From c4e62454a69ab3eef84f097d77130d80d2f64aa5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 30 Sep 2025 15:50:13 +0000 Subject: [PATCH] fix: pkgs/applications/misc/gollum/Gemfile & pkgs/applications/misc/gollum/Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-13052974 --- pkgs/applications/misc/gollum/Gemfile | 2 +- pkgs/applications/misc/gollum/Gemfile.lock | 170 ++++++++++++--------- 2 files changed, 95 insertions(+), 77 deletions(-) diff --git a/pkgs/applications/misc/gollum/Gemfile b/pkgs/applications/misc/gollum/Gemfile index 525f54838b750..e431483c7ab1f 100644 --- a/pkgs/applications/misc/gollum/Gemfile +++ b/pkgs/applications/misc/gollum/Gemfile @@ -1,2 +1,2 @@ source 'https://rubygems.org' -gem 'gollum' +gem 'gollum', '>= 5.1.2' diff --git a/pkgs/applications/misc/gollum/Gemfile.lock b/pkgs/applications/misc/gollum/Gemfile.lock index 91096ddc91737..0319a60091729 100644 --- a/pkgs/applications/misc/gollum/Gemfile.lock +++ b/pkgs/applications/misc/gollum/Gemfile.lock @@ -1,114 +1,132 @@ GEM remote: https://rubygems.org/ specs: - backports (3.18.1) - concurrent-ruby (1.1.7) + base64 (0.3.0) + cgi (0.5.0) + concurrent-ruby (1.3.5) crass (1.0.6) - execjs (2.7.0) - ffi (1.13.1) + date (3.4.1) + erb (4.0.4) + cgi (>= 0.3.3) gemojione (4.3.3) json - github-markup (3.0.4) - gollum (5.1.1) + github-markup (4.0.2) + gollum (6.1.0) gemojione (~> 4.1) - gollum-lib (~> 5.0) + gollum-lib (~> 6.0) + i18n (~> 1.8) kramdown (~> 2.3) - kramdown-parser-gfm (~> 1.0.0) - mustache (>= 0.99.5, < 1.0.0) - octicons (~> 8.5) - rss (~> 0.2.9) - sass (~> 3.5) - sinatra (~> 2.0) - sinatra-contrib (~> 2.0) - sprockets (~> 3.7) + kramdown-parser-gfm (~> 1.1.0) + mustache-sinatra (~> 2.0) + octicons (~> 19.0) + rack (>= 3.0) + rackup (~> 2.1) + rdoc (~> 6) + rss (~> 0.3) + sinatra (~> 4.0) + sinatra-contrib (~> 4.0) + sprockets (~> 4.1) sprockets-helpers (~> 1.2) therubyrhino (~> 2.1.0) - uglifier (~> 3.2) useragent (~> 0.16.2) - gollum-lib (5.0.5) + webrick (~> 1.7) + gollum-lib (6.0) gemojione (~> 4.1) - github-markup (~> 3.0) - gollum-rugged_adapter (~> 1.0) + github-markup (~> 4.0) + gollum-rugged_adapter (~> 3.0) loofah (~> 2.3) nokogiri (~> 1.8) - octicons (~> 8.5) rouge (~> 3.1) twitter-text (= 1.14.7) - gollum-rugged_adapter (1.0) - mime-types (>= 1.15) - rugged (~> 0.99) - json (2.3.1) - kramdown (2.3.0) - rexml - kramdown-parser-gfm (1.0.1) + gollum-rugged_adapter (3.0) + mime-types (~> 3.4) + rugged (~> 1.5) + i18n (1.14.7) + concurrent-ruby (~> 1.0) + json (2.15.0) + kramdown (2.5.1) + rexml (>= 3.3.9) + kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) - loofah (2.6.0) + logger (1.7.0) + loofah (2.24.1) crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mime-types (3.3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2020.0512) - mini_portile2 (2.4.0) - multi_json (1.15.0) - mustache (0.99.8) - mustermann (1.1.1) + nokogiri (>= 1.12.0) + mime-types (3.7.0) + logger + mime-types-data (~> 3.2025, >= 3.2025.0507) + mime-types-data (3.2025.0924) + mini_portile2 (2.8.9) + multi_json (1.17.0) + mustache (1.1.1) + mustache-sinatra (2.0.0) + mustache (~> 1.0) + mustermann (3.0.4) ruby2_keywords (~> 0.0.1) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) - octicons (8.5.0) - nokogiri (>= 1.6.3.1) - rack (2.2.3) - rack-protection (2.0.8.1) - rack - rb-fsevent (0.10.4) - rb-inotify (0.10.1) - ffi (~> 1.0) - rexml (3.2.4) - rouge (3.22.0) - rss (0.2.9) + nokogiri (1.18.10) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + octicons (19.18.0) + psych (5.2.6) + date + stringio + racc (1.8.1) + rack (3.2.1) + rack-protection (4.1.1) + base64 (>= 0.1.0) + logger (>= 1.6.0) + rack (>= 3.0.0, < 4) + rack-session (2.1.1) + base64 (>= 0.1.0) + rack (>= 3.0.0) + rackup (2.2.1) + rack (>= 3) + rdoc (6.14.2) + erb + psych (>= 4.0.0) + rexml (3.4.4) + rouge (3.30.0) + rss (0.3.1) rexml - ruby2_keywords (0.0.2) - rugged (0.99.0) - sass (3.7.4) - sass-listen (~> 4.0.0) - sass-listen (4.0.0) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - sinatra (2.0.8.1) - mustermann (~> 1.0) - rack (~> 2.0) - rack-protection (= 2.0.8.1) + ruby2_keywords (0.0.5) + rugged (1.9.0) + sinatra (4.1.1) + logger (>= 1.6.0) + mustermann (~> 3.0) + rack (>= 3.0.0, < 4) + rack-protection (= 4.1.1) + rack-session (>= 2.0.0, < 3) tilt (~> 2.0) - sinatra-contrib (2.0.8.1) - backports (>= 2.8.2) - multi_json - mustermann (~> 1.0) - rack-protection (= 2.0.8.1) - sinatra (= 2.0.8.1) + sinatra-contrib (4.1.1) + multi_json (>= 0.0.2) + mustermann (~> 3.0) + rack-protection (= 4.1.1) + sinatra (= 4.1.1) tilt (~> 2.0) - sprockets (3.7.2) + sprockets (4.2.2) concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-helpers (1.3.0) + logger + rack (>= 2.2.4, < 4) + sprockets-helpers (1.4.0) sprockets (>= 2.2) + stringio (3.1.7) therubyrhino (2.1.2) therubyrhino_jar (>= 1.7.4, < 1.7.9) therubyrhino_jar (1.7.8) - tilt (2.0.10) + tilt (2.6.1) twitter-text (1.14.7) unf (~> 0.1.0) - uglifier (3.2.0) - execjs (>= 0.3.0, < 3) unf (0.1.4) unf_ext - unf_ext (0.0.7.7) - useragent (0.16.10) + unf_ext (0.0.9.1) + useragent (0.16.11) + webrick (1.9.1) PLATFORMS ruby DEPENDENCIES - gollum + gollum (>= 5.1.2) BUNDLED WITH - 2.1.4 + 2.3.27