From 48f1d462cdd530c62515b9193a8a209ac268861a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 29 Nov 2022 16:59:19 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-SINATRA-3150405 --- Gemfile | 2 +- Gemfile.lock | 21 ++++++++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/Gemfile b/Gemfile index 45e78137..5cb02eb6 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ gem 'rake' gem 'ffi', '1.0.9' gem 'sequel', '>= 4.42' gem 'pg', '>= 0.18' -gem 'sinatra', '1.2.6' +gem 'sinatra', '2.2.3' gem 'pony', '1.3' gem 'warden', '1.0.6' gem 'deep_merge', '1.1.1' diff --git a/Gemfile.lock b/Gemfile.lock index e4ca73ee..3307851e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,11 +12,15 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) mocha (0.9.12) + mustermann (2.0.2) + ruby2_keywords (~> 0.0.1) net-http-digest_auth (1.4) pg (0.19.0) pony (1.3) mail (> 2.0) - rack (1.6.5) + rack (2.2.4) + rack-protection (2.2.3) + rack rack-test (0.5.7) rack (>= 1.0) raindrops (0.17.0) @@ -25,19 +29,22 @@ GEM rr term-ansicolor rr (1.2.0) + ruby2_keywords (0.0.5) sequel (4.42.1) shotgun (0.9.2) rack (>= 1.0) - sinatra (1.2.6) - rack (~> 1.1) - tilt (>= 1.2.2, < 2.0) + sinatra (2.2.3) + mustermann (~> 2.0) + rack (~> 2.2) + rack-protection (= 2.2.3) + tilt (~> 2.0) term-ansicolor (1.4.0) tins (~> 1.0) thin (1.7.0) daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) - tilt (1.4.1) + tilt (2.0.11) tins (1.13.0) unicorn (5.2.0) kgio (~> 2.6) @@ -61,11 +68,11 @@ DEPENDENCIES riot (= 0.12.1) sequel (>= 4.42) shotgun - sinatra (= 1.2.6) + sinatra (= 2.2.3) thin unicorn warden (= 1.0.6) yui-compressor (= 0.9.3) BUNDLED WITH - 1.13.6 + 1.17.3