From 527e2cd10879866045b8bd3b1af6e2a7db02ba4d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 10 Apr 2023 16:20:42 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-1316242 - https://snyk.io/vuln/SNYK-RUBY-KRAMDOWN-1087436 - https://snyk.io/vuln/SNYK-RUBY-KRAMDOWN-585939 --- Gemfile | 6 +-- Gemfile.lock | 116 ++++++++++++++++++++++++++++----------------------- 2 files changed, 67 insertions(+), 55 deletions(-) diff --git a/Gemfile b/Gemfile index 35a61cc..a8ca889 100644 --- a/Gemfile +++ b/Gemfile @@ -1,5 +1,5 @@ source 'https://rubygems.org' -gem 'jekyll', '>= 3.6.2' -gem 'jekyll-sitemap', '>= 1.1.1' -gem 'jekyll-feed', '>= 0.9.2' +gem 'jekyll', '>= 3.9.0' +gem 'jekyll-sitemap', '>= 1.2.0' +gem 'jekyll-feed', '>= 0.11.0' gem "jekyll-gist" diff --git a/Gemfile.lock b/Gemfile.lock index b27283e..4adcc03 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,80 +1,92 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) + addressable (2.8.4) + public_suffix (>= 2.0.2, < 6.0) colorator (1.1.0) - concurrent-ruby (1.1.3) - em-websocket (0.5.1) + concurrent-ruby (1.2.2) + em-websocket (0.5.3) eventmachine (>= 0.12.9) - http_parser.rb (~> 0.6.0) + http_parser.rb (~> 0) eventmachine (1.2.7) - faraday (0.15.4) - multipart-post (>= 1.2, < 3) - ffi (1.9.25) + faraday (2.7.4) + faraday-net_http (>= 2.0, < 3.1) + ruby2_keywords (>= 0.0.4) + faraday-net_http (3.0.2) + ffi (1.15.5) forwardable-extended (2.6.0) - http_parser.rb (0.6.0) - i18n (0.9.5) + google-protobuf (3.22.2) + http_parser.rb (0.8.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) - jekyll (3.8.5) + jekyll (4.3.2) addressable (~> 2.4) colorator (~> 1.0) em-websocket (~> 0.5) - i18n (~> 0.7) - jekyll-sass-converter (~> 1.0) + i18n (~> 1.0) + jekyll-sass-converter (>= 2.0, < 4.0) jekyll-watch (~> 2.0) - kramdown (~> 1.14) + kramdown (~> 2.3, >= 2.3.1) + kramdown-parser-gfm (~> 1.0) liquid (~> 4.0) - mercenary (~> 0.3.3) + mercenary (>= 0.3.6, < 0.5) pathutil (~> 0.9) - rouge (>= 1.7, < 4) + rouge (>= 3.0, < 5.0) safe_yaml (~> 1.0) - jekyll-feed (0.11.0) - jekyll (~> 3.3) + terminal-table (>= 1.8, < 4.0) + webrick (~> 1.7) + jekyll-feed (0.17.0) + jekyll (>= 3.7, < 5.0) jekyll-gist (1.5.0) octokit (~> 4.2) - jekyll-sass-converter (1.5.2) - sass (~> 3.4) - jekyll-sitemap (1.2.0) - jekyll (~> 3.3) - jekyll-watch (2.1.2) + jekyll-sass-converter (3.0.0) + sass-embedded (~> 1.54) + jekyll-sitemap (1.4.0) + jekyll (>= 3.7, < 5.0) + jekyll-watch (2.2.1) listen (~> 3.0) - kramdown (1.17.0) - liquid (4.0.1) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) - mercenary (0.3.6) - multipart-post (2.0.0) - octokit (4.13.0) - sawyer (~> 0.8.0, >= 0.5.3) + kramdown (2.4.0) + rexml + kramdown-parser-gfm (1.1.0) + kramdown (~> 2.0) + liquid (4.0.4) + listen (3.8.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + mercenary (0.4.0) + octokit (4.25.1) + faraday (>= 1, < 3) + sawyer (~> 0.9) pathutil (0.16.2) forwardable-extended (~> 2.6) - public_suffix (3.0.3) - rb-fsevent (0.10.3) - rb-inotify (0.9.10) - ffi (>= 0.5.0, < 2) - rouge (3.3.0) - ruby_dep (1.5.0) - safe_yaml (1.0.4) - sass (3.7.2) - sass-listen (~> 4.0.0) - sass-listen (4.0.0) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - sawyer (0.8.1) - addressable (>= 2.3.5, < 2.6) - faraday (~> 0.8, < 1.0) + public_suffix (5.0.1) + rake (13.0.6) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) + ffi (~> 1.0) + rexml (3.2.5) + rouge (4.1.0) + ruby2_keywords (0.0.5) + safe_yaml (1.0.5) + sass-embedded (1.61.0) + google-protobuf (~> 3.21) + rake (>= 10.0.0) + sawyer (0.9.2) + addressable (>= 2.3.5) + faraday (>= 0.17.3, < 3) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + unicode-display_width (2.4.2) + webrick (1.8.1) PLATFORMS ruby DEPENDENCIES - jekyll (>= 3.6.2) - jekyll-feed (>= 0.9.2) + jekyll (>= 3.9.0) + jekyll-feed (>= 0.11.0) jekyll-gist - jekyll-sitemap (>= 1.1.1) + jekyll-sitemap (>= 1.2.0) BUNDLED WITH - 1.17.1 + 1.17.3