From 8c0cacc614d0a560e367678b2545305b04e5c60b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 28 May 2022 21:37:50 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848599
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848600
---
 Gemfile      |  2 +-
 Gemfile.lock | 66 +++++++++++++++++++++++++++++++++-------------------
 2 files changed, 43 insertions(+), 25 deletions(-)

diff --git a/Gemfile b/Gemfile
index 2e5a35f..c93d4f6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -11,7 +11,7 @@ group :jekyll_plugins do
   gem "jekyll-relative-links", '~> 0.6.1'
   # gem "jekyll-paginate-v2"
   # gem "jekyll-toc"
-  gem "jekyll-assets"
+  gem "jekyll-assets", ">= 3.0.0"
   # gem "jekyll-paginate", '~> 1.1.0'
 end
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 48d502a..c70382d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,15 +1,20 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.7.0)
+    activesupport (5.2.8)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
     autoprefixer-rails (10.1.0.0)
       execjs
     colorator (1.1.0)
-    concurrent-ruby (1.1.7)
-    em-websocket (0.5.2)
+    concurrent-ruby (1.1.10)
+    em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
-      http_parser.rb (~> 0.6.0)
+      http_parser.rb (~> 0)
     eventmachine (1.2.7)
     execjs (2.7.0)
     extras (0.3.0)
@@ -17,13 +22,13 @@ GEM
     faraday (1.1.0)
       multipart-post (>= 1.2, < 3)
       ruby2_keywords
-    fastimage (2.2.0)
-    ffi (1.13.1)
+    fastimage (2.2.6)
+    ffi (1.15.5)
     forwardable-extended (2.6.0)
-    http_parser.rb (0.6.0)
+    http_parser.rb (0.8.0)
     i18n (0.9.5)
       concurrent-ruby (~> 1.0)
-    jekyll (3.9.0)
+    jekyll (3.9.2)
       addressable (~> 2.4)
       colorator (~> 1.0)
       em-websocket (~> 0.5)
@@ -36,18 +41,24 @@ GEM
       pathutil (~> 0.9)
       rouge (>= 1.7, < 4)
       safe_yaml (~> 1.0)
-    jekyll-assets (2.4.0)
-      concurrent-ruby (~> 1.0)
+    jekyll-assets (3.0.12)
+      activesupport (~> 5.0)
+      execjs (~> 2.7)
       extras (~> 0.2)
       fastimage (~> 2.0, >= 1.8)
-      jekyll (~> 3.1, >= 3.0)
-      pathutil (>= 0.8)
-      rack (~> 1.6)
-      sprockets (~> 3.3, < 3.8)
+      jekyll (>= 3.5, < 4.0)
+      jekyll-sanity (~> 1.2)
+      liquid-tag-parser (~> 1.0)
+      nokogiri (~> 1.8)
+      pathutil (~> 0.16)
+      sprockets (>= 3.3, < 4.1.beta)
     jekyll-gist (1.5.0)
       octokit (~> 4.2)
     jekyll-relative-links (0.6.1)
       jekyll (>= 3.3, < 5.0)
+    jekyll-sanity (1.6.0)
+      jekyll (>= 3.1, < 5.0)
+      pathutil (~> 0.16)
     jekyll-sass-converter (1.5.2)
       sass (~> 3.4)
     jekyll-seo-tag (2.6.1)
@@ -56,16 +67,20 @@ GEM
       jekyll (>= 3.7, < 5.0)
     jekyll-watch (2.2.1)
       listen (~> 3.0)
-    kramdown (2.3.0)
+    kramdown (2.4.0)
       rexml
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
     liquid (4.0.3)
-    listen (3.3.3)
+    liquid-tag-parser (1.9.0)
+      extras (~> 0.3)
+      liquid (>= 3.0, < 5.0)
+    listen (3.7.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     mercenary (0.3.6)
     mini_portile2 (2.4.0)
+    minitest (5.15.0)
     multipart-post (2.1.1)
     nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
@@ -74,13 +89,13 @@ GEM
       sawyer (~> 0.8.0, >= 0.5.3)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
-    public_suffix (3.1.1)
-    rack (1.6.13)
-    rb-fsevent (0.10.4)
+    public_suffix (4.0.7)
+    rack (2.2.3.1)
+    rb-fsevent (0.11.1)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rexml (3.2.4)
-    rouge (3.23.0)
+    rexml (3.2.5)
+    rouge (3.28.0)
     ruby2_keywords (0.0.2)
     safe_yaml (1.0.5)
     sass (3.7.4)
@@ -91,9 +106,12 @@ GEM
     sawyer (0.8.2)
       addressable (>= 2.3.5)
       faraday (> 0.8, < 2.0)
-    sprockets (3.7.2)
+    sprockets (4.0.3)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
+    thread_safe (0.3.6)
+    tzinfo (1.2.9)
+      thread_safe (~> 0.1)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
 
@@ -103,7 +121,7 @@ PLATFORMS
 DEPENDENCIES
   autoprefixer-rails
   jekyll (~> 3.9)
-  jekyll-assets
+  jekyll-assets (>= 3.0.0)
   jekyll-gist (~> 1.5.0)
   jekyll-relative-links (~> 0.6.1)
   jekyll-seo-tag (~> 2.6.1)
@@ -113,4 +131,4 @@ DEPENDENCIES
   uglifier
 
 BUNDLED WITH
-   2.1.2
+   2.1.4