From 19db257ca729711aa549c39bddbe6fe8ebbbfb7f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 17 Jul 2024 18:30:56 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-7462086 --- Gemfile | 4 ++-- Gemfile.lock | 20 +++++++++++--------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/Gemfile b/Gemfile index 495d163..6daa50b 100644 --- a/Gemfile +++ b/Gemfile @@ -7,8 +7,8 @@ gem 'aws-sdk-s3', '~> 1.30' gem 'dotenv' gem 'hashie' gem 'mocha' -gem 'rexml' -gem 'ruby-saml', '>= 1.9.0' +gem 'rexml', '>= 3.3.2' +gem 'ruby-saml', '>= 1.15.0' gem 'rack-test', '>= 2.0.0' gem 'rake' gem 'sinatra', '>= 3.0.4' diff --git a/Gemfile.lock b/Gemfile.lock index 41d349a..e45afe8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -31,14 +31,14 @@ GEM jmespath (1.6.1) metaclass (0.0.4) method_source (0.9.2) - mini_portile2 (2.8.5) + mini_portile2 (2.8.7) minitest (5.19.0) mocha (1.7.0) metaclass (~> 0.0.1) mustermann (3.0.0) ruby2_keywords (~> 0.0.1) nio4r (2.7.0) - nokogiri (1.16.2) + nokogiri (1.16.6) mini_portile2 (~> 2.8.2) racc (~> 1.4) power_assert (2.0.2) @@ -47,16 +47,17 @@ GEM method_source (~> 0.9.0) puma (6.4.2) nio4r (~> 2.0) - racc (1.7.3) + racc (1.8.0) rack (2.2.8.1) rack-protection (3.0.4) rack rack-test (2.0.2) rack (>= 1.3) rake (13.0.1) - rexml (3.2.5) - ruby-saml (1.14.0) - nokogiri (>= 1.10.5) + rexml (3.3.2) + strscan + ruby-saml (1.16.0) + nokogiri (>= 1.13.10) rexml ruby2_keywords (0.0.5) sinatra (3.0.4) @@ -64,6 +65,7 @@ GEM rack (~> 2.2, >= 2.2.4) rack-protection (= 3.0.4) tilt (~> 2.0) + strscan (3.1.0) test-unit (3.5.7) power_assert tilt (2.0.11) @@ -84,8 +86,8 @@ DEPENDENCIES puma rack-test (>= 2.0.0) rake - rexml - ruby-saml (>= 1.9.0) + rexml (>= 3.3.2) + ruby-saml (>= 1.15.0) sinatra (>= 3.0.4) test-unit @@ -93,4 +95,4 @@ RUBY VERSION ruby 3.2.2p223 BUNDLED WITH - 2.2.33 + 2.4.6