0.0)
-      sinatra (= 2.0.0)
+      rack-protection (= 2.0.3)
+      sinatra (= 2.0.3)
       tilt (>= 1.3, < 3)
     sinatra-flash (0.3.0)
       sinatra (>= 1.0.0)
@@ -114,7 +116,7 @@ GEM
     temple (0.8.0)
     thread_safe (0.3.6)
     tilt (2.0.8)
-    tzinfo (1.2.3)
+    tzinfo (1.2.5)
       thread_safe (~> 0.1)
     tzinfo-data (1.2017.2)
       tzinfo (>= 1.0.0)
@@ -123,9 +125,9 @@ GEM
       addressable
     websocket-driver (0.7.0)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.2)
-    xpath (2.1.0)
-      nokogiri (~> 1.3)
+    websocket-extensions (0.1.3)
+    xpath (3.1.0)
+      nokogiri (~> 1.8)
 
 PLATFORMS
   ruby
@@ -138,19 +140,19 @@ DEPENDENCIES
   dotenv
   factory_girl
   launchy
-  poltergeist
+  poltergeist (>= 1.16.0)
   pry
   rake
   rerun
   rspec
-  sinatra
-  sinatra-activerecord
-  sinatra-contrib
-  sinatra-flash
+  sinatra (>= 2.0.2)
+  sinatra-activerecord (>= 2.0.13)
+  sinatra-contrib (>= 2.0.2)
+  sinatra-flash (>= 0.3.0)
   slim
   sqlite3
   tzinfo-data
   validate_url
 
 BUNDLED WITH
-   1.15.3
+   1.16.1