From 12bbeee3e7c797d4e92fefca994097ea461ccb55 Mon Sep 17 00:00:00 2001
From: Adrien Dessy <adrien@citizenlab.co>
Date: Wed, 17 May 2023 11:29:47 +0200
Subject: [PATCH] [CL-3535] Remove direct Sinatra dependency

To address the CVEs, it is sufficient to ensure that the correct version is specified in the Gemfile.lock. There is no need to include Sinatra as a direct dependency.
---
 back/Gemfile      | 1 -
 back/Gemfile.lock | 1 -
 2 files changed, 2 deletions(-)

diff --git a/back/Gemfile b/back/Gemfile
index 6f63f388796b..7e31e51b6d19 100644
--- a/back/Gemfile
+++ b/back/Gemfile
@@ -87,7 +87,6 @@ gem 'active_model_serializers', '~> 0.10.12'
 
 gem 'jwt', '~> 2.7.0'
 gem 'que', git: 'https://github.com/que-rb/que', branch: 'master', ref: '77c6b92952b821898c393239ce0e4047b17d7dae'
-gem 'sinatra', '~> 3.0.6' # Fixes CVE-2022-45442. Sinatra is a dependency of que-web, but que-web depends on sinatra >= 0.
 gem 'que-web'
 
 gem 'activerecord-import', '~> 1.4'
diff --git a/back/Gemfile.lock b/back/Gemfile.lock
index be01c8b5273c..378a43d1a965 100644
--- a/back/Gemfile.lock
+++ b/back/Gemfile.lock
@@ -1218,7 +1218,6 @@ DEPENDENCIES
   simple_segment (~> 1.5)
   simplecov
   simplecov-rcov
-  sinatra (~> 3.0.6)
   smart_groups!
   spring
   spring-commands-rspec