From de51f05c5f5902735959df79c3b86aa9ea692720 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 24 Apr 2025 08:20:21 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-9789079 --- Gemfile | 4 ++-- Gemfile.lock | 45 +++++++++++++++++++++++---------------------- 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/Gemfile b/Gemfile index 7e604be5..282cb6d8 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ gem "amp-jekyll" gem "autoprefixer-rails" gem "crass" gem "font-awesome-sass" -gem "html-proofer" +gem "html-proofer", ">= 3.19.3" gem "image_optim_bin" # Optional gem "image_optim_pack" gem "image_optim" @@ -23,7 +23,7 @@ gem "kramdown-parser-gfm" gem "mini_magick" gem "rake" gem "rouge" -gem "sanitize" +gem "sanitize", ">= 6.0.0" gem "sass" gem "sprockets", "4.0.0.beta8" gem "uglifier" \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index 8193ca12..9720ff74 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -6,8 +6,8 @@ GEM i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.7.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) amp-jekyll (1.0.3) fastimage (>= 1.8.0) jekyll (>= 3.0, < 5.0) @@ -20,8 +20,8 @@ GEM em-websocket (0.5.1) eventmachine (>= 0.12.9) http_parser.rb (~> 0.6.0) - ethon (0.12.0) - ffi (>= 1.3.0) + ethon (0.16.0) + ffi (>= 1.15.0) eventmachine (1.2.7) execjs (2.7.0) exifr (1.3.6) @@ -30,7 +30,7 @@ GEM faraday (1.0.1) multipart-post (>= 1.2, < 3) fastimage (2.2.0) - ffi (1.13.1) + ffi (1.17.2) font-awesome-sass (5.13.0) sassc (>= 1.11) forwardable-extended (2.6.0) @@ -39,14 +39,15 @@ GEM html-pipeline (2.14.0) activesupport (>= 2) nokogiri (>= 1.4) - html-proofer (3.15.3) + html-proofer (4.4.3) addressable (~> 2.3) mercenary (~> 0.3) - nokogumbo (~> 2.0) - parallel (~> 1.3) + nokogiri (~> 1.13) + parallel (~> 1.10) rainbow (~> 3.0) typhoeus (~> 1.3) yell (~> 2.0) + zeitwerk (~> 2.5) http_parser.rb (0.6.0) i18n (0.9.5) concurrent-ruby (~> 1.0) @@ -126,24 +127,24 @@ GEM rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.3.6) mini_magick (4.10.1) - mini_portile2 (2.4.0) + mini_portile2 (2.8.8) minitest (5.14.1) multipart-post (2.1.1) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) - nokogumbo (2.0.2) - nokogiri (~> 1.8, >= 1.8.4) + nokogiri (1.15.7) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) octokit (4.18.0) faraday (>= 0.9) sawyer (~> 0.8.0, >= 0.5.3) - parallel (1.19.2) + parallel (1.27.0) pathutil (0.16.2) forwardable-extended (~> 2.6) posix-spawn (0.3.15) progress (3.5.2) - public_suffix (4.0.5) + public_suffix (5.1.1) + racc (1.8.1) rack (2.2.3) - rainbow (3.0.0) + rainbow (3.1.1) rake (13.0.1) rb-fsevent (0.10.4) rb-inotify (0.10.1) @@ -151,10 +152,9 @@ GEM rexml (3.2.4) rouge (3.22.0) safe_yaml (1.0.5) - sanitize (5.2.1) + sanitize (6.1.3) crass (~> 1.0.2) - nokogiri (>= 1.8.0) - nokogumbo (~> 2.0) + nokogiri (>= 1.12.0) sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) @@ -169,13 +169,14 @@ GEM concurrent-ruby (~> 1.0) rack (> 1, < 3) thread_safe (0.3.6) - typhoeus (1.4.0) + typhoeus (1.4.1) ethon (>= 0.9.0) tzinfo (1.2.7) thread_safe (~> 0.1) uglifier (4.2.0) execjs (>= 0.3.0, < 3) yell (2.2.2) + zeitwerk (2.6.18) PLATFORMS ruby @@ -185,7 +186,7 @@ DEPENDENCIES autoprefixer-rails crass font-awesome-sass - html-proofer + html-proofer (>= 3.19.3) image_optim image_optim_bin image_optim_pack @@ -204,7 +205,7 @@ DEPENDENCIES mini_magick rake rouge - sanitize + sanitize (>= 6.0.0) sass sprockets (= 4.0.0.beta8) uglifier