From 0830269f6b2246c30875c63f56af57f3ed29c738 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 4 Apr 2023 11:47:08 -0700
Subject: [PATCH 1/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-JSON-20060
- https://snyk.io/vuln/SNYK-RUBY-JSON-560838
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
- https://snyk.io/vuln/SNYK-RUBY-RACK-20021
- https://snyk.io/vuln/SNYK-RUBY-RACK-20028
- https://snyk.io/vuln/SNYK-RUBY-RACK-20045
- https://snyk.io/vuln/SNYK-RUBY-RACK-20052
- https://snyk.io/vuln/SNYK-RUBY-RACK-20058
- https://snyk.io/vuln/SNYK-RUBY-RACK-20059
- https://snyk.io/vuln/SNYK-RUBY-RACK-20230
- https://snyk.io/vuln/SNYK-RUBY-RACK-20397
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848599
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848600
- https://snyk.io/vuln/SNYK-RUBY-RACK-3356639
- https://snyk.io/vuln/SNYK-RUBY-RACK-538324
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
- https://snyk.io/vuln/SNYK-RUBY-RACK-572377
- https://snyk.io/vuln/SNYK-RUBY-RACK-72567
- https://snyk.io/vuln/SNYK-RUBY-RESTCLIENT-20204
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-20468
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-20488
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-22027
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-2806372
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-3150405
- https://snyk.io/vuln/SNYK-RUBY-YAJLRUBY-22002
- https://snyk.io/vuln/SNYK-RUBY-YAJLRUBY-2441253
---
 Gemfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Gemfile b/Gemfile
index 65f2704..0df0ee7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,12 +1,12 @@
 source :rubygems
 
-gem 'sinatra',   '~>1.0'
-gem 'yajl-ruby', '~>1.1.0'
+gem 'sinatra', '~> 2.2', '>= 2.2.3'
+gem 'yajl-ruby', '~> 1.4.2'
 gem 'mustache',  '~>0.11.2'
 gem 'curb',      '~>0.7.8'
 gem 'coderay',   '~>0.8.357'
 
-gem 'sinatra_auth_github'
+gem 'sinatra_auth_github', '>= 2.0.0'
 
 group :test do
   gem 'shotgun'

From 6f915746d9c2495d003672658132e71190d392a0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 4 Apr 2023 11:47:09 -0700
Subject: [PATCH 2/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-JSON-20060
- https://snyk.io/vuln/SNYK-RUBY-JSON-560838
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
- https://snyk.io/vuln/SNYK-RUBY-RACK-20021
- https://snyk.io/vuln/SNYK-RUBY-RACK-20028
- https://snyk.io/vuln/SNYK-RUBY-RACK-20045
- https://snyk.io/vuln/SNYK-RUBY-RACK-20052
- https://snyk.io/vuln/SNYK-RUBY-RACK-20058
- https://snyk.io/vuln/SNYK-RUBY-RACK-20059
- https://snyk.io/vuln/SNYK-RUBY-RACK-20230
- https://snyk.io/vuln/SNYK-RUBY-RACK-20397
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848599
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848600
- https://snyk.io/vuln/SNYK-RUBY-RACK-3356639
- https://snyk.io/vuln/SNYK-RUBY-RACK-538324
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
- https://snyk.io/vuln/SNYK-RUBY-RACK-572377
- https://snyk.io/vuln/SNYK-RUBY-RACK-72567
- https://snyk.io/vuln/SNYK-RUBY-RESTCLIENT-20204
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-20468
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-20488
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-22027
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-2806372
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-3150405
- https://snyk.io/vuln/SNYK-RUBY-YAJLRUBY-22002
- https://snyk.io/vuln/SNYK-RUBY-YAJLRUBY-2441253
---
 Gemfile.lock | 85 ++++++++++++++++++++++++++++++++--------------------
 1 file changed, 53 insertions(+), 32 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index ec939b4..b56e4a3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,39 +1,57 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    addressable (2.2.2)
+    activesupport (7.0.4.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.8.2)
+      public_suffix (>= 2.0.2, < 6.0)
     coderay (0.8.357)
+    concurrent-ruby (1.2.2)
     curb (0.7.8)
-    faraday (0.4.6)
-      addressable (>= 2.1.1)
-      rack (>= 1.0.1)
-    json (1.4.6)
-    mime-types (1.16)
-    multi_json (0.0.5)
+    faraday (2.7.4)
+      faraday-net_http (>= 2.0, < 3.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-net_http (3.0.2)
+    i18n (1.12.0)
+      concurrent-ruby (~> 1.0)
+    minitest (5.18.0)
     mustache (0.11.2)
-    oauth2 (0.0.13)
-      faraday (~> 0.4.1)
-      multi_json (>= 0.0.4)
-    rack (1.2.1)
-    rest-client (1.5.1)
-      mime-types (>= 1.16)
-    shotgun (0.8)
+    mustermann (2.0.2)
+      ruby2_keywords (~> 0.0.1)
+    octokit (6.1.0)
+      faraday (>= 1, < 3)
+      sawyer (~> 0.9)
+    public_suffix (5.0.1)
+    rack (2.2.6.4)
+    rack-protection (2.2.4)
+      rack
+    ruby2_keywords (0.0.5)
+    sawyer (0.9.2)
+      addressable (>= 2.3.5)
+      faraday (>= 0.17.3, < 3)
+    shotgun (0.9.2)
       rack (>= 1.0)
-    sinatra (1.1.0)
-      rack (~> 1.1)
-      tilt (~> 1.1)
-    sinatra_auth_github (0.0.11)
-      rest-client (~> 1.5.1)
-      sinatra (~> 1.0)
-      warden-github (~> 0.0.5)
-    tilt (1.1)
-    warden (0.10.7)
-      rack (>= 1.0.0)
-    warden-github (0.0.6)
-      json (>= 1.0.0)
-      oauth2 (~> 0.0.8)
-      warden (~> 0.10)
-    yajl-ruby (1.1.0)
+    sinatra (2.2.4)
+      mustermann (~> 2.0)
+      rack (~> 2.2)
+      rack-protection (= 2.2.4)
+      tilt (~> 2.0)
+    sinatra_auth_github (2.0.0)
+      sinatra (~> 2.0)
+      warden-github (~> 1.3)
+    tilt (2.1.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    warden (1.2.9)
+      rack (>= 2.0.9)
+    warden-github (1.3.2)
+      activesupport (> 3.0)
+      octokit (> 2.1.0)
+      warden (> 1.0)
+    yajl-ruby (1.4.3)
 
 PLATFORMS
   ruby
@@ -43,6 +61,9 @@ DEPENDENCIES
   curb (~> 0.7.8)
   mustache (~> 0.11.2)
   shotgun
-  sinatra (~> 1.0)
-  sinatra_auth_github
-  yajl-ruby (~> 1.1.0)
+  sinatra (~> 2.2, >= 2.2.3)
+  sinatra_auth_github (>= 2.0.0)
+  yajl-ruby (~> 1.4.2)
+
+BUNDLED WITH
+   2.1.4