From f8db68d6d1fab6ada18e38b5a9beae1c1d0b9940 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 17 May 2024 18:26:14 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-6861566 --- Gemfile | 4 ++-- Gemfile.lock | 47 +++++++++++++++++++++++++---------------------- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/Gemfile b/Gemfile index 5b0fc9c..920b46b 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ source "https://rubygems.org" # # This will help ensure the proper Jekyll version is running. # Happy Jekylling! -gem "jekyll", "~> 4.2.0" +gem "jekyll", "~> 4.2.1" # This is the default theme for new Jekyll sites. You may change this to anything you like. gem "minima", "~> 2.5" # If you want to use GitHub Pages, remove the "gem "jekyll"" above and @@ -15,7 +15,7 @@ gem "minima", "~> 2.5" # gem "github-pages", group: :jekyll_plugins # If you have any plugins, put them here! group :jekyll_plugins do - gem "jekyll-feed", "~> 0.12" + gem "jekyll-feed", "~> 0.16", ">= 0.16.0" end # Windows and JRuby does not include zoneinfo files, so bundle the tzinfo-data gem diff --git a/Gemfile.lock b/Gemfile.lock index 593033c..c66340a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,20 +1,20 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.6) + public_suffix (>= 2.0.2, < 6.0) colorator (1.1.0) - concurrent-ruby (1.1.9) - em-websocket (0.5.2) + concurrent-ruby (1.2.3) + em-websocket (0.5.3) eventmachine (>= 0.12.9) - http_parser.rb (~> 0.6.0) + http_parser.rb (~> 0) eventmachine (1.2.7) - ffi (1.15.3) + ffi (1.16.3) forwardable-extended (2.6.0) - http_parser.rb (0.6.0) - i18n (1.8.10) + http_parser.rb (0.8.0) + i18n (1.14.5) concurrent-ruby (~> 1.0) - jekyll (4.2.0) + jekyll (4.2.2) addressable (~> 2.4) colorator (~> 1.0) em-websocket (~> 0.5) @@ -29,20 +29,20 @@ GEM rouge (~> 3.0) safe_yaml (~> 1.0) terminal-table (~> 2.0) - jekyll-feed (0.15.1) + jekyll-feed (0.17.0) jekyll (>= 3.7, < 5.0) - jekyll-sass-converter (2.1.0) + jekyll-sass-converter (2.2.0) sassc (> 2.0.1, < 3.0) jekyll-seo-tag (2.7.1) jekyll (>= 3.8, < 5.0) jekyll-watch (2.2.1) listen (~> 3.0) - kramdown (2.3.1) + kramdown (2.4.0) rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) - liquid (4.0.3) - listen (3.7.0) + liquid (4.0.4) + listen (3.9.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.4.0) @@ -52,31 +52,34 @@ GEM jekyll-seo-tag (~> 2.1) pathutil (0.16.2) forwardable-extended (~> 2.6) - public_suffix (4.0.6) - rb-fsevent (0.11.0) + public_suffix (5.0.5) + rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - rexml (3.2.5) - rouge (3.26.0) + rexml (3.2.8) + strscan (>= 3.0.9) + rouge (3.30.0) safe_yaml (1.0.5) sassc (2.4.0) ffi (~> 1.9) + strscan (3.1.0) terminal-table (2.0.0) unicode-display_width (~> 1.1, >= 1.1.1) - unicode-display_width (1.7.0) + unicode-display_width (1.8.0) PLATFORMS + ruby universal-darwin-20 x86_64-darwin-18 x86_64-linux DEPENDENCIES - jekyll (~> 4.2.0) - jekyll-feed (~> 0.12) + jekyll (~> 4.2.1) + jekyll-feed (~> 0.16, >= 0.16.0) minima (~> 2.5) tzinfo (~> 1.2) tzinfo-data wdm (~> 0.1.1) BUNDLED WITH - 2.2.26 + 2.1.4