From dd5ca8084c6adc10301d87540ecbf0519270c0da Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 Apr 2023 02:12:25 +0000 Subject: [PATCH] fix: vendor/github.com/containerd/containerd/Gemfile & vendor/github.com/containerd/containerd/Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-1316242 - https://snyk.io/vuln/SNYK-RUBY-FFI-22037 - https://snyk.io/vuln/SNYK-RUBY-JEKYLL-451462 - https://snyk.io/vuln/SNYK-RUBY-KRAMDOWN-1087436 - https://snyk.io/vuln/SNYK-RUBY-KRAMDOWN-585939 --- .../github.com/containerd/containerd/Gemfile | 2 +- .../containerd/containerd/Gemfile.lock | 97 ++++++++++--------- 2 files changed, 54 insertions(+), 45 deletions(-) diff --git a/vendor/github.com/containerd/containerd/Gemfile b/vendor/github.com/containerd/containerd/Gemfile index ba20622..5b191df 100644 --- a/vendor/github.com/containerd/containerd/Gemfile +++ b/vendor/github.com/containerd/containerd/Gemfile @@ -1,4 +1,4 @@ source "https://rubygems.org" -gem "jekyll" +gem "jekyll", ">= 3.9.0" gem "jekyll-redirect-from" gem "jekyll-seo-tag" diff --git a/vendor/github.com/containerd/containerd/Gemfile.lock b/vendor/github.com/containerd/containerd/Gemfile.lock index e36d36a..8f03675 100644 --- a/vendor/github.com/containerd/containerd/Gemfile.lock +++ b/vendor/github.com/containerd/containerd/Gemfile.lock @@ -1,69 +1,78 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) + addressable (2.8.3) + public_suffix (>= 2.0.2, < 6.0) colorator (1.1.0) - concurrent-ruby (1.0.5) - em-websocket (0.5.1) + concurrent-ruby (1.2.2) + em-websocket (0.5.3) eventmachine (>= 0.12.9) - http_parser.rb (~> 0.6.0) - eventmachine (1.2.5) - ffi (1.9.18) + http_parser.rb (~> 0) + eventmachine (1.2.7) + ffi (1.15.5) forwardable-extended (2.6.0) - http_parser.rb (0.6.0) - i18n (0.9.1) + google-protobuf (3.22.2) + http_parser.rb (0.8.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) - jekyll (3.7.0) + jekyll (4.3.2) addressable (~> 2.4) colorator (~> 1.0) em-websocket (~> 0.5) - i18n (~> 0.7) - jekyll-sass-converter (~> 1.0) + i18n (~> 1.0) + jekyll-sass-converter (>= 2.0, < 4.0) jekyll-watch (~> 2.0) - kramdown (~> 1.14) + kramdown (~> 2.3, >= 2.3.1) + kramdown-parser-gfm (~> 1.0) liquid (~> 4.0) - mercenary (~> 0.3.3) + mercenary (>= 0.3.6, < 0.5) pathutil (~> 0.9) - rouge (>= 1.7, < 4) + rouge (>= 3.0, < 5.0) safe_yaml (~> 1.0) - jekyll-redirect-from (0.13.0) - jekyll (~> 3.3) - jekyll-sass-converter (1.5.1) - sass (~> 3.4) - jekyll-seo-tag (2.4.0) - jekyll (~> 3.3) - jekyll-watch (2.0.0) + terminal-table (>= 1.8, < 4.0) + webrick (~> 1.7) + jekyll-redirect-from (0.16.0) + jekyll (>= 3.3, < 5.0) + jekyll-sass-converter (3.0.0) + sass-embedded (~> 1.54) + jekyll-seo-tag (2.8.0) + jekyll (>= 3.8, < 5.0) + jekyll-watch (2.2.1) listen (~> 3.0) - kramdown (1.16.2) - liquid (4.0.0) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) - mercenary (0.3.6) - pathutil (0.16.1) + kramdown (2.4.0) + rexml + kramdown-parser-gfm (1.1.0) + kramdown (~> 2.0) + liquid (4.0.4) + listen (3.8.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + mercenary (0.4.0) + pathutil (0.16.2) forwardable-extended (~> 2.6) - public_suffix (3.0.1) - rb-fsevent (0.10.2) - rb-inotify (0.9.10) - ffi (>= 0.5.0, < 2) - rouge (3.1.0) - ruby_dep (1.5.0) - safe_yaml (1.0.4) - sass (3.5.4) - sass-listen (~> 4.0.0) - sass-listen (4.0.0) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) + public_suffix (5.0.1) + rake (13.0.6) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) + ffi (~> 1.0) + rexml (3.2.5) + rouge (4.1.0) + safe_yaml (1.0.5) + sass-embedded (1.60.0) + google-protobuf (~> 3.21) + rake (>= 10.0.0) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + unicode-display_width (2.4.2) + webrick (1.8.1) PLATFORMS ruby DEPENDENCIES - jekyll + jekyll (>= 3.9.0) jekyll-redirect-from jekyll-seo-tag BUNDLED WITH - 1.16.1 + 1.17.3