From 1a804beaeb0d9150e1e6165bb9c49b25a68b0fad Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 7 Oct 2025 19:18:11 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378928
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378930
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378932
---
 Gemfile      |   8 ++--
 Gemfile.lock | 114 +++++++++++++++++++++++++++++----------------------
 2 files changed, 70 insertions(+), 52 deletions(-)
 mode change 100755 => 100644 Gemfile

diff --git a/Gemfile b/Gemfile
old mode 100755
new mode 100644
index 4b88bd4..9423d2c
--- a/Gemfile
+++ b/Gemfile
@@ -3,13 +3,13 @@ ruby "2.2.2"
 
 gem "rake"
 gem "multi_json", "~> 1.3"
-gem "rack", "~> 2.0.0"
-gem "rack-test"
-gem "sinatra", "2.0.1"
+gem "rack", "~> 2.2.19"
+gem "rack-test", ">= 1.0.0"
+gem "sinatra", "2.0.2"
 gem "sinatra-reloader"
 gem "haml"
 gem "sass"
-gem "omniauth-facebook", "~> 4.0"
+gem "omniauth-facebook", "~> 5.0", ">= 5.0.0"
 gem "yajl-ruby", "~> 1.3.1"
 gem "koala", "~> 1.11"
 gem "createsend", "~> 3.1"
diff --git a/Gemfile.lock b/Gemfile.lock
index d41c4ed..07d3f1c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,12 +1,14 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     backports (3.11.1)
+    base64 (0.3.0)
     bcrypt (3.1.11)
     bcrypt-ruby (3.1.5)
       bcrypt (>= 3.1.3)
+    bigdecimal (3.3.0)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
     createsend (3.4.0)
@@ -25,7 +27,7 @@ GEM
       dm-validations (~> 1.2.0)
     data_objects (0.10.17)
       addressable (~> 2.1)
-    diff-lcs (1.3)
+    diff-lcs (1.6.2)
     dm-aggregates (1.2.0)
       dm-core (~> 1.2.0)
     dm-constraints (1.2.0)
@@ -68,12 +70,17 @@ GEM
     do_sqlite3 (0.10.17)
       data_objects (= 0.10.17)
     docile (1.1.5)
-    faraday (0.12.2)
-      multipart-post (>= 1.2, < 3)
+    faraday (2.14.0)
+      faraday-net_http (>= 2.0, < 3.5)
+      json
+      logger
+    faraday-net_http (3.4.1)
+      net-http (>= 0.5.0)
     fastercsv (1.5.5)
-    ffi (1.9.23)
-    haml (5.0.4)
-      temple (>= 0.8.0)
+    ffi (1.17.2)
+    haml (6.3.0)
+      temple (>= 0.8.2)
+      thor
       tilt
     hashdiff (0.3.7)
     hashie (2.1.2)
@@ -81,43 +88,50 @@ GEM
       multi_xml (>= 0.5.2)
     json (1.8.6)
     json_pure (1.8.6)
-    jwt (1.5.6)
+    jwt (2.10.2)
+      base64
     kgio (2.11.2)
     koala (1.11.1)
       addressable
       faraday
       multi_json
-    multi_json (1.13.1)
-    multi_xml (0.6.0)
-    multipart-post (2.0.0)
-    mustermann (1.0.2)
+    logger (1.7.0)
+    monkey-lib (0.4.2)
+      backports
+    multi_json (1.17.0)
+    multi_xml (0.7.1)
+      bigdecimal (~> 3.1)
+    mustermann (1.1.2)
+      ruby2_keywords (~> 0.0.1)
+    net-http (0.6.0)
+      uri
     newrelic_rpm (4.8.0.341)
-    oauth2 (1.4.0)
-      faraday (>= 0.8, < 0.13)
