From ef8e2f3f1bfbd964b3af34954fe1ced866e04532 Mon Sep 17 00:00:00 2001
From: Jerome Lacoste <jerome.lacoste@gmail.com>
Date: Fri, 15 Dec 2023 14:48:15 +0100
Subject: [PATCH] [security] update `sinatra` dev dependency to resolve
 dependabot alert (#21709)

* Sync Gemfile.lock with Gemfile

* Update rack to >= 2.2.6.3 (dependenbot)

* Update sinatra to >= 2.2.3 (dependenbot)

* Restrict to a non major sinatra upgrade for now
---
 Gemfile.lock     | 22 +++++++++++-----------
 fastlane.gemspec |  2 +-
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index e5b8417efc4..5f2216dbdcb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -28,7 +28,7 @@ PATH
       mini_magick (>= 4.9.4, < 5.0.0)
       multipart-post (>= 2.0.0, < 3.0.0)
       naturally (~> 2.2)
-      optparse (~> 0.1.1)
+      optparse (>= 0.1.1)
       plist (>= 3.1.0, < 4.0.0)
       rubyzip (>= 2.0.0, < 3.0.0)
       security (= 0.1.3)
@@ -204,7 +204,7 @@ GEM
     mini_mime (1.1.5)
     multi_json (1.15.0)
     multipart-post (2.0.0)
-    mustermann (1.1.1)
+    mustermann (2.0.2)
       ruby2_keywords (~> 0.0.1)
     nanaimo (0.3.0)
     nap (1.1.0)
@@ -237,8 +237,8 @@ GEM
       pry (~> 0.13)
     public_suffix (5.0.4)
     racc (1.7.1)
-    rack (2.2.3.1)
-    rack-protection (2.0.8.1)
+    rack (2.2.8)
+    rack-protection (2.2.4)
       rack
     rainbow (3.1.1)
     rake (13.0.3)
@@ -290,7 +290,7 @@ GEM
     rubocop-require_tools (0.1.2)
       rubocop (>= 0.49.1)
     ruby-progressbar (1.13.0)
-    ruby2_keywords (0.0.4)
+    ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
@@ -309,10 +309,10 @@ GEM
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    sinatra (2.0.8.1)
-      mustermann (~> 1.0)
-      rack (~> 2.0)
-      rack-protection (= 2.0.8.1)
+    sinatra (2.2.4)
+      mustermann (~> 2.0)
+      rack (~> 2.2)
+      rack-protection (= 2.2.4)
       tilt (~> 2.0)
     slack-notifier (2.3.2)
     sync (0.5.0)
@@ -322,7 +322,7 @@ GEM
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
     thor (1.1.0)
-    tilt (2.0.10)
+    tilt (2.3.0)
     tins (1.28.0)
       sync
     trailblazer-option (0.1.2)
@@ -389,7 +389,7 @@ DEPENDENCIES
   rubocop (= 1.50.2)
   rubocop-performance
   rubocop-require_tools
-  sinatra (~> 2.0.8)
+  sinatra (>= 2.2.3, < 3.0)
   webmock (~> 3.18)
   xcode-install (>= 2.6.7)
   xcov (~> 1.4.1)
diff --git a/fastlane.gemspec b/fastlane.gemspec
index 6a59913cd93..6da1e65e9e4 100644
--- a/fastlane.gemspec
+++ b/fastlane.gemspec
@@ -125,7 +125,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency('rubocop-performance')
   spec.add_development_dependency('rubocop-require_tools')
   spec.add_development_dependency('rubocop', Fastlane::RUBOCOP_REQUIREMENT)
-  spec.add_development_dependency('sinatra', '~> 2.0.8') # Used for mock servers
+  spec.add_development_dependency('sinatra', ['>= 2.2.3', '< 3.0']) # Used for mock servers
   spec.add_development_dependency('webmock', '~> 3.18')
   spec.add_development_dependency('xcov', '~> 1.4.1') # Used for xcov's parameters generation: https://github.com/fastlane/fastlane/pull/12416
   spec.add_development_dependency('yard', '~> 0.9.11')