From cc731719b568bf909b1764e3d84b90064058693b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 14 Oct 2025 02:03:22 +0000 Subject: [PATCH] fix: src-api/Gemfile & src-api/Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-13378928 - https://snyk.io/vuln/SNYK-RUBY-RACK-13378930 - https://snyk.io/vuln/SNYK-RUBY-RACK-13378932 - https://snyk.io/vuln/SNYK-RUBY-RACK-13535097 - https://snyk.io/vuln/SNYK-RUBY-RACK-13524628 --- src-api/Gemfile | 6 +-- src-api/Gemfile.lock | 116 ++++++++++++++++++++++++------------------- 2 files changed, 68 insertions(+), 54 deletions(-) diff --git a/src-api/Gemfile b/src-api/Gemfile index 8cac123017..5a94b0e4ac 100644 --- a/src-api/Gemfile +++ b/src-api/Gemfile @@ -2,13 +2,13 @@ ruby '3.1.3' source 'https://rubygems.org' # Middleman -gem 'middleman', '~> 4.4' -gem 'middleman-syntax', '~> 3.2' +gem 'middleman', '~> 4.6', '>= 4.6.0' +gem 'middleman-syntax', '~> 3.5', '>= 3.5.0' gem 'middleman-autoprefixer', '~> 3.0' gem 'middleman-sprockets', '~> 4.1' gem 'rouge', '~> 3.21' gem 'redcarpet', '~> 3.6.0' gem 'nokogiri', '~> 1.18.8' -gem 'sprockets', '~> 3.7' +gem 'sprockets', '~> 4.0', '>= 4.0.0' gem 'sass' gem 'webrick' diff --git a/src-api/Gemfile.lock b/src-api/Gemfile.lock index 19f09551da..2189e9bdd5 100644 --- a/src-api/Gemfile.lock +++ b/src-api/Gemfile.lock @@ -1,88 +1,99 @@ GEM remote: https://rubygems.org/ specs: - activesupport (7.0.8.4) - concurrent-ruby (~> 1.0, >= 1.0.2) + activesupport (7.2.2.2) + base64 + benchmark (>= 0.3) + bigdecimal + concurrent-ruby (~> 1.0, >= 1.3.1) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) - tzinfo (~> 2.0) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) autoprefixer-rails (10.4.16.0) execjs (~> 2) - backports (3.25.0) - base64 (0.2.0) + base64 (0.3.0) + benchmark (0.4.1) + bigdecimal (3.3.1) coffee-script (2.4.1) coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.3.4) - contracts (0.16.1) - dotenv (3.1.2) - erubis (2.7.0) - execjs (2.9.1) + concurrent-ruby (1.3.5) + connection_pool (2.5.4) + contracts (0.17.2) + dotenv (3.1.8) + drb (2.2.3) + erubi (1.13.1) + execjs (2.10.0) fast_blank (1.0.1) - fastimage (2.3.1) - ffi (1.17.0) + fastimage (2.4.0) + ffi (1.17.2) haml (6.3.0) temple (>= 0.8.2) thor tilt hamster (3.0.0) concurrent-ruby (~> 1.0) - hashie (3.6.0) - i18n (1.6.0) + hashie (5.0.0) + i18n (1.14.7) concurrent-ruby (~> 1.0) - kramdown (2.4.0) - rexml + kramdown (2.5.1) + rexml (>= 3.3.9) listen (3.9.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) + logger (1.7.0) memoist (0.16.2) - middleman (4.5.1) - coffee-script (~> 2.2) - haml (>= 4.0.5) - kramdown (>= 2.3.0) - middleman-cli (= 4.5.1) - middleman-core (= 4.5.1) + middleman (4.6.2) + middleman-cli (= 4.6.2) + middleman-core (= 4.6.2) middleman-autoprefixer (3.0.0) autoprefixer-rails (~> 10.0) middleman-core (>= 4.0.0) - middleman-cli (4.5.1) - thor (>= 0.17.0, < 1.3.0) - middleman-core (4.5.1) - activesupport (>= 6.1, < 7.1) + middleman-cli (4.6.2) + thor (>= 0.17.0, < 2) + middleman-core (4.6.2) + activesupport (>= 6.1) addressable (~> 2.4) - backports (~> 3.6) bundler (~> 2.0) - contracts (~> 0.13, < 0.17) + coffee-script (~> 2.2) + contracts dotenv - erubis + erubi execjs (~> 2.0) fast_blank fastimage (~> 2.0) + haml (>= 4.0.5) hamster (~> 3.0) - hashie (~> 3.4) - i18n (~> 1.6.0) + hashie (>= 3.4, < 6.0) + i18n (>= 1.6, < 1.15) + kramdown (~> 2.4) listen (~> 3.0) memoist (~> 0.14) padrino-helpers (~> 0.15.0) parallel - rack (>= 1.4.5, < 3) + rack (>= 3) + rackup sassc (~> 2.0) servolux - tilt (~> 2.0.9) + tilt (~> 2.2) toml - uglifier (~> 3.0) + uglifier (>= 3, < 5) webrick middleman-sprockets (4.1.1) middleman-core (~> 4.0) sprockets (>= 3.0) - middleman-syntax (3.4.0) + middleman-syntax (3.6.1) middleman-core (>= 3.2) rouge (~> 3.2) mini_portile2 (2.8.8) - minitest (5.24.1) + minitest (5.26.0) nokogiri (1.18.8) mini_portile2 (~> 2.8.2) racc (~> 1.4) @@ -91,16 +102,18 @@ GEM padrino-support (= 0.15.3) tilt (>= 1.4.1, < 3) padrino-support (0.15.3) - parallel (1.25.1) + parallel (1.27.0) parslet (2.0.0) - public_suffix (6.0.0) + public_suffix (6.0.2) racc (1.8.1) - rack (2.2.14) + rack (3.2.3) + rackup (2.2.1) + rack (>= 3) rb-fsevent (0.11.2) rb-inotify (0.11.1) ffi (~> 1.0) redcarpet (3.6.1) - rexml (3.3.9) + rexml (3.4.4) rouge (3.30.0) sass (3.7.4) sass-listen (~> 4.0.0) @@ -109,19 +122,20 @@ GEM rb-inotify (~> 0.9, >= 0.9.7) sassc (2.4.0) ffi (~> 1.9) + securerandom (0.4.1) servolux (0.13.0) - sprockets (3.7.5) - base64 + sprockets (4.2.2) concurrent-ruby (~> 1.0) - rack (> 1, < 3) - temple (0.10.3) - thor (1.2.2) - tilt (2.0.11) + logger + rack (>= 2.2.4, < 4) + temple (0.10.4) + thor (1.4.0) + tilt (2.6.1) toml (0.3.0) parslet (>= 1.8.0, < 3.0.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - uglifier (3.2.0) + uglifier (4.2.1) execjs (>= 0.3.0, < 3) webrick (1.9.1) @@ -129,19 +143,19 @@ PLATFORMS ruby DEPENDENCIES - middleman (~> 4.4) + middleman (~> 4.6, >= 4.6.0) middleman-autoprefixer (~> 3.0) middleman-sprockets (~> 4.1) - middleman-syntax (~> 3.2) + middleman-syntax (~> 3.5, >= 3.5.0) nokogiri (~> 1.18.8) redcarpet (~> 3.6.0) rouge (~> 3.21) sass - sprockets (~> 3.7) + sprockets (~> 4.0, >= 4.0.0) webrick RUBY VERSION ruby 3.1.3p185 BUNDLED WITH - 2.1.4 + 2.3.27