From 6255ec211a20ad3c9551750543df336efdf27481 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 24 Jun 2024 13:56:54 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACKCONTRIB-7148535
---
 Gemfile      |  2 +-
 Gemfile.lock | 11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 9254560..31ebe42 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ gem 'passenger'
 gem 'rest-client'
 gem 'cqm-reports', '4.1.0'
 gem 'rackup', '~> 2.1'
-gem 'rack-contrib', '~> 2.4'
+gem 'rack-contrib', '~> 2.5', '>= 2.5.0'
 gem 'jwt'
 
 gem 'cqm-models', :git => 'https://github.com/projecttacoma/cqm-models', :branch => 'master'
diff --git a/Gemfile.lock b/Gemfile.lock
index be39530..34afe0d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -56,6 +56,7 @@ GEM
     mime-types (3.5.2)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2024.0206)
+    mini_portile2 (2.8.7)
     minitest (5.22.2)
     mongo (2.19.3)
       bson (>= 4.14.1, < 5.0.0)
@@ -71,6 +72,9 @@ GEM
       ruby2_keywords (~> 0.0.1)
     mutex_m (0.2.0)
     netrc (0.11.0)
+    nokogiri (1.14.5)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
     nokogiri (1.14.5-arm64-darwin)
       racc (~> 1.4)
     nokogiri (1.14.5-x86_64-linux)
@@ -79,8 +83,8 @@ GEM
       rack
       rake (>= 0.8.1)
     racc (1.7.3)
-    rack (3.0.9.1)
-    rack-contrib (2.4.0)
+    rack (3.1.4)
+    rack-contrib (2.5.0)
       rack (< 4)
     rack-protection (4.0.0)
       base64 (>= 0.1.0)
@@ -118,6 +122,7 @@ GEM
 
 PLATFORMS
   arm64-darwin-22
+  ruby
   x86_64-linux
 
 DEPENDENCIES
@@ -126,7 +131,7 @@ DEPENDENCIES
   jwt
   minitest
   passenger
-  rack-contrib (~> 2.4)
+  rack-contrib (~> 2.5, >= 2.5.0)
   rack-test
   rackup (~> 2.1)
   rest-client