From 41c925faf8c470c5fe2450241e8b9bbd128d416e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 4 Apr 2024 23:27:52 +0000 Subject: [PATCH] fix: pact_broker/Gemfile & pact_broker/Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-6274383 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274384 - https://snyk.io/vuln/SNYK-RUBY-RACK-6274385 --- pact_broker/Gemfile | 2 +- pact_broker/Gemfile.lock | 251 ++++++++++++++++++++------------------- 2 files changed, 130 insertions(+), 123 deletions(-) diff --git a/pact_broker/Gemfile b/pact_broker/Gemfile index 8ecdc430..c876d447 100644 --- a/pact_broker/Gemfile +++ b/pact_broker/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -gem "pact_broker" +gem "pact_broker", ">= 2.39.0" gem "pg", "~>1.0" gem "puma", "~> 3.12" gem "mysql2", "~>0.3" diff --git a/pact_broker/Gemfile.lock b/pact_broker/Gemfile.lock index a0315965..053d6d0f 100644 --- a/pact_broker/Gemfile.lock +++ b/pact_broker/Gemfile.lock @@ -1,163 +1,170 @@ GEM remote: https://rubygems.org/ specs: - as-notifications (1.0.1) - awesome_print (1.8.0) - concurrent-ruby (1.1.5) - declarative (0.0.10) - declarative-builder (0.1.0) - declarative-option (< 0.2.0) - declarative-option (0.1.0) - diff-lcs (1.3) - disposable (0.4.5) + anyway_config (2.6.3) + ruby-next-core (~> 1.0) + as-notifications (1.0.2) + awesome_print (1.9.2) + base64 (0.2.0) + bigdecimal (3.1.7) + concurrent-ruby (1.2.3) + crass (1.0.6) + declarative (0.0.20) + diff-lcs (1.5.1) + disposable (0.6.3) declarative (>= 0.0.9, < 1.0.0) - declarative-builder (< 0.2.0) - declarative-option (< 0.2.0) - representable (>= 2.4.0, <= 3.1.0) - uber (< 0.2.0) - dry-configurable (0.8.3) + representable (>= 3.1.1, < 4) + dry-configurable (1.0.1) + dry-core (~> 1.0, < 2) + zeitwerk (~> 2.6) + dry-core (1.0.0) concurrent-ruby (~> 1.0) - dry-core (~> 0.4, >= 0.4.7) - dry-container (0.7.2) + zeitwerk (~> 2.6) + dry-inflector (1.0.0) + dry-initializer (3.1.1) + dry-logic (1.5.0) concurrent-ruby (~> 1.0) - dry-configurable (~> 0.1, >= 0.1.3) - dry-core (0.4.9) + dry-core (~> 1.0, < 2) + zeitwerk (~> 2.6) + dry-schema (1.13.3) concurrent-ruby (~> 1.0) - dry-equalizer (0.2.2) - dry-logic (0.4.2) - dry-container (~> 0.2, >= 0.2.6) - dry-core (~> 0.2) - dry-equalizer (~> 0.2) - dry-types (0.10.3) + dry-configurable (~> 1.0, >= 1.0.1) + dry-core (~> 1.0, < 2) + dry-initializer (~> 3.0) + dry-logic (>= 1.4, < 2) + dry-types (>= 1.7, < 2) + zeitwerk (~> 2.6) + dry-types (1.7.1) concurrent-ruby (~> 1.0) - dry-configurable (~> 0.1) - dry-container (~> 0.3) - dry-core (~> 0.2, >= 0.2.1) - dry-equalizer (~> 0.2) - dry-logic (~> 0.4, >= 0.4.0) - inflecto (~> 0.0.0, >= 0.0.2) - dry-validation (0.10.7) + dry-core (~> 1.0) + dry-inflector (~> 1.0) + dry-logic (~> 1.4) + zeitwerk (~> 2.6) + dry-validation (1.10.0) concurrent-ruby (~> 1.0) - dry-configurable (~> 0.1, >= 0.1.3) - dry-core (~> 0.2, >= 0.2.1) - dry-equalizer (~> 0.2) - dry-logic (~> 0.4, >= 0.4.0) - dry-types (~> 0.9, >= 0.9.0) - find_a_port (1.0.1) - haml (5.1.2) + dry-core (~> 1.0, < 2) + dry-initializer (~> 3.0) + dry-schema (>= 1.12, < 2) + zeitwerk (~> 2.6) + expgen (0.1.1) + parslet + haml (5.2.2) temple (>= 0.8.0) tilt - httparty (0.17.1) - mime-types (~> 3.0) - multi_xml (>= 0.5.2) - i18n (1.6.0) + i18n (1.14.4) concurrent-ruby (~> 1.0) - inflecto (0.0.2) - json (2.2.0) - mime-types (3.3) - mime-types-data (~> 3.2015) - mime-types-data (3.2019.0904) - multi_json (1.13.1) - multi_xml (0.6.0) - mustermann (1.0.3) + json (2.7.2) + mini_portile2 (2.8.5) + moments (0.3.0) + multi_json (1.15.0) + mustermann (3.0.0) + ruby2_keywords (~> 0.0.1) mysql2 (0.5.2) - pact-support (1.11.0) - awesome_print (~> 