From cdc0a5c4e14b548907bdb8596e97c717be59c31c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 6 Mar 2025 04:55:46 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-2848599 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 - https://snyk.io/vuln/SNYK-RUBY-RACK-2848600 - https://snyk.io/vuln/SNYK-RUBY-RACK-569066 - https://snyk.io/vuln/SNYK-RUBY-RACK-572377 - https://snyk.io/vuln/SNYK-RUBY-RACK-72567 - https://snyk.io/vuln/SNYK-RUBY-HAML-20341 - https://snyk.io/vuln/SNYK-RUBY-RACK-20230 - https://snyk.io/vuln/SNYK-RUBY-RACK-20399 - https://snyk.io/vuln/SNYK-RUBY-RACK-20400 - https://snyk.io/vuln/SNYK-RUBY-RACK-538324 - https://snyk.io/vuln/SNYK-RUBY-HAML-20362 --- Gemfile | 2 +- Gemfile.lock | 189 +++++++++++++++++++++++++++++++-------------------- 2 files changed, 115 insertions(+), 76 deletions(-) diff --git a/Gemfile b/Gemfile index 82f9ff8..2e662a0 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ # the following line to use "https" source 'http://rubygems.org' -gem "middleman", "~>3.1.3" +gem "middleman", "~> 4.6.0" # Live-reloading plugin gem "middleman-livereload", "~> 3.1.0" diff --git a/Gemfile.lock b/Gemfile.lock index e9d385c..5768a31 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,56 +1,92 @@ GEM remote: http://rubygems.org/ specs: - activesupport (3.2.14) - i18n (~> 0.6, >= 0.6.4) - multi_json (~> 1.0) - chunky_png (1.2.8) - coffee-script (2.2.0) + activesupport (7.1.5.1) + base64 + benchmark (>= 0.3) + bigdecimal + concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + logger (>= 1.4.2) + minitest (>= 5.1) + mutex_m + securerandom (>= 0.3) + tzinfo (~> 2.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) + base64 (0.2.0) + benchmark (0.4.0) + bigdecimal (3.1.9) + coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.6.3) - compass (0.12.2) - chunky_png (~> 1.2) - fssm (>= 0.2.7) - sass (~> 3.1) + coffee-script-source (1.12.2) + concurrent-ruby (1.3.5) + connection_pool (2.5.0) + contracts (0.16.1) + dotenv (2.8.1) + drb (2.2.1) em-websocket (0.5.0) eventmachine (>= 0.12.9) http_parser.rb (~> 0.5.3) + erubi (1.13.1) eventmachine (1.0.3) - execjs (1.4.0) - multi_json (~> 1.0) - ffi (1.9.0) - fssm (0.2.10) - haml (4.0.3) + execjs (2.10.0) + fast_blank (1.0.1) + fastimage (2.4.0) + ffi (1.17.1) + haml (6.3.0) + temple (>= 0.8.2) + thor tilt - hike (1.2.3) + hamster (3.0.0) + concurrent-ruby (~> 1.0) + hashie (5.0.0) http_parser.rb (0.5.3) - i18n (0.6.5) - kramdown (1.1.0) - listen (1.2.3) - rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) - rb-kqueue (>= 0.2) - middleman (3.1.5) - coffee-script (~> 2.2.0) - compass (>= 0.12.2) - execjs (~> 1.4.0) - haml (>= 3.1.6) - kramdown (~> 1.1.0) - middleman-core (= 3.1.5) - middleman-more (= 3.1.5) - middleman-sprockets (>= 3.1.2) - sass (>= 3.1.20) - uglifier (~> 2.1.0) - middleman-core (3.1.5) - activesupport (~> 3.2.6) - bundler (~> 1.1) - i18n (~> 0.6.1) - listen (~> 1.2.2) - rack (>= 1.4.5) - rack-test (~> 0.6.1) - thor (>= 0.15.2, < 2.0) - tilt (~> 1.3.6) + i18n (1.14.7) + concurrent-ruby (~> 1.0) + kramdown (2.5.1) + rexml (>= 3.3.9) + listen (3.9.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + logger (1.6.6) + memoist (0.16.2) + middleman (4.6.0) + middleman-cli (= 4.6.0) + middleman-core (= 4.6.0) + middleman-cli (4.6.0) + thor (>= 0.17.0, < 1.3.0) + middleman-core (4.6.0) + activesupport (>= 6.1) + addressable (~> 2.4) + bundler (~> 2.0) + coffee-script (~> 2.2) + contracts + dotenv + erubi + execjs (~> 2.0) + fast_blank + fastimage (~> 2.0) + haml (>= 4.0.5) + hamster (~> 3.0) + hashie (>= 3.4, < 6.0) + i18n (>= 1.6, < 1.15) + kramdown (~> 2.4) + listen (~> 3.0) + memoist (~> 0.14) + padrino-helpers (~> 0.15.0) + parallel + rack (>= 3) + rackup + sassc (~> 2.0) + servolux + tilt (~> 2.2) + toml + uglifier (>= 3, < 5) + webrick middleman-deploy (0.1.2) middleman-core (>= 3.0.0) net-sftp @@ -60,49 +96,52 @@ GEM middleman-core (>= 3.0.2) multi_json (~> 1.0) rack-livereload - middleman-more (3.1.5) - middleman-sprockets (3.1.4) - middleman-core (>= 3.0.14) - middleman-more (>= 3.0.14) - sprockets (~> 2.1) - sprockets-helpers (~> 1.0.0) - sprockets-sass (~> 1.0.0) - multi_json (1.8.0) + minitest (5.25.4) + multi_json (1.15.0) + mutex_m (0.3.0) net-sftp (2.1.2) net-ssh (>= 2.6.5) net-ssh (2.6.8) + padrino-helpers (0.15.3) + i18n (>= 0.6.7, < 2) + padrino-support (= 0.15.3) + tilt (>= 1.4.1, < 3) + padrino-support (0.15.3) + parallel (1.26.3) + parslet (2.0.0) ptools (1.2.2) - rack (1.5.2) + public_suffix (5.1.1) + rack (3.1.11) rack-livereload (0.3.15) rack - rack-test (0.6.2) - rack (>= 1.0) - rb-fsevent (0.9.3) - rb-inotify (0.9.1) - ffi (>= 0.5.0) - rb-kqueue (0.2.0) - ffi (>= 0.5.0) - sass (3.2.10) - sprockets (2.10.0) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-helpers (1.0.1) - sprockets (~> 2.0) - sprockets-sass (1.0.1) - sprockets (~> 2.0) - tilt (~> 1.1) - thor (0.18.1) - tilt (1.3.7) - uglifier (2.1.2) - execjs (>= 0.3.0) - multi_json (~> 1.0, >= 1.0.2) + rackup (2.2.1) + rack (>= 3) + rb-fsevent (0.11.2) + rb-inotify (0.11.1) + ffi (~> 1.0) + rexml (3.4.1) + sassc (2.4.0) + ffi (~> 1.9) + securerandom (0.3.2) + servolux (0.13.0) + temple (0.10.3) + thor (1.2.2) + tilt (2.6.0) + toml (0.3.0) + parslet (>= 1.8.0, < 3.0.0) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + uglifier (4.2.1) + execjs (>= 0.3.0, < 3) + webrick (1.9.1) PLATFORMS ruby DEPENDENCIES - middleman (~> 3.1.3) + middleman (~> 4.6.0) middleman-deploy (~> 0.1.2) middleman-livereload (~> 3.1.0) + +BUNDLED WITH + 2.1.4