From db653746c01c0eb5da6ca6255a42ab208523ac10 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 17 Jan 2022 13:35:03 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-1316242
- https://snyk.io/vuln/SNYK-RUBY-FFI-22037
- https://snyk.io/vuln/SNYK-RUBY-JEKYLL-451462
- https://snyk.io/vuln/SNYK-RUBY-KRAMDOWN-585939
- https://snyk.io/vuln/SNYK-RUBY-RACK-538324
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
- https://snyk.io/vuln/SNYK-RUBY-RACK-572377
- https://snyk.io/vuln/SNYK-RUBY-RACK-72567
- https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20394
- https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
- https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-22019
- https://snyk.io/vuln/SNYK-RUBY-RAKE-552000
- https://snyk.io/vuln/SNYK-RUBY-REDCARPET-1059089
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-20488
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-22027
---
 Gemfile      |  16 ++++----
 Gemfile.lock | 104 +++++++++++++++++++++++++++++----------------------
 2 files changed, 68 insertions(+), 52 deletions(-)

diff --git a/Gemfile b/Gemfile
index c30860255d89..b23cc13a32d0 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,8 +1,8 @@
 source "https://rubygems.org"
 
 group :development do
-  gem 'rake', '~> 10.0'
-  gem 'jekyll', '~> 3.0'
+  gem 'rake', '~> 12.3', '>= 12.3.3'
+  gem 'jekyll', '~> 3.9', '>= 3.9.0'
   gem 'compass', '~> 0.12'
   gem 'sass-globbing', '~> 1.0'
   gem 'stringex', '~> 1.4'
@@ -11,11 +11,11 @@ end
 
 group :jekyll_plugins do
   gem 'jekyll-paginate'
-  gem 'jekyll-redirect-from'
-  gem 'jekyll-sitemap'
-  gem 'jekyll-time-to-read'
-  gem 'octopress', '~> 3.0'
-  gem 'octopress-include-tag'
+  gem 'jekyll-redirect-from', '>= 0.12.1'
+  gem 'jekyll-sitemap', '>= 1.1.1'
+  gem 'jekyll-time-to-read', '>= 0.1.2'
+  gem 'octopress', '~> 3.0', '>= 3.0.11'
+  gem 'octopress-include-tag', '>= 1.1.3'
 end
 