1.1) - find_a_port (~> 1.0.1) - json - randexp (~> 0.1.7) - rspec (>= 2.14) - term-ansicolor (~> 1.0) - thor - pact_broker (2.38.1) - dry-logic (= 0.4.2) - dry-types (~> 0.10.3) - dry-validation (~> 0.10.5) + nokogiri (1.15.6) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + pact-support (1.20.0) + awesome_print (~> 1.9) + diff-lcs (~> 1.5) + expgen (~> 0.1) + rainbow (~> 3.1.1) + pact_broker (2.109.1) + anyway_config (~> 2.1) + dry-validation (~> 1.8) haml (~> 5.0) - httparty (~> 0.14) - json (> 1.8, < 3.0) - pact-support + json (~> 2.3) + moments (~> 0.2) + pact-support (~> 1.16, >= 1.16.4) padrino-core (~> 0.14, >= 0.14.3) - rack (~> 2.0, >= 2.0.6) - rack-protection (~> 2.0) - redcarpet (~> 3.3, >= 3.3.2) - reform (~> 2.2) + psych (~> 4.0) + rack (~> 2.2, >= 2.2.3) + rack-protection (~> 3.0) + redcarpet (~> 3.5, >= 3.5.1) + reform (~> 2.6) + request_store (~> 1.5) roar (~> 1.1) - semantic_logger (~> 4.3) + sanitize (~> 6.0) + semantic_logger (~> 4.11) semver2 (~> 3.4.2) - sequel (~> 5.6) - sinatra (>= 2.0.2) - sucker_punch (~> 2.0) + sequel (~> 5.28) + sinatra (~> 3.0) + sucker_punch (~> 3.0) table_print (~> 1.5) - webmachine (= 1.5.0) - padrino-core (0.14.4) - padrino-support (= 0.14.4) - sinatra (>= 2.0.0) - thor (~> 0.18) - padrino-support (0.14.4) + webmachine (>= 2.0.0.beta, < 3.0) + webrick (~> 1.8) + wisper (~> 2.0) + padrino-core (0.15.3) + padrino-support (= 0.15.3) + sinatra (>= 2.2.4) + thor (~> 1.0) + padrino-support (0.15.3) + parslet (2.0.0) pg (1.1.4) + psych (4.0.6) + stringio puma (3.12.1) - rack (2.0.7) - rack-protection (2.0.7) - rack - randexp (0.1.7) - redcarpet (3.5.0) - reform (2.2.4) - disposable (>= 0.4.1) - representable (>= 2.4.0, < 3.1.0) - representable (3.0.4) + racc (1.7.3) + rack (2.2.9) + rack-protection (3.2.0) + base64 (>= 0.1.0) + rack (~> 2.2, >= 2.2.4) + rainbow (3.1.1) + redcarpet (3.6.0) + reform (2.6.2) + disposable (>= 0.5.0, < 1.0.0) + representable (>= 3.1.1, < 4) + uber (< 0.2.0) + representable (3.2.0) declarative (< 0.1.0) - declarative-option (< 0.2.0) + trailblazer-option (>= 0.1.1, < 0.2.0) uber (< 0.2.0) - roar (1.1.0) - representable (~> 3.0.0) - rspec (3.8.0) - rspec-core (~> 3.8.0) - rspec-expectations (~> 3.8.0) - rspec-mocks (~> 3.8.0) - rspec-core (3.8.2) - rspec-support (~> 3.8.0) - rspec-expectations (3.8.4) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-mocks (3.8.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-support (3.8.2) - semantic_logger (4.5.0) + request_store (1.6.0) + rack (>= 1.4) + roar (1.2.0) + representable (~> 3.1) + ruby-next-core (1.0.2) + ruby2_keywords (0.0.5) + sanitize (6.1.0) + crass (~> 1.0.2) + nokogiri (>= 1.12.0) + semantic_logger (4.15.0) concurrent-ruby (~> 1.0) semver2 (3.4.2) - sequel (5.24.0) - sinatra (2.0.7) - mustermann (~> 1.0) - rack (~> 2.0) - rack-protection (= 2.0.7) + sequel (5.79.0) + bigdecimal + sinatra (3.2.0) + mustermann (~> 3.0) + rack (~> 2.2, >= 2.2.4) + rack-protection (= 3.2.0) tilt (~> 2.0) sqlite3 (1.4.1) - sucker_punch (2.1.2) + stringio (3.1.0) + sucker_punch (3.2.0) concurrent-ruby (~> 1.0) - table_print (1.5.6) - temple (0.8.2) - term-ansicolor (1.7.1) - tins (~> 1.0) - thor (0.20.3) - tilt (2.0.9) - tins (1.21.1) + table_print (1.5.7) + temple (0.10.3) + thor (1.3.1) + tilt (2.3.0) + trailblazer-option (0.1.2) uber (0.1.0) - webmachine (1.5.0) - as-notifications (~> 1.0) + webmachine (2.0.1) + as-notifications (>= 1.0.2, < 2.0) + base64 i18n (>= 0.4.0) multi_json + webrick (1.8.1) + wisper (2.0.1) + zeitwerk (2.6.13) PLATFORMS ruby DEPENDENCIES mysql2 (~> 0.3) - pact_broker + pact_broker (>= 2.39.0) pg (~> 1.0) puma (~> 3.12) sqlite3 (~> 1.3) BUNDLED WITH - 2.0.2 + 2.1.4