From 6f4e1f02bd3ced3f916a9492c02766661d8f0615 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 23 Jun 2020 03:51:28 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-572377
---
 Gemfile      |  10 ++---
 Gemfile.lock | 111 +++++++++++++++++++++++++++------------------------
 2 files changed, 63 insertions(+), 58 deletions(-)

diff --git a/Gemfile b/Gemfile
index d423050..3e5860e 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,12 +1,12 @@
 source 'https://rubygems.org'
 
 gem 'activerecord'
-gem 'sinatra'
+gem 'sinatra', '>= 2.0.0'
 gem 'sqlite3'
 
-gem 'sinatra-activerecord'
-gem 'sinatra-contrib', require: false
-gem 'sinatra-flash'
+gem 'sinatra-activerecord', '>= 2.0.13'
+gem 'sinatra-contrib', '>= 2.0.0', require: false
+gem 'sinatra-flash', '>= 0.3.0'
 gem 'validate_url'
 
 gem 'slim'
@@ -20,7 +20,7 @@ gem 'tzinfo-data'
 
 group :development do
   gem 'rspec'
-  gem 'poltergeist'
+  gem 'poltergeist', '>= 1.16.0'
   gem 'factory_girl'
   gem 'database_cleaner'
   gem 'launchy'
diff --git a/Gemfile.lock b/Gemfile.lock
index 4e535d1..292544b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,20 +1,20 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (5.1.4)
-      activesupport (= 5.1.4)
-    activerecord (5.1.4)
-      activemodel (= 5.1.4)
-      activesupport (= 5.1.4)
-      arel (~> 8.0)
-    activesupport (5.1.4)
+    activemodel (5.2.4.3)
+      activesupport (= 5.2.4.3)
+    activerecord (5.2.4.3)
+      activemodel (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
+      arel (>= 9.0)
+    activesupport (5.2.4.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
-    arel (8.0.0)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    arel (9.0.0)
     aws-sdk (2.10.53)
       aws-sdk-resources (= 2.10.53)
     aws-sdk-core (2.10.53)
@@ -23,25 +23,27 @@ GEM
     aws-sdk-resources (2.10.53)
       aws-sdk-core (= 2.10.53)
     aws-sigv4 (1.0.2)
-    backports (3.8.0)
+    backports (3.18.1)
     bigdecimal (1.3.2)
-    capybara (2.15.1)
+    capybara (3.32.2)
       addressable
       mini_mime (>= 0.1.3)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (~> 2.0)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (~> 1.5)
+      xpath (~> 3.2)
     cliver (0.3.2)
     coderay (1.1.2)
-    concurrent-ruby (1.0.5)
+    concurrent-ruby (1.1.6)
     database_cleaner (1.6.1)
     diff-lcs (1.3)
     dotenv (2.2.1)
     factory_girl (4.8.0)
       activesupport (>= 3.0.0)
     ffi (1.9.18)
-    i18n (0.8.6)
+    i18n (1.8.3)
+      concurrent-ruby (~> 1.0)
     jmespath (1.3.1)
     launchy (2.4.3)
       addressable (~> 2.3)
@@ -50,30 +52,32 @@ GEM
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
     method_source (0.9.0)
-    mini_mime (0.1.4)
-    mini_portile2 (2.3.0)
-    minitest (5.10.3)
-    multi_json (1.12.2)
-    mustermann (1.0.1)
-    nokogiri (1.8.1)
-      mini_portile2 (~> 2.3.0)
-    poltergeist (1.16.0)
-      capybara (~> 2.1)
+    mini_mime (1.0.2)
+    mini_portile2 (2.4.0)
+    minitest (5.14.1)
+    multi_json (1.14.1)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    nokogiri (1.10.9)
+      mini_portile2 (~> 2.4.0)
+    poltergeist (1.18.1)
+      capybara (>= 2.1, < 4)
       cliver (~> 0.3.1)
       websocket-driver (>= 0.2.0)
     pry (0.11.1)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    public_suffix (3.0.0)
-    rack (2.0.3)
-    rack-protection (2.0.0)
+    public_suffix (4.0.5)
+    rack (2.2.3)
+    rack-protection (2.0.8.1)
       rack
-    rack-test (0.7.0)
+    rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rake (12.1.0)
     rb-fsevent (0.10.2)
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
+    regexp_parser (1.7.1)
     rerun (0.11.0)
       listen (~> 3.0)
     rspec (3.6.0)
@@ -89,22 +93,23 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.6.0)
     rspec-support (3.6.0)
+    ruby2_keywords (0.0.2)
     ruby_dep (1.5.0)
-    sinatra (2.0.0)
+    sinatra (2.0.8.1)
       mustermann (~> 1.0)
       rack (~> 2.0)
-      rack-protection (= 2.0.0)
+      rack-protection (= 2.0.8.1)
       tilt (~> 2.0)
-    sinatra-activerecord (2.0.13)
-      activerecord (>= 3.2)
+    sinatra-activerecord (2.0.18)
+      activerecord (>= 4.1)
       sinatra (>= 1.0)
-    sinatra-contrib (2.0.0)
-      backports (>= 2.0)
+    sinatra-contrib (2.0.8.1)
+      backports (>= 2.8.2)
       multi_json
       mustermann (~> 1.0)
-      rack-protection (= 2.0.0)
-      sinatra (= 2.0.0)
-      tilt (>= 1.3, < 3)
+      rack-protection (= 2.0.8.1)
+      sinatra (= 2.0.8.1)
+      tilt (~> 2.0)
     sinatra-flash (0.3.0)
       sinatra (>= 1.0.0)
     slim (3.0.8)
@@ -113,19 +118,19 @@ GEM
     sqlite3 (1.3.13)
     temple (0.8.0)
     thread_safe (0.3.6)
-    tilt (2.0.8)
-    tzinfo (1.2.3)
+    tilt (2.0.10)
+    tzinfo (1.2.7)
       thread_safe (~> 0.1)
     tzinfo-data (1.2017.2)
       tzinfo (>= 1.0.0)
     validate_url (1.0.2)
       activemodel (>= 3.0.0)
       addressable
-    websocket-driver (0.7.0)
+    websocket-driver (0.7.2)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.2)
-    xpath (2.1.0)
-      nokogiri (~> 1.3)
+    websocket-extensions (0.1.5)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
 
 PLATFORMS
   ruby
@@ -138,19 +143,19 @@ DEPENDENCIES
   dotenv
   factory_girl
   launchy
-  poltergeist
+  poltergeist (>= 1.16.0)
   pry
   rake
   rerun
   rspec
-  sinatra
-  sinatra-activerecord
-  sinatra-contrib
-  sinatra-flash
+  sinatra (>= 2.0.0)
+  sinatra-activerecord (>= 2.0.13)
+  sinatra-contrib (>= 2.0.0)
+  sinatra-flash (>= 0.3.0)
   slim
   sqlite3
   tzinfo-data
   validate_url
 
 BUNDLED WITH
-   1.15.3
+   1.17.3
-- 
2.45.2