-gem 'sinatra', '~> 1.4.2'
+gem 'sinatra', '~> 2.0.2'
diff --git a/Gemfile.lock b/Gemfile.lock
index d706705eb308..36186c151408 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,8 +1,8 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
     chunky_png (1.3.8)
     coderay (1.1.1)
     colorator (1.1.0)
@@ -10,38 +10,51 @@ GEM
       chunky_png (~> 1.2)
       fssm (>= 0.2.7)
       sass (~> 3.2.19)
-    ffi (1.9.18)
+    concurrent-ruby (1.1.9)
+    em-websocket (0.5.3)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0)
+    eventmachine (1.2.7)
+    ffi (1.15.5)
     forwardable-extended (2.6.0)
     fssm (0.2.10)
-    jekyll (3.5.2)
+    http_parser.rb (0.8.0)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
+    jekyll (3.9.1)
       addressable (~> 2.4)
       colorator (~> 1.0)
+      em-websocket (~> 0.5)
+      i18n (~> 0.7)
       jekyll-sass-converter (~> 1.0)
-      jekyll-watch (~> 1.1)
-      kramdown (~> 1.3)
+      jekyll-watch (~> 2.0)
+      kramdown (>= 1.17, < 3)
       liquid (~> 4.0)
       mercenary (~> 0.3.3)
       pathutil (~> 0.9)
-      rouge (~> 1.7)
+      rouge (>= 1.7, < 4)
       safe_yaml (~> 1.0)
     jekyll-paginate (1.1.0)
-    jekyll-redirect-from (0.12.1)
-      jekyll (~> 3.3)
+    jekyll-redirect-from (0.16.0)
+      jekyll (>= 3.3, < 5.0)
     jekyll-sass-converter (1.3.0)
       sass (~> 3.2)
-    jekyll-sitemap (1.1.1)
-      jekyll (~> 3.3)
+    jekyll-sitemap (1.4.0)
+      jekyll (>= 3.7, < 5.0)
     jekyll-time-to-read (0.1.2)
       jekyll
-    jekyll-watch (1.5.0)
-      listen (~> 3.0, < 3.1)
-    kramdown (1.14.0)
-    liquid (4.0.0)
-    listen (3.0.8)
-      rb-fsevent (~> 0.9, >= 0.9.4)
-      rb-inotify (~> 0.9, >= 0.9.7)
+    jekyll-watch (2.2.1)
+      listen (~> 3.0)
+    kramdown (2.3.1)
+      rexml
+    liquid (4.0.3)
+    listen (3.7.1)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
     mercenary (0.3.6)
     method_source (0.8.2)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
     octopress (3.0.11)
       jekyll (>= 2.0)
       mercenary (~> 0.3.2)
@@ -59,35 +72,38 @@ GEM
     octopress-include-tag (1.1.3)
       jekyll (>= 2.0)
       octopress-tag-helpers (~> 1.0)
-    octopress-tag-helpers (1.0.8)
+    octopress-tag-helpers (1.0.9)
       jekyll (>= 2.0)
-    pathutil (0.14.0)
+    pathutil (0.16.2)
       forwardable-extended (~> 2.6)
     pry (0.10.4)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
       slop (~> 3.4)
-    public_suffix (3.0.0)
-    rack (1.6.8)
-    rack-protection (1.5.3)
+    public_suffix (4.0.6)
+    rack (2.2.3)
+    rack-protection (2.0.8.1)
       rack
-    rake (10.5.0)
-    rb-fsevent (0.10.2)
-    rb-inotify (0.9.10)
-      ffi (>= 0.5.0, < 2)
-    redcarpet (3.4.0)
-    rouge (1.11.1)
-    safe_yaml (1.0.4)
+    rake (12.3.3)
+    rb-fsevent (0.11.0)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    redcarpet (3.5.1)
+    rexml (3.2.5)
+    rouge (3.27.0)
+    ruby2_keywords (0.0.5)
+    safe_yaml (1.0.5)
     sass (3.2.19)
     sass-globbing (1.1.5)
       sass (>= 3.1)
-    sinatra (1.4.8)
-      rack (~> 1.5)
-      rack-protection (~> 1.4)
-      tilt (>= 1.3, < 3)
+    sinatra (2.0.8.1)
+      mustermann (~> 1.0)
+      rack (~> 2.0)
+      rack-protection (= 2.0.8.1)
+      tilt (~> 2.0)
     slop (3.6.0)
     stringex (1.5.1)
-    tilt (2.0.8)
+    tilt (2.0.10)
     titlecase (0.1.1)
 
 PLATFORMS
@@ -95,18 +111,18 @@ PLATFORMS
 
 DEPENDENCIES
   compass (~> 0.12)
-  jekyll (~> 3.0)
+  jekyll (~> 3.9, >= 3.9.0)
   jekyll-paginate
-  jekyll-redirect-from
-  jekyll-sitemap
-  jekyll-time-to-read
-  octopress (~> 3.0)
-  octopress-include-tag
+  jekyll-redirect-from (>= 0.12.1)
+  jekyll-sitemap (>= 1.1.1)
+  jekyll-time-to-read (>= 0.1.2)
+  octopress (~> 3.0, >= 3.0.11)
+  octopress-include-tag (>= 1.1.3)
   pry
-  rake (~> 10.0)
+  rake (~> 12.3, >= 12.3.3)
   sass-globbing (~> 1.0)
-  sinatra (~> 1.4.2)
+  sinatra (~> 2.0.2)
   stringex (~> 1.4)
 
 BUNDLED WITH
-   1.15.4
+   1.17.3