gemfilelock-updates

[craiglondon]

sinatra@1.4.5 was using rack@1.5.2 which has vulnerabilities (DoS, arbitrary code execution, path traversal)

[samdark]

👍 Would you please add CHANGELOG line? Thanks.

[craiglondon]

@samdark I updated the CHANGELOG file. Sinatra should probably be updated to v4.1, but I am not a Ruby developer and I was having problems updating Sinatra to the higher version

$ /usr/local/Cellar/ruby/3.4.3/bin/bundle install Bundler 2.6.8 is running, but your lockfile was generated with 1.17.2. Installing Bundler 1.17.2 and restarting using that version. Fetching gem metadata from https://rubygems.org/. Fetching bundler 1.17.2 Installing bundler 1.17.2 /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler/shared_helpers.rb:272:in 'Bundler::SharedHelpers#search_up': undefined method 'untaint' for an instance of String (NoMethodError) current = File.expand_path(SharedHelpers.pwd).untaint ^^^^^^^^ from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler/shared_helpers.rb:259:in 'Bundler::SharedHelpers#find_file' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler/shared_helpers.rb:251:in 'Bundler::SharedHelpers#find_gemfile' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler/shared_helpers.rb:27:in 'Bundler::SharedHelpers#root' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler.rb:234:in 'Bundler.root' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler.rb:246:in 'Bundler.app_config_path' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler.rb:273:in 'Bundler.settings' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler/feature_flag.rb:21:in 'block in Bundler::FeatureFlag#settings_method' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler/cli.rb:97:in '<class:CLI>' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler/cli.rb:7:in '<module:Bundler>' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler/cli.rb:6:in '<top (required)>' from <internal:/usr/local/Cellar/ruby/3.4.3/lib/ruby/3.4.0/rubygems/core_ext/kernel_require.rb>:136:in 'Kernel#require' from <internal:/usr/local/Cellar/ruby/3.4.3/lib/ruby/3.4.0/rubygems/core_ext/kernel_require.rb>:136:in 'Kernel#require' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/exe/bundle:23:in 'block in <top (required)>' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/lib/bundler/friendly_errors.rb:124:in 'Bundler.with_friendly_errors' from /Projects/Github/craiglondon--jquery-pjax/vendor/bundle/ruby/3.4.0/gems/bundler-1.17.2/exe/bundle:22:in '<top (required)>' from /usr/local/Cellar/ruby/3.4.3/bin/bundle:25:in 'Kernel#load' from /usr/local/Cellar/ruby/3.4.3/bin/bundle:25:in '<main>' 

[samdark]

Thank you!

[Renkas]

could we get this released?