From 3caad7ae05907485da574805c7bf95de69d33d05 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 17 Jan 2022 15:08:50 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-1080913
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598
- https://snyk.io/vuln/SNYK-RUBY-I18N-72582
- https://snyk.io/vuln/SNYK-RUBY-PUMA-1291014
- https://snyk.io/vuln/SNYK-RUBY-PUMA-1730572
- https://snyk.io/vuln/SNYK-RUBY-PUMA-536835
- https://snyk.io/vuln/SNYK-RUBY-PUMA-559020
- https://snyk.io/vuln/SNYK-RUBY-PUMA-559100
- https://snyk.io/vuln/SNYK-RUBY-PUMA-570205
- https://snyk.io/vuln/SNYK-RUBY-PUMA-570206
- https://snyk.io/vuln/SNYK-RUBY-RACK-538324
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
- https://snyk.io/vuln/SNYK-RUBY-RACK-572377
- https://snyk.io/vuln/SNYK-RUBY-RACK-72567
- https://snyk.io/vuln/SNYK-RUBY-RAKE-552000
- https://snyk.io/vuln/SNYK-RUBY-SMASHING-1316247
---
 Gemfile      |  18 +++---
 Gemfile.lock | 162 +++++++++++++++++++++++++++------------------------
 2 files changed, 96 insertions(+), 84 deletions(-)

diff --git a/Gemfile b/Gemfile
index ff94179..6469577 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,23 +1,23 @@
 source 'https://rubygems.org'
 
-gem 'smashing'
+gem 'smashing', '>= 1.3.5'
 
-gem 'rake', '~> 12.0'
-gem 'sinatra'
-gem 'sinatra-activerecord', '~> 2.0', '>= 2.0.11'
-gem 'activerecord', '~> 5.0', '>= 5.0.1'
+gem 'rake', '~> 12.3', '>= 12.3.3'
+gem 'sinatra', '>= 2.0.0'
+gem 'sinatra-activerecord', '~> 2.0', '>= 2.0.12'
+gem 'activerecord', '~> 5.2', '>= 5.2.4.5'
 gem 'mysql2'
 gem 'pg'
 gem 'json-compare'
-gem 'rails-erd'
+gem 'rails-erd', '>= 1.5.0'
 gem 'ruby-graphviz'
-gem 'puma'
+gem 'puma', '>= 4.3.9'
 gem 'sinatra-twitter-bootstrap', :require => 'sinatra/twitter-bootstrap'
 
