From 3df5e2e8a30a115aac00dfea75011645a74a1cc9 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 16 Dec 2020 08:01:23 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
- https://snyk.io/vuln/SNYK-RUBY-RACK-572377
---
 Gemfile      |  2 +-
 Gemfile.lock | 40 +++++++++++++++++++++++++++++-----------
 2 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/Gemfile b/Gemfile
index 2e5a35f..c93d4f6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -11,7 +11,7 @@ group :jekyll_plugins do
   gem "jekyll-relative-links", '~> 0.6.1'
   # gem "jekyll-paginate-v2"
   # gem "jekyll-toc"
-  gem "jekyll-assets"
+  gem "jekyll-assets", ">= 3.0.0"
   # gem "jekyll-paginate", '~> 1.1.0'
 end
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 48d502a..cd81ea4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,6 +1,11 @@
 GEM
   remote: https://rubygems.org/
   specs:
+    activesupport (5.2.4.4)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
     autoprefixer-rails (10.1.0.0)
@@ -36,18 +41,24 @@ GEM
       pathutil (~> 0.9)
       rouge (>= 1.7, < 4)
       safe_yaml (~> 1.0)
-    jekyll-assets (2.4.0)
-      concurrent-ruby (~> 1.0)
+    jekyll-assets (3.0.12)
+      activesupport (~> 5.0)
+      execjs (~> 2.7)
       extras (~> 0.2)
       fastimage (~> 2.0, >= 1.8)
-      jekyll (~> 3.1, >= 3.0)
-      pathutil (>= 0.8)
-      rack (~> 1.6)
-      sprockets (~> 3.3, < 3.8)
+      jekyll (>= 3.5, < 4.0)
+      jekyll-sanity (~> 1.2)
+      liquid-tag-parser (~> 1.0)
+      nokogiri (~> 1.8)
+      pathutil (~> 0.16)
+      sprockets (>= 3.3, < 4.1.beta)
     jekyll-gist (1.5.0)
       octokit (~> 4.2)
     jekyll-relative-links (0.6.1)
       jekyll (>= 3.3, < 5.0)
+    jekyll-sanity (1.6.0)
+      jekyll (>= 3.1, < 5.0)
+      pathutil (~> 0.16)
     jekyll-sass-converter (1.5.2)
       sass (~> 3.4)
     jekyll-seo-tag (2.6.1)
@@ -61,11 +72,15 @@ GEM
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
     liquid (4.0.3)
+    liquid-tag-parser (1.9.0)
+      extras (~> 0.3)
+      liquid (>= 3.0, < 5.0)
     listen (3.3.3)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     mercenary (0.3.6)
     mini_portile2 (2.4.0)
+    minitest (5.14.2)
     multipart-post (2.1.1)
     nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
@@ -74,13 +89,13 @@ GEM
       sawyer (~> 0.8.0, >= 0.5.3)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
-    public_suffix (3.1.1)
-    rack (1.6.13)
+    public_suffix (4.0.6)
+    rack (2.2.3)
     rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     rexml (3.2.4)
-    rouge (3.23.0)
+    rouge (3.26.0)
     ruby2_keywords (0.0.2)
     safe_yaml (1.0.5)
     sass (3.7.4)
@@ -94,6 +109,9 @@ GEM
     sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
+    thread_safe (0.3.6)
+    tzinfo (1.2.8)
+      thread_safe (~> 0.1)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
 
@@ -103,7 +121,7 @@ PLATFORMS
 DEPENDENCIES
   autoprefixer-rails
   jekyll (~> 3.9)
-  jekyll-assets
+  jekyll-assets (>= 3.0.0)
   jekyll-gist (~> 1.5.0)
   jekyll-relative-links (~> 0.6.1)
   jekyll-seo-tag (~> 2.6.1)
@@ -113,4 +131,4 @@ DEPENDENCIES
   uglifier
 
 BUNDLED WITH
-   2.1.2
+   1.17.3