From 115867f2177913b4f42e90bdd522439d22452f25 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 15 Mar 2023 11:52:38 -0400 Subject: [PATCH 1/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 82f9ff8..07648dd 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ # the following line to use "https" source 'http://rubygems.org' -gem "middleman", "~>3.1.3" +gem "middleman", "~> 4.4.0" # Live-reloading plugin gem "middleman-livereload", "~> 3.1.0" From c249c9d2c37bfdd08755ca752e6bb9fef06dec1f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 15 Mar 2023 11:52:38 -0400 Subject: [PATCH 2/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028 --- Gemfile.lock | 193 ++++++++++++++++++++++++++++----------------------- 1 file changed, 107 insertions(+), 86 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e9d385c..41cea8b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,108 +1,129 @@ GEM remote: http://rubygems.org/ specs: - activesupport (3.2.14) - i18n (~> 0.6, >= 0.6.4) - multi_json (~> 1.0) - chunky_png (1.2.8) - coffee-script (2.2.0) + activesupport (7.0.4.3) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) + backports (3.24.0) + coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.6.3) - compass (0.12.2) - chunky_png (~> 1.2) - fssm (>= 0.2.7) - sass (~> 3.1) - em-websocket (0.5.0) + coffee-script-source (1.12.2) + concurrent-ruby (1.2.2) + contracts (0.16.1) + dotenv (2.8.1) + em-websocket (0.5.3) eventmachine (>= 0.12.9) - http_parser.rb (~> 0.5.3) - eventmachine (1.0.3) - execjs (1.4.0) - multi_json (~> 1.0) - ffi (1.9.0) - fssm (0.2.10) - haml (4.0.3) + http_parser.rb (~> 0) + erubis (2.7.0) + eventmachine (1.2.7) + execjs (2.8.1) + fast_blank (1.0.1) + fastimage (2.2.6) + ffi (1.15.5) + haml (5.2.2) + temple (>= 0.8.0) tilt - hike (1.2.3) - http_parser.rb (0.5.3) - i18n (0.6.5) - kramdown (1.1.0) - listen (1.2.3) - rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) - rb-kqueue (>= 0.2) - middleman (3.1.5) - coffee-script (~> 2.2.0) - compass (>= 0.12.2) - execjs (~> 1.4.0) - haml (>= 3.1.6) - kramdown (~> 1.1.0) - middleman-core (= 3.1.5) - middleman-more (= 3.1.5) - middleman-sprockets (>= 3.1.2) - sass (>= 3.1.20) - uglifier (~> 2.1.0) - middleman-core (3.1.5) - activesupport (~> 3.2.6) - bundler (~> 1.1) - i18n (~> 0.6.1) - listen (~> 1.2.2) - rack (>= 1.4.5) - rack-test (~> 0.6.1) - thor (>= 0.15.2, < 2.0) - tilt (~> 1.3.6) - middleman-deploy (0.1.2) + hamster (3.0.0) + concurrent-ruby (~> 1.0) + hashie (3.6.0) + http_parser.rb (0.8.0) + i18n (1.6.0) + concurrent-ruby (~> 1.0) + kramdown (2.4.0) + rexml + listen (3.8.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + memoist (0.16.2) + middleman (4.4.3) + coffee-script (~> 2.2) + haml (>= 4.0.5, < 6.0) + kramdown (>= 2.3.0) + middleman-cli (= 4.4.3) + middleman-core (= 4.4.3) + middleman-cli (4.4.3) + thor (>= 0.17.0, < 2.0) + middleman-core (4.4.3) + activesupport (>= 6.1, < 7.1) + addressable (~> 2.4) + backports (~> 3.6) + bundler (~> 2.0) + contracts (~> 0.13) + dotenv + erubis + execjs (~> 2.0) + fast_blank + fastimage (~> 2.0) + hamster (~> 3.0) + hashie (~> 3.4) + i18n (~> 1.6.0) + listen (~> 3.0) + memoist (~> 0.14) + padrino-helpers (~> 0.15.0) + parallel + rack (>= 1.4.5, < 3) + sassc (~> 2.0) + servolux + tilt (~> 2.0.9) + toml + uglifier (~> 3.0) + webrick + middleman-deploy (0.1.4) middleman-core (>= 3.0.0) net-sftp ptools - middleman-livereload (3.1.0) + middleman-livereload (3.1.1) em-websocket (>= 0.2.0) middleman-core (>= 3.0.2) multi_json (~> 1.0) rack-livereload - middleman-more (3.1.5) - middleman-sprockets (3.1.4) - middleman-core (>= 3.0.14) - middleman-more (>= 3.0.14) - sprockets (~> 2.1) - sprockets-helpers (~> 1.0.0) - sprockets-sass (~> 1.0.0) - multi_json (1.8.0) - net-sftp (2.1.2) - net-ssh (>= 2.6.5) - net-ssh (2.6.8) - ptools (1.2.2) - rack (1.5.2) - rack-livereload (0.3.15) + minitest (5.18.0) + multi_json (1.15.0) + net-sftp (4.0.0) + net-ssh (>= 5.0.0, < 8.0.0) + net-ssh (7.1.0) + padrino-helpers (0.15.3) + i18n (>= 0.6.7, < 2) + padrino-support (= 0.15.3) + tilt (>= 1.4.1, < 3) + padrino-support (0.15.3) + parallel (1.22.1) + parslet (2.0.0) + ptools (1.5.0) + public_suffix (5.0.1) + rack (2.2.6.4) + rack-livereload (0.3.17) rack - rack-test (0.6.2) - rack (>= 1.0) - rb-fsevent (0.9.3) - rb-inotify (0.9.1) - ffi (>= 0.5.0) - rb-kqueue (0.2.0) - ffi (>= 0.5.0) - sass (3.2.10) - sprockets (2.10.0) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-helpers (1.0.1) - sprockets (~> 2.0) - sprockets-sass (1.0.1) - sprockets (~> 2.0) - tilt (~> 1.1) - thor (0.18.1) - tilt (1.3.7) - uglifier (2.1.2) - execjs (>= 0.3.0) - multi_json (~> 1.0, >= 1.0.2) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) + ffi (~> 1.0) + rexml (3.2.5) + sassc (2.4.0) + ffi (~> 1.9) + servolux (0.13.0) + temple (0.10.0) + thor (1.2.1) + tilt (2.0.11) + toml (0.3.0) + parslet (>= 1.8.0, < 3.0.0) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + uglifier (3.2.0) + execjs (>= 0.3.0, < 3) + webrick (1.8.1) PLATFORMS ruby DEPENDENCIES - middleman (~> 3.1.3) + middleman (~> 4.4.0) middleman-deploy (~> 0.1.2) middleman-livereload (~> 3.1.0) + +BUNDLED WITH + 2.1.4