 group :development do
-  gem 'shotgun'
+  gem 'shotgun', '>= 0.9.2'
   gem 'pry'
-  gem 'tux'
+  gem 'tux', '>= 0.3.0'
   gem 'sqlite3', :platform => [:ruby, :mswin, :mingw]
   gem 'awesome_print'
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index 0e3700d..8c5ec72 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,55 +1,66 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (5.0.1)
-      activesupport (= 5.0.1)
-    activerecord (5.0.1)
-      activemodel (= 5.0.1)
-      activesupport (= 5.0.1)
-      arel (~> 7.0)
-    activesupport (5.0.1)
+    activemodel (5.2.6)
+      activesupport (= 5.2.6)
+    activerecord (5.2.6)
+      activemodel (= 5.2.6)
+      activesupport (= 5.2.6)
+      arel (>= 9.0)
+    activesupport (5.2.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    arel (7.1.4)
+    arel (9.0.0)
     awesome_print (1.7.0)
-    backports (3.6.8)
     bond (0.5.1)
     choice (0.2.0)
     coderay (1.1.1)
-    coffee-script (2.2.0)
+    coffee-script (2.4.1)
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    concurrent-ruby (1.0.4)
-    daemons (1.2.4)
-    eventmachine (1.2.1)
-    execjs (2.0.2)
-    hike (1.2.3)
-    i18n (0.7.0)
+    concurrent-ruby (1.1.9)
+    daemons (1.4.1)
+    et-orbi (1.2.6)
+      tzinfo
+    eventmachine (1.2.7)
+    execjs (2.8.1)
+    ffi (1.15.5)
+    fugit (1.5.2)
+      et-orbi (~> 1.1, >= 1.1.8)
+      raabro (~> 1.4)
+    i18n (1.8.11)
+      concurrent-ruby (~> 1.0)
     json-compare (0.1.8)
     method_source (0.8.2)
-    minitest (5.10.1)
-    multi_json (1.12.1)
+    minitest (5.15.0)
+    multi_json (1.15.0)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
     mysql2 (0.4.5)
+    nio4r (2.5.8)
     pg (0.20.0)
     pry (0.10.4)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
       slop (~> 3.4)
-    puma (3.8.2)
-    rack (1.5.5)
-    rack-protection (1.5.3)
+    puma (5.5.2)
+      nio4r (~> 2.0)
+    raabro (1.4.0)
+    rack (2.2.3)
+    rack-protection (2.1.0)
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails-erd (1.5.0)
-      activerecord (>= 3.2)
-      activesupport (>= 3.2)
+    rails-erd (1.6.1)
+      activerecord (>= 4.2)
+      activesupport (>= 4.2)
       choice (~> 0.2.0)
       ruby-graphviz (~> 1.2)
-    rake (12.0.0)
+    rake (12.3.3)
+    rexml (3.2.5)
     ripl (0.7.1)
       bond (~> 0.5.1)
     ripl-multi_line (0.3.1)
@@ -58,81 +69,82 @@ GEM
       rack (>= 1.0)
       rack-test (~> 0.6.2)
       ripl (>= 0.7.0)
-    ruby-graphviz (1.2.2)
-    rufus-scheduler (2.0.24)
-      tzinfo (>= 0.3.22)
-    sass (3.2.19)
+    ruby-graphviz (1.2.5)
+      rexml
+    ruby2_keywords (0.0.5)
+    rufus-scheduler (3.8.1)
+      fugit (~> 1.1, >= 1.1.6)
+    sassc (2.4.0)
+      ffi (~> 1.9)
     shotgun (0.9.2)
       rack (>= 1.0)
-    sinatra (1.4.7)
-      rack (~> 1.5)
-      rack-protection (~> 1.4)
-      tilt (>= 1.3, < 3)
-    sinatra-activerecord (2.0.11)
-      activerecord (>= 3.2)
-      sinatra (~> 1.0)
-    sinatra-contrib (1.4.7)
-      backports (>= 2.0)
+    sinatra (2.1.0)
+      mustermann (~> 1.0)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
+      tilt (~> 2.0)
+    sinatra-activerecord (2.0.25)
+      activerecord (>= 4.1)
+      sinatra (>= 1.0)
+    sinatra-contrib (2.1.0)
       multi_json
-      rack-protection
-      rack-test
-      sinatra (~> 1.4.0)
-      tilt (>= 1.3, < 3)
+      mustermann (~> 1.0)
+      rack-protection (= 2.1.0)
+      sinatra (= 2.1.0)
+      tilt (~> 2.0)
     sinatra-twitter-bootstrap (2.3.4)
     slop (3.6.0)
-    smashing (1.0.0)
-      coffee-script (~> 2.2.0)
-      execjs (~> 2.0.2)
-      rack (~> 1.5.4)
-      rufus-scheduler (~> 2.0.24)
-      sass (~> 3.2.12)
-      sinatra (~> 1.4.4)
-      sinatra-contrib (~> 1.4.2)
-      sprockets (~> 2.10.1)
-      thin (~> 1.6.1)
-      thor (~> 0.19)
-    sprockets (2.10.2)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
+    smashing (1.3.5)
+      coffee-script (~> 2.4)
+      execjs (~> 2.7)
+      rack (~> 2.2)
+      rufus-scheduler (~> 3.6)
+      sassc (~> 2.0)
+      sinatra (~> 2.0)
+      sinatra-contrib (~> 2.0)
+      sprockets (~> 4.0)
+      thin (~> 1.7)
+      thor (~> 1.0)
+    sprockets (4.0.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
     sqlite3 (1.3.12)
-    thin (1.6.4)
+    thin (1.8.1)
       daemons (~> 1.0, >= 1.0.9)
       eventmachine (~> 1.0, >= 1.0.4)
-      rack (~> 1.0)
-    thor (0.19.4)
-    thread_safe (0.3.5)
-    tilt (1.4.1)
+      rack (>= 1, < 3)
+    thor (1.2.1)
+    thread_safe (0.3.6)
+    tilt (2.0.10)
     tux (0.3.0)
       ripl (>= 0.3.5)
       ripl-multi_line (>= 0.2.4)
       ripl-rack (>= 0.2.0)
       sinatra (>= 1.2.1)
-    tzinfo (1.2.2)
+    tzinfo (1.2.9)
       thread_safe (~> 0.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  activerecord (~> 5.0, >= 5.0.1)
+  activerecord (~> 5.2, >= 5.2.4.5)
   awesome_print
   json-compare
   mysql2
   pg
   pry
-  puma
-  rails-erd
-  rake (~> 12.0)
+  puma (>= 4.3.9)
+  rails-erd (>= 1.5.0)
+  rake (~> 12.3, >= 12.3.3)
   ruby-graphviz
-  shotgun
-  sinatra
-  sinatra-activerecord (~> 2.0, >= 2.0.11)
+  shotgun (>= 0.9.2)
+  sinatra (>= 2.0.0)
+  sinatra-activerecord (~> 2.0, >= 2.0.12)
   sinatra-twitter-bootstrap
-  smashing
+  smashing (>= 1.3.5)
   sqlite3
-  tux
+  tux (>= 0.3.0)
 
 BUNDLED WITH
-   1.15.0
+   1.17.3