From 4f2f356a23bd914a6d761a3c2f3236af548ca6f0 Mon Sep 17 00:00:00 2001
From: Mateusz Michalski <bladesiwy@hotmail.com>
Date: Mon, 30 Sep 2019 11:42:18 +0100
Subject: [PATCH 1/2] Fix CVE-2015-3227 and CVE-2015-3226

---
 Gemfile.lock  | 33 ++++++++++++++++++++-------------
 arbor.gemspec |  2 +-
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index cc1a1d7..59862e7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,28 +1,32 @@
 PATH
   remote: .
   specs:
-    arbor (0.0.1)
-      activesupport (>= 3.0.0)
-      httpi
+    arbor (1.0.3)
+      activesupport (~> 4.1.11)
+      httpi (>= 2.0.5)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (4.1.5)
+    activesupport (4.1.16)
       i18n (~> 0.6, >= 0.6.9)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
       thread_safe (~> 0.1)
       tzinfo (~> 1.1)
-    httpi (2.0.2)
+    concurrent-ruby (1.1.5)
+    httpi (2.4.4)
       rack
-    i18n (0.6.11)
-    json (1.8.1)
-    minitest (5.4.1)
-    rack (1.5.2)
-    rake (10.3.2)
-    thread_safe (0.3.4)
-    tzinfo (1.2.2)
+      socksify
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
+    json (1.8.6)
+    minitest (5.12.2)
+    rack (2.0.7)
+    rake (0.9.6)
+    socksify (1.7.1)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
       thread_safe (~> 0.1)
 
 PLATFORMS
@@ -31,4 +35,7 @@ PLATFORMS
 DEPENDENCIES
   arbor!
   bundler (~> 1.3)
-  rake
+  rake (~> 0)
+
+BUNDLED WITH
+   1.17.3
diff --git a/arbor.gemspec b/arbor.gemspec
index 56a461e..446c7e7 100644
--- a/arbor.gemspec
+++ b/arbor.gemspec
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "activesupport", ">= 3.0.0"
+  spec.add_dependency "activesupport", "~> 4.1.11"
   spec.add_dependency "httpi", ">= 2.0.5"
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake", "~> 0"

From 49e101fdefe28cc98e61803c870680305ce3f0dd Mon Sep 17 00:00:00 2001
From: Mateusz Michalski <bladesiwy@hotmail.com>
Date: Mon, 30 Sep 2019 11:45:54 +0100
Subject: [PATCH 2/2] Fix CVE-2018-16471 and CVE-2015-3225

---
 Gemfile.lock  | 1 +
 arbor.gemspec | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Gemfile.lock b/Gemfile.lock
index 59862e7..71551b3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -4,6 +4,7 @@ PATH
     arbor (1.0.3)
       activesupport (~> 4.1.11)
       httpi (>= 2.0.5)
+      rack (>= 1.6.11)
 
 GEM
   remote: https://rubygems.org/
diff --git a/arbor.gemspec b/arbor.gemspec
index 446c7e7..a2d5c82 100644
--- a/arbor.gemspec
+++ b/arbor.gemspec
@@ -18,6 +18,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
+  spec.add_dependency "rack", ">= 1.6.11"
   spec.add_dependency "activesupport", "~> 4.1.11"
   spec.add_dependency "httpi", ">= 2.0.5"
   spec.add_development_dependency "bundler", "~> 1.3"