-      jwt (~> 1.0)
+    oauth2 (1.4.11)
+      faraday (>= 0.17.3, < 3.0)
+      jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
+      rack (>= 1.2, < 4)
     omniauth (1.4.3)
       hashie (>= 1.2, < 4)
       rack (>= 1.6.2, < 3)
-    omniauth-facebook (4.0.0)
+    omniauth-facebook (5.0.0)
       omniauth-oauth2 (~> 1.2)
     omniauth-oauth2 (1.5.0)
       oauth2 (~> 1.1)
       omniauth (~> 1.2)
     pg (1.0.0)
-    public_suffix (3.0.2)
-    rack (2.0.4)
-    rack-protection (2.0.1)
+    public_suffix (6.0.2)
+    rack (2.2.19)
+    rack-protection (2.0.2)
       rack
-    rack-test (0.8.3)
-      rack (>= 1.0, < 3)
+    rack-test (2.2.0)
+      rack (>= 1.3)
     raindrops (0.19.0)
-    rake (12.3.0)
+    rake (13.3.0)
     rb-fsevent (0.10.3)
-    rb-inotify (0.9.10)
-      ffi (>= 0.5.0, < 2)
+    rb-inotify (0.11.1)
+      ffi (~> 1.0)
     rspec (3.7.0)
       rspec-core (~> 3.7.0)
       rspec-expectations (~> 3.7.0)
@@ -131,37 +145,41 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.7.0)
     rspec-support (3.7.1)
+    ruby2_keywords (0.0.5)
     safe_yaml (1.0.4)
-    sass (3.5.5)
+    sass (3.7.4)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
-    simplecov (0.15.1)
-      docile (~> 1.1.0)
+    simplecov (0.17.1)
+      docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    sinatra (2.0.1)
+    sinatra (2.0.2)
       mustermann (~> 1.0)
       rack (~> 2.0)
-      rack-protection (= 2.0.1)
+      rack-protection (= 2.0.2)
       tilt (~> 2.0)
-    sinatra-contrib (2.0.1)
-      backports (>= 2.0)
-      multi_json
-      mustermann (~> 1.0)
-      rack-protection (= 2.0.1)
-      sinatra (= 2.0.1)
-      tilt (>= 1.3, < 3)
-    sinatra-reloader (1.0)
-      sinatra-contrib
+    sinatra-advanced-routes (0.4.1)
+      monkey-lib (~> 0.4.0)
+      sinatra (>= 0.9.4)
+      sinatra-sugar (~> 0.4.0)
+    sinatra-reloader (0.4.1)
+      sinatra (>= 0.9.4)
+      sinatra-advanced-routes (~> 0.4.0)
+    sinatra-sugar (0.4.1)
+      monkey-lib (~> 0.4.0)
+      sinatra (>= 0.9.4)
     stringex (1.5.1)
-    temple (0.8.0)
-    tilt (2.0.8)
-    unicorn (5.4.0)
+    temple (0.10.4)
+    thor (1.4.0)
+    tilt (2.6.1)
+    unicorn (6.1.0)
       kgio (~> 2.6)
       raindrops (~> 0.7)
+    uri (1.0.4)
     uuidtools (2.1.5)
     webmock (3.3.0)
       addressable (>= 2.3.6)
@@ -181,15 +199,15 @@ DEPENDENCIES
   koala (~> 1.11)
   multi_json (~> 1.3)
   newrelic_rpm
-  omniauth-facebook (~> 4.0)
+  omniauth-facebook (~> 5.0, >= 5.0.0)
   pg
-  rack (~> 2.0.0)
-  rack-test
+  rack (~> 2.2.19)
+  rack-test (>= 1.0.0)
   rake
   rspec
   sass
   simplecov
-  sinatra (= 2.0.1)
+  sinatra (= 2.0.2)
   sinatra-reloader
   unicorn
   webmock
@@ -199,4 +217,4 @@ RUBY VERSION
    ruby 2.2.2p95
 
 BUNDLED WITH
-   1.16.1
+   2.3.27