From c012b2a5afe0b37730a9e3093b69169fc588f86a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 13 Oct 2025 04:06:00 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-13535097
---
 Gemfile      |  4 ++--
 Gemfile.lock | 65 ++++++++++++++++++++++++++++++++++++++++++++--------
 2 files changed, 58 insertions(+), 11 deletions(-)

diff --git a/Gemfile b/Gemfile
index c5c59f73..d88c4771 100644
--- a/Gemfile
+++ b/Gemfile
@@ -7,9 +7,9 @@ group :development do
 end
 
 group :test do
-  gem 'actionpack', '~>2.3.8'
+  gem 'actionpack', '~> 5.0.0'
   gem 'mocha', '>=0.9.8'
-  gem 'typhoeus', '>=0.1.13'
+  gem 'typhoeus', '>= 0.2.0'
   gem 'em-http-request', "0.2.11"
   gem 'curb', ">= 0.6.6.0"
   gem 'webmock'
diff --git a/Gemfile.lock b/Gemfile.lock
index 7bdaa94e..5f421eb2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,33 +1,77 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    actionpack (2.3.8)
-      activesupport (= 2.3.8)
-      rack (~> 1.1.0)
-    activesupport (2.3.8)
+    actionpack (5.0.7.2)
+      actionview (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      rack (~> 2.0)
+      rack-test (~> 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.0.7.2)
+      activesupport (= 5.0.7.2)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activesupport (5.0.7.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
     addressable (2.2.0)
+    builder (3.3.0)
+    concurrent-ruby (1.3.5)
     crack (0.1.8)
+    crass (1.0.6)
     curb (0.7.7.1)
     em-http-request (0.2.11)
       addressable (>= 2.0.0)
       eventmachine (>= 0.12.9)
+    erubis (2.7.0)
+    ethon (0.15.0)
+      ffi (>= 1.15.0)
     eventmachine (0.12.10)
+    ffi (1.17.2)
     gemcutter (0.4.1)
       json_pure
     git (1.2.5)
+    i18n (1.14.7)
+      concurrent-ruby (~> 1.0)
     jeweler (1.4.0)
       gemcutter (>= 0.1.0)
       git (>= 1.2.5)
       rubyforge (>= 2.0.0)
     json_pure (1.4.3)
+    loofah (2.24.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
+    mini_portile2 (2.8.9)
+    minitest (5.26.0)
     mocha (0.9.8)
       rake
-    rack (1.1.0)
+    nokogiri (1.18.10)
+      mini_portile2 (~> 2.8.2)
+      racc (~> 1.4)
+    racc (1.8.1)
+    rack (2.2.20)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails-dom-testing (2.3.0)
+      activesupport (>= 5.0.0)
+      minitest
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.6.2)
+      loofah (~> 2.21)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
     rake (0.8.7)
     rubyforge (2.0.4)
       json_pure (>= 1.1.7)
-    typhoeus (0.1.31)
-      rack
+    thread_safe (0.3.6)
+    typhoeus (1.5.0)
+      ethon (>= 0.9.0, < 0.16.0)
+    tzinfo (1.2.11)
+      thread_safe (~> 0.1)
     webmock (1.3.5)
       addressable (>= 2.1.1)
       crack (>= 0.1.7)
@@ -36,11 +80,14 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  actionpack (~> 2.3.8)
+  actionpack (~> 5.0.0)
   curb (>= 0.6.6.0)
   em-http-request (= 0.2.11)
   jeweler
   mocha (>= 0.9.8)
   rake
-  typhoeus (>= 0.1.13)
+  typhoeus (>= 0.2.0)
   webmock
+
+BUNDLED WITH
+   2.3.27