From a571d174ffe8f9abbd2ad1663e111bf8ab895e99 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 6 Jul 2025 19:14:24 +0000 Subject: [PATCH 1/4] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-2807585 - https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-2807585 - https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-2807585 - https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 - https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 586b12e858c..b6c72aec806 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.6.3-slim +FROM ruby:2.7.8-slim LABEL maintainer Travis CI GmbH # packages required for bundle install From 9edf452e8dfac8ff598bbe53e03330d2d0535758 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 6 Jul 2025 19:28:06 +0000 Subject: [PATCH 2/4] fix: Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598 - https://snyk.io/vuln/SNYK-RUBY-PUMA-8062124 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-7164639 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-8732769 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-8732779 - https://snyk.io/vuln/SNYK-RUBY-PUMA-2437090 - https://snyk.io/vuln/SNYK-RUBY-REXML-7577227 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10494060 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10494063 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634 - https://snyk.io/vuln/SNYK-RUBY-REXML-7814166 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2413994 - https://snyk.io/vuln/SNYK-RUBY-PUMA-2400629 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880 - https://snyk.io/vuln/SNYK-RUBY-PUMA-1291014 - https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048 - https://snyk.io/vuln/SNYK-RUBY-PUMA-5846204 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-9510795 - https://snyk.io/vuln/SNYK-RUBY-REXML-7577228 - https://snyk.io/vuln/SNYK-RUBY-REXML-8309365 - https://snyk.io/vuln/SNYK-RUBY-MIDDLEMANCORE-20359 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6228056 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028 - https://snyk.io/vuln/SNYK-RUBY-PUMA-6146928 - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242 - https://snyk.io/vuln/SNYK-RUBY-REXML-6861566 - https://snyk.io/vuln/SNYK-RUBY-REXML-7462086 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-9510789 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-9789079 - https://snyk.io/vuln/SNYK-RUBY-ERUBIS-20482 - https://snyk.io/vuln/SNYK-RUBY-PUMA-1730572 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-8453714 --- Gemfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Gemfile b/Gemfile index 78a22e4e954..16217b0962e 100644 --- a/Gemfile +++ b/Gemfile @@ -3,32 +3,32 @@ source 'https://rubygems.org' ruby '2.6.3' gem 'faraday' -gem 'html-proofer', '~> 3.0' +gem 'html-proofer', '~> 3.19', '>= 3.19.3' gem 'jekyll', '>=3.1.6' gem 'jekyll-paginate' gem 'jekyll-redirect-from' -gem 'puma' +gem 'puma', '>= 5.6.9' gem 'pry', group: :test gem 'rack', '~> 1.0' gem 'rack-jekyll' gem 'rack-ssl-enforcer' gem 'rake' gem 'rdiscount', '>=2.2.0.1' -gem 'rubocop', group: :test +gem 'rubocop', '>= 0.87.0', group: :test # All of this is for Slate / middleman -gem "middleman", '~> 3.0' +gem "middleman", "~> 4.6", ">= 4.6.0" # For syntax highlighting -gem "middleman-syntax" +gem "middleman-syntax", ">= 3.3.0" # Plugin for middleman to generate GitHub pages gem 'middleman-gh-pages' # Live-reloading plugin -gem "middleman-livereload" +gem "middleman-livereload", ">= 3.4.7" # Needed for Slate / middleman gem 'redcarpet' From fc785686c88fd44a575c5d18c7a28e88fd06315e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 8 Jul 2025 22:07:09 +0000 Subject: [PATCH 3/4] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - https://snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277510 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b6c72aec806..3f42432ac7d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.7.8-slim +FROM ruby:3.4.4-slim LABEL maintainer Travis CI GmbH # packages required for bundle install From a68c6308ceb449dbb93a386208c0a33dd7226612 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Jul 2025 06:01:55 +0000 Subject: [PATCH 4/4] fix: Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674179 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674176 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674184 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674192 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674188 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 16217b0962e..a0c60f2eb6a 100644 --- a/Gemfile +++ b/Gemfile @@ -19,7 +19,7 @@ gem 'rubocop', '>= 0.87.0', group: :test # All of this is for Slate / middleman -gem "middleman", "~> 4.6", ">= 4.6.0" +gem "middleman", "~> 4.1", ">= 4.1.8" # For syntax highlighting gem "middleman-syntax", ">= 3.3.0"