From f2546ab68ac090bbb4209840e9e2e3c44c3a62f9 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 20 Oct 2023 05:34:29 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-3237239 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-5851458 - https://snyk.io/vuln/SNYK-RUBY-PUMA-5846204 - https://snyk.io/vuln/SNYK-RUBY-RACK-1061917 - https://snyk.io/vuln/SNYK-RUBY-RACK-3237233 - https://snyk.io/vuln/SNYK-RUBY-RACK-3237237 - https://snyk.io/vuln/SNYK-RUBY-RACK-3237240 - https://snyk.io/vuln/SNYK-RUBY-RACK-3356639 - https://snyk.io/vuln/SNYK-RUBY-RACK-3360233 - https://snyk.io/vuln/SNYK-RUBY-SINATRA-3150405 - https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048 --- Gemfile | 12 +++--- Gemfile.lock | 101 +++++++++++++++++++++++++-------------------------- 2 files changed, 56 insertions(+), 57 deletions(-) diff --git a/Gemfile b/Gemfile index 4f3b3e8..1c34b51 100644 --- a/Gemfile +++ b/Gemfile @@ -1,17 +1,17 @@ source 'https://rubygems.org' -gem 'smashing' +gem 'smashing', '>= 1.3.6' gem 'rake', '~> 12.3.3' -gem 'sinatra' -gem 'sinatra-activerecord', '~> 2.0', '>= 2.0.11' -gem 'activerecord', '~> 5.2.8' +gem 'sinatra', '>= 2.2.3' +gem 'sinatra-activerecord', '~> 2.0', '>= 2.0.26' +gem 'activerecord', '~> 6.1.7', '>= 6.1.7.5' gem 'mysql2', '~> 0.5.4' gem 'pg' gem 'json-compare' -gem 'rails-erd' +gem 'rails-erd', '>= 1.7.2' gem 'ruby-graphviz' -gem 'puma' +gem 'puma', '>= 5.6.7' gem 'sinatra-twitter-bootstrap', :require => 'sinatra/twitter-bootstrap' group :development do diff --git a/Gemfile.lock b/Gemfile.lock index 75db161..4f20442 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,18 +1,17 @@ GEM remote: https://rubygems.org/ specs: - activemodel (5.2.8.1) - activesupport (= 5.2.8.1) - activerecord (5.2.8.1) - activemodel (= 5.2.8.1) - activesupport (= 5.2.8.1) - arel (>= 9.0) - activesupport (5.2.8.1) + activemodel (6.1.7.6) + activesupport (= 6.1.7.6) + activerecord (6.1.7.6) + activemodel (= 6.1.7.6) + activesupport (= 6.1.7.6) + activesupport (6.1.7.6) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - arel (9.0.0) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) awesome_print (1.9.2) bond (0.5.1) choice (0.2.0) @@ -21,45 +20,45 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.2) daemons (1.4.1) et-orbi (1.2.7) tzinfo eventmachine (1.2.7) - execjs (2.8.1) - ffi (1.15.5) - fugit (1.5.3) + execjs (2.9.1) + ffi (1.16.3) + fugit (1.8.1) et-orbi (~> 1, >= 1.2.7) raabro (~> 1.4) - i18n (1.11.0) + i18n (1.14.1) concurrent-ruby (~> 1.0) json-compare (0.1.8) method_source (1.0.0) - minitest (5.16.2) + minitest (5.20.0) multi_json (1.15.0) - mustermann (1.1.1) + mustermann (2.0.2) ruby2_keywords (~> 0.0.1) mysql2 (0.5.4) - nio4r (2.5.8) + nio4r (2.5.9) pg (1.4.1) pry (0.14.1) coderay (~> 1.1) method_source (~> 1.0) - puma (5.6.4) + puma (6.4.0) nio4r (~> 2.0) raabro (1.4.0) - rack (2.2.4) - rack-protection (2.2.0) + rack (2.2.8) + rack-protection (2.2.4) rack rack-test (0.6.3) rack (>= 1.0) - rails-erd (1.7.1) + rails-erd (1.7.2) activerecord (>= 4.2) activesupport (>= 4.2) choice (~> 0.2.0) ruby-graphviz (~> 1.2) rake (12.3.3) - rexml (3.2.5) + rexml (3.2.6) ripl (0.7.1) bond (~> 0.5.1) ripl-multi_line (0.3.1) @@ -71,78 +70,78 @@ GEM ruby-graphviz (1.2.5) rexml ruby2_keywords (0.0.5) - rufus-scheduler (3.8.2) + rufus-scheduler (3.9.1) fugit (~> 1.1, >= 1.1.6) sassc (2.4.0) ffi (~> 1.9) shotgun (0.9.2) rack (>= 1.0) - sinatra (2.2.0) - mustermann (~> 1.0) + sinatra (2.2.4) + mustermann (~> 2.0) rack (~> 2.2) - rack-protection (= 2.2.0) + rack-protection (= 2.2.4) tilt (~> 2.0) - sinatra-activerecord (2.0.25) + sinatra-activerecord (2.0.26) activerecord (>= 4.1) sinatra (>= 1.0) - sinatra-contrib (2.2.0) + sinatra-contrib (2.2.4) multi_json - mustermann (~> 1.0) - rack-protection (= 2.2.0) - sinatra (= 2.2.0) + mustermann (~> 2.0) + rack-protection (= 2.2.4) + sinatra (= 2.2.4) tilt (~> 2.0) sinatra-twitter-bootstrap (2.3.4) - smashing (1.3.5) + smashing (1.3.6) coffee-script (~> 2.4) execjs (~> 2.7) - rack (~> 2.2) + rack (>= 2.2, < 4.0) rufus-scheduler (~> 3.6) sassc (~> 2.0) - sinatra (~> 2.0) + sinatra (~> 2.2) sinatra-contrib (~> 2.0) sprockets (~> 4.0) thin (~> 1.7) thor (~> 1.0) - sprockets (4.1.1) + sprockets (4.2.1) concurrent-ruby (~> 1.0) - rack (> 1, < 3) + rack (>= 2.2.4, < 4) sqlite3 (1.4.4) - thin (1.8.1) + thin (1.8.2) daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) - thor (1.2.1) - thread_safe (0.3.6) - tilt (2.0.10) + thor (1.3.0) + tilt (2.3.0) tux (0.3.0) ripl (>= 0.3.5) ripl-multi_line (>= 0.2.4) ripl-rack (>= 0.2.0) sinatra (>= 1.2.1) - tzinfo (1.2.9) - thread_safe (~> 0.1) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + zeitwerk (2.6.12) PLATFORMS ruby DEPENDENCIES - activerecord (~> 5.2.8) + activerecord (~> 6.1.7, >= 6.1.7.5) awesome_print json-compare mysql2 (~> 0.5.4) pg pry - puma - rails-erd + puma (>= 5.6.7) + rails-erd (>= 1.7.2) rake (~> 12.3.3) ruby-graphviz shotgun - sinatra - sinatra-activerecord (~> 2.0, >= 2.0.11) + sinatra (>= 2.2.3) + sinatra-activerecord (~> 2.0, >= 2.0.26) sinatra-twitter-bootstrap - smashing + smashing (>= 1.3.6) sqlite3 tux BUNDLED WITH - 2.0.1 + 2.1.4