From 36c350ed5082d6d50173bcb4b99c17606898ddfc Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 9 Oct 2025 05:42:12 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-13378928 - https://snyk.io/vuln/SNYK-RUBY-RACK-13378930 - https://snyk.io/vuln/SNYK-RUBY-RACK-13378932 --- Gemfile | 2 +- Gemfile.lock | 205 ++++++++++++++++++++++++++------------------------- 2 files changed, 106 insertions(+), 101 deletions(-) diff --git a/Gemfile b/Gemfile index b19b738..a9e86bd 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -gem 'middleman' +gem 'middleman', '>= 4.1.11' gem 'httparty' gem 'psych' gem 'colorize' diff --git a/Gemfile.lock b/Gemfile.lock index cb81bd2..2c584f2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -9,117 +9,122 @@ GIT GEM remote: https://rubygems.org/ specs: - activesupport (4.1.14) - i18n (~> 0.6, >= 0.6.9) - json (~> 1.7, >= 1.7.7) - minitest (~> 5.1) - thread_safe (~> 0.1) - tzinfo (~> 1.1) - celluloid (0.16.0) - timers (~> 4.0.0) - chunky_png (1.3.5) + activesupport (7.2.2.2) + base64 + benchmark (>= 0.3) + bigdecimal + concurrent-ruby (~> 1.0, >= 1.3.1) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + logger (>= 1.4.2) + minitest (>= 5.1) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) + base64 (0.3.0) + benchmark (0.4.1) + bigdecimal (3.3.0) coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.10.0) + coffee-script-source (1.12.2) colorize (0.8.1) - compass (1.0.3) - chunky_png (~> 1.2) - compass-core (~> 1.0.2) - compass-import-once (~> 1.0.5) - rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) - sass (>= 3.3.13, < 3.5) - compass-core (1.0.3) - multi_json (~> 1.0) - sass (>= 3.3.0, < 3.5) - compass-import-once (1.0.5) - sass (>= 3.2, < 3.5) - erubis (2.7.0) - execjs (2.6.0) - ffi (1.9.25) - haml (4.0.7) + concurrent-ruby (1.3.5) + connection_pool (2.5.4) + contracts (0.17.2) + dotenv (3.1.8) + drb (2.2.3) + erubi (1.13.1) + execjs (2.10.0) + fast_blank (1.0.1) + fastimage (2.4.0) + ffi (1.17.2) + haml (6.3.0) + temple (>= 0.8.2) + thor tilt - hike (1.2.3) - hitimes (1.2.3) - hooks (0.4.1) - uber (~> 0.0.14) + hamster (3.0.0) + concurrent-ruby (~> 1.0) + hashie (5.0.0) httparty (0.16.0) multi_xml (>= 0.5.2) - i18n (0.7.0) - json (1.8.6) - kramdown (1.9.0) - listen (2.10.1) - celluloid (~> 0.16.0) - rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) - middleman (3.3.12) + i18n (1.14.7) + concurrent-ruby (~> 1.0) + kramdown (2.5.1) + rexml (>= 3.3.9) + listen (3.9.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + logger (1.7.0) + memoist (0.16.2) + middleman (4.6.2) + middleman-cli (= 4.6.2) + middleman-core (= 4.6.2) + middleman-cli (4.6.2) + thor (>= 0.17.0, < 2) + middleman-core (4.6.2) + activesupport (>= 6.1) + addressable (~> 2.4) + bundler (~> 2.0) coffee-script (~> 2.2) - compass (>= 1.0.0, < 2.0.0) - compass-import-once (= 1.0.5) + contracts + dotenv + erubi execjs (~> 2.0) + fast_blank + fastimage (~> 2.0) haml (>= 4.0.5) - kramdown (~> 1.2) - middleman-core (= 3.3.12) - middleman-sprockets (>= 3.1.2) - sass (>= 3.4.0, < 4.0) - uglifier (~> 2.5) - middleman-core (3.3.12) - activesupport (~> 4.1.0) - bundler (~> 1.1) - erubis - hooks (~> 0.3) - i18n (~> 0.7.0) - listen (>= 2.7.9, < 3.0) - padrino-helpers (~> 0.12.3) - rack (>= 1.4.5, < 2.0) - rack-test (~> 0.6.2) - thor (>= 0.15.2, < 2.0) - tilt (~> 1.4.1, < 2.0) - middleman-sprockets (3.4.2) - middleman-core (>= 3.3) - sprockets (~> 2.12.1) - sprockets-helpers (~> 1.1.0) - sprockets-sass (~> 1.3.0) - minitest (5.8.3) - multi_json (1.13.1) + hamster (~> 3.0) + hashie (>= 3.4, < 6.0) + i18n (>= 1.6, < 1.15) + kramdown (~> 2.4) + listen (~> 3.0) + memoist (~> 0.14) + padrino-helpers (~> 0.15.0) + parallel + rack (>= 3) + rackup + sassc (~> 2.0) + servolux + tilt (~> 2.2) + toml + uglifier (>= 3, < 5) + webrick + minitest (5.26.0) multi_xml (0.6.0) - padrino-helpers (0.12.5) - i18n (~> 0.6, >= 0.6.7) - padrino-support (= 0.12.5) - tilt (~> 1.4.1) - padrino-support (0.12.5) - activesupport (>= 3.1) + padrino-helpers (0.15.3) + i18n (>= 0.6.7, < 2) + padrino-support (= 0.15.3) + tilt (>= 1.4.1, < 3) + padrino-support (0.15.3) + parallel (1.27.0) + parslet (2.0.0) psych (3.0.2) - rack (1.6.10) - rack-test (0.6.3) - rack (>= 1.0) + public_suffix (6.0.2) + rack (3.2.2) + rackup (2.2.1) + rack (>= 3) rake (12.3.1) - rb-fsevent (0.9.6) - rb-inotify (0.9.5) - ffi (>= 0.5.0) - sass (3.4.20) - sprockets (2.12.5) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-helpers (1.1.0) - sprockets (~> 2.0) - sprockets-sass (1.3.1) - sprockets (~> 2.0) - tilt (~> 1.1) - thor (0.19.1) - thread_safe (0.3.5) - tilt (1.4.1) - timers (4.0.4) - hitimes - tzinfo (1.2.2) - thread_safe (~> 0.1) - uber (0.0.15) - uglifier (2.7.2) - execjs (>= 0.3.0) - json (>= 1.8.0) + rb-fsevent (0.11.2) + rb-inotify (0.11.1) + ffi (~> 1.0) + rexml (3.4.4) + sassc (2.4.0) + ffi (~> 1.9) + securerandom (0.4.1) + servolux (0.13.0) + temple (0.10.4) + thor (1.4.0) + tilt (2.6.1) + toml (0.3.0) + parslet (>= 1.8.0, < 3.0.0) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + uglifier (4.2.1) + execjs (>= 0.3.0, < 3) + webrick (1.9.1) PLATFORMS ruby @@ -127,9 +132,9 @@ PLATFORMS DEPENDENCIES colorize httparty - middleman + middleman (>= 4.1.11) middleman-gh-pages! psych BUNDLED WITH - 1.16.2 + 2.3.27