From c71b5e8b2276d47746cc4d8697d5dc471b308682 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 4 Apr 2024 21:01:17 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274383
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274384
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274385
---
 Gemfile      |   6 +--
 Gemfile.lock | 101 ++++++++++++++++++++++++++++++---------------------
 2 files changed, 63 insertions(+), 44 deletions(-)

diff --git a/Gemfile b/Gemfile
index c34c61e..0760009 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,5 +1,5 @@
 source 'https://rubygems.org'
 
-gem 'grape'
-gem 'puma'
-gem 'rack'
+gem 'grape', '>= 0.6.0'
+gem 'puma', '>= 2.12.0'
+gem 'rack', '>= 2.2.8.1'
diff --git a/Gemfile.lock b/Gemfile.lock
index c0d685f..2fc2b3e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,55 +1,74 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (4.0.0)
-      i18n (~> 0.6, >= 0.6.4)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
-      thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
-    atomic (1.1.13)
-    atomic (1.1.13-java)
-    backports (3.3.3)
-    builder (3.2.2)
-    descendants_tracker (0.0.1)
-    grape (0.5.0)
-      activesupport
+    activesupport (7.1.3.2)
+      base64
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      mutex_m
+      tzinfo (~> 2.0)
+    base64 (0.2.0)
+    bigdecimal (3.1.7)
+    bigdecimal (3.1.7-java)
+    builder (3.2.4)
+    concurrent-ruby (1.2.3)
+    connection_pool (2.4.1)
+    drb (2.2.1)
+    dry-core (1.0.0)
+      concurrent-ruby (~> 1.0)
+      zeitwerk (~> 2.6)
+    dry-inflector (1.0.0)
+    dry-logic (1.5.0)
+      concurrent-ruby (~> 1.0)
+      dry-core (~> 1.0, < 2)
+      zeitwerk (~> 2.6)
+    dry-types (1.7.1)
+      concurrent-ruby (~> 1.0)
+      dry-core (~> 1.0)
+      dry-inflector (~> 1.0)
+      dry-logic (~> 1.4)
+      zeitwerk (~> 2.6)
+    grape (2.0.0)
+      activesupport (>= 5)
       builder
-      hashie (>= 1.2.0)
-      multi_json (>= 1.3.2)
-      multi_xml (>= 0.5.2)
+      dry-types (>= 1.1)
+      mustermann-grape (~> 1.0.0)
       rack (>= 1.3.0)
       rack-accept
-      rack-mount
-      virtus
-    hashie (2.0.5)
-    i18n (0.6.5)
-    minitest (4.7.5)
-    multi_json (1.7.9)
-    multi_xml (0.5.5)
-    puma (2.5.1)
-      rack (>= 1.1, < 2.0)
-    puma (2.5.1-java)
-      rack (>= 1.1, < 2.0)
-    rack (1.5.2)
+    i18n (1.14.4)
+      concurrent-ruby (~> 1.0)
+    minitest (5.22.3)
+    mustermann (3.0.0)
+      ruby2_keywords (~> 0.0.1)
+    mustermann-grape (1.0.2)
+      mustermann (>= 1.0.0)
+    mutex_m (0.2.0)
+    nio4r (2.7.1)
+    nio4r (2.7.1-java)
+    puma (6.4.2)
+      nio4r (~> 2.0)
+    puma (6.4.2-java)
+      nio4r (~> 2.0)
+    rack (3.0.10)
     rack-accept (0.4.5)
       rack (>= 0.4)
-    rack-mount (0.8.3)
-      rack (>= 1.0.0)
-    thread_safe (0.1.2)
-      atomic
-    thread_safe (0.1.2-java)
-      atomic
-    tzinfo (0.3.37)
-    virtus (0.5.5)
-      backports (~> 3.3)
-      descendants_tracker (~> 0.0.1)
+    ruby2_keywords (0.0.5)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    zeitwerk (2.6.13)
 
 PLATFORMS
   java
   ruby
 
 DEPENDENCIES
-  grape
-  puma
-  rack
+  grape (>= 0.6.0)
+  puma (>= 2.12.0)
+  rack (>= 2.2.8.1)
+
+BUNDLED WITH
+   2.1.4