From 0ecec955b8bf7309b47a0d886fad8399db3cb78b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 1 Nov 2024 04:12:40 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-7164639
- https://snyk.io/vuln/SNYK-RUBY-PUMA-8062124
---
 Gemfile      |   4 +-
 Gemfile.lock | 161 ++++++++++++++++++++++++++++++++++-----------------
 2 files changed, 111 insertions(+), 54 deletions(-)

diff --git a/Gemfile b/Gemfile
index 94f1f8d..31df859 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,10 +6,10 @@ gem 'byebug'
 
 # Rack server
 gem 'rack'
-gem 'puma'
+gem 'puma', '>= 5.6.9'
 
 # Gollum and markup renderers
-gem 'gollum'
+gem 'gollum', '>= 5.0.0'
 gem 'github-markdown'
 gem 'asciidoctor'
 gem 'creole'
diff --git a/Gemfile.lock b/Gemfile.lock
index 0f7f513..c974187 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -3,73 +3,130 @@ GEM
   specs:
     RedCloth (4.3.2)
     asciidoctor (1.5.6.1)
+    base64 (0.2.0)
     builder (3.2.3)
     byebug (9.1.0)
-    charlock_holmes (0.7.5)
+    concurrent-ruby (1.3.4)
+    crass (1.0.6)
     creole (0.5.0)
-    diff-lcs (1.3)
     dotenv (2.2.1)
     expression_parser (0.9.0)
-    gemojione (3.3.0)
+    gemojione (4.3.3)
       json
     github-markdown (0.6.9)
-    github-markup (1.6.1)
-    gitlab-grit (2.8.2)
-      charlock_holmes (~> 0.6)
-      diff-lcs (~> 1.1)
-      mime-types (>= 1.16)
-      posix-spawn (~> 0.3)
-    gollum (4.1.2)
-      gemojione (~> 3.2)
-      gollum-lib (>= 4.2.7)
-      kramdown (~> 1.9.0)
-      mustache (>= 0.99.5, < 1.0.0)
-      sinatra (~> 1.4, >= 1.4.4)
+    github-markup (4.0.2)
+    gollum (6.0.1)
+      gemojione (~> 4.1)
+      gollum-lib (~> 6.0)
+      i18n (~> 1.8)
+      kramdown (~> 2.3)
+      kramdown-parser-gfm (~> 1.1.0)
+      mustache-sinatra (~> 2.0)
+      octicons (~> 19.0)
+      rack (>= 3.0)
+      rackup (~> 2.1)
+      rdoc (~> 6)
+      rss (~> 0.3)
+      sinatra (~> 4.0)
+      sinatra-contrib (~> 4.0)
+      sprockets (~> 4.1)
+      sprockets-helpers (~> 1.2)
+      therubyrhino (~> 2.1.0)
       useragent (~> 0.16.2)
-    gollum-grit_adapter (1.0.1)
-      gitlab-grit (~> 2.7, >= 2.7.1)
-    gollum-lib (4.2.7)
-      gemojione (~> 3.2)
-      github-markup (~> 1.6)
-      gollum-grit_adapter (~> 1.0)
-      nokogiri (>= 1.6.1, < 2.0)
-      rouge (~> 2.1)
-      sanitize (~> 2.1)
-      stringex (~> 2.6)
+      webrick (~> 1.7)
+    gollum-lib (6.0)
+      gemojione (~> 4.1)
+      github-markup (~> 4.0)
+      gollum-rugged_adapter (~> 3.0)
+      loofah (~> 2.3)
+      nokogiri (~> 1.8)
+      rouge (~> 3.1)
+      twitter-text (= 1.14.7)
+    gollum-rugged_adapter (3.0)
+      mime-types (~> 3.4)
+      rugged (~> 1.5)
     htmlentities (4.3.4)
-    json (2.1.0)
-    kramdown (1.9.0)
-    mime-types (3.1)
+    i18n (1.14.6)
+      concurrent-ruby (~> 1.0)
+    json (2.7.5)
+    kramdown (2.4.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    logger (1.6.1)
+    loofah (2.23.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
+    mime-types (3.6.0)
+      logger
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
-    mini_portile2 (2.3.0)
-    mustache (0.99.8)
-    mustermann (1.0.1)
-    nokogiri (1.8.1)
-      mini_portile2 (~> 2.3.0)
+    mime-types-data (3.2024.1001)
+    mini_portile2 (2.8.7)
+    multi_json (1.15.0)
+    mustache (1.1.1)
+    mustache-sinatra (2.0.0)
+      mustache (~> 1.0)
+    mustermann (3.0.3)
+      ruby2_keywords (~> 0.0.1)
+    nio4r (2.7.4)
+    nokogiri (1.15.6)
+      mini_portile2 (~> 2.8.2)
+      racc (~> 1.4)
+    octicons (19.12.0)
     org-ruby (0.9.12)
       rubypants (~> 0.2)
-    posix-spawn (0.3.13)
-    puma (3.10.0)
-    rack (1.6.8)
-    rack-protection (1.5.3)
-      rack
-    rouge (2.2.1)
+    psych (5.1.2)
+      stringio
+    puma (6.4.3)
+      nio4r (~> 2.0)
+    racc (1.8.1)
+    rack (3.1.8)
+    rack-protection (4.0.0)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0, < 4)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
+    rackup (2.1.0)
+      rack (>= 3)
+      webrick (~> 1.8)
+    rdoc (6.7.0)
+      psych (>= 4.0.0)
+    rexml (3.3.9)
+    rouge (3.30.0)
+    rss (0.3.1)
+      rexml
+    ruby2_keywords (0.0.5)
     rubypants (0.6.0)
-    sanitize (2.1.0)
-      nokogiri (>= 1.4.4)
-    sinatra (1.4.5)
-      rack (~> 1.4)
-      rack-protection (~> 1.4)
-      tilt (~> 1.3, >= 1.3.4)
-    stringex (2.7.1)
-    tilt (1.4.1)
+    rugged (1.7.2)
+    sinatra (4.0.0)
+      mustermann (~> 3.0)
+      rack (>= 3.0.0, < 4)
+      rack-protection (= 4.0.0)
+      rack-session (>= 2.0.0, < 3)
+      tilt (~> 2.0)
+    sinatra-contrib (4.0.0)
+      multi_json (>= 0.0.2)
+      mustermann (~> 3.0)
+      rack-protection (= 4.0.0)
+      sinatra (= 4.0.0)
+      tilt (~> 2.0)
+    sprockets (4.2.1)
+      concurrent-ruby (~> 1.0)
+      rack (>= 2.2.4, < 4)
+    sprockets-helpers (1.4.0)
+      sprockets (>= 2.2)
+    stringio (3.1.1)
+    therubyrhino (2.1.2)
+      therubyrhino_jar (>= 1.7.4, < 1.7.9)
+    therubyrhino_jar (1.7.8)
+    tilt (2.4.0)
     twitter-text (1.14.7)
       unf (~> 0.1.0)
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.7.4)
-    useragent (0.16.8)
+    useragent (0.16.10)
+    webrick (1.8.2)
     wikicloth (0.8.3)
       builder
       expression_parser
@@ -87,12 +144,12 @@ DEPENDENCIES
   creole
   dotenv
   github-markdown
-  gollum
+  gollum (>= 5.0.0)
   org-ruby
-  puma
+  puma (>= 5.6.9)
   rack
   sinatra
   wikicloth
 
 BUNDLED WITH
-   1.15.1
+   1.17.3