[Snyk] Fix for 22 vulnerabilities

[MManke188]

Snyk has created this PR to fix 22 vulnerabilities in the rubygems dependencies of this project.

Snyk changed the following file(s):

• Gemfile

⚠️ Warning

Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Arbitrary Code Injection SNYK-RUBY-RACK-2848599	704
	HTTP Request Smuggling SNYK-RUBY-WEBRICK-10500756	701
	Allocation of Resources Without Limits or Throttling SNYK-RUBY-RACK-10074187	649
	Relative Path Traversal SNYK-RUBY-RACK-9398129	649
	Web Cache Poisoning SNYK-RUBY-RACK-1061917	616
	Denial of Service (DoS) SNYK-RUBY-RACK-2848600	589
	Denial of Service (DoS) SNYK-RUBY-RACK-3356639	589
	Denial of Service (DoS) SNYK-RUBY-RACK-6274385	589
	HTTP Request Smuggling SNYK-RUBY-WEBRICK-8068535	586
	Improper Output Neutralization for Logs SNYK-RUBY-RACK-8720151	569
	Improper Output Neutralization for Logs SNYK-RUBY-RACK-9058602	559
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIVESUPPORT-3360028	519
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-ACTIVESUPPORT-3237242	479
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-3237233	479
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-3237237	479
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-3237240	479
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-3360233	479
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-6274383	479
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-6274384	479
	Information Exposure SNYK-RUBY-ACTIVESUPPORT-5851458	429
	Cross-site Scripting (XSS) SNYK-RUBY-ERUBIS-20482	424
	Race Condition SNYK-RUBY-RACK-10074188	329

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
👩‍💻 Set who automatically gets assigned
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Scripting (XSS)
🦉 Allocation of Resources Without Limits or Throttling
🦉 More lessons are available in Snyk Learn

[Copilot]

Pull Request Overview

This PR tightens version constraints in the Gemfile to upgrade vulnerable dependencies and address 22 Snyk-reported vulnerabilities.

• Add minimum versions for middleman, middleman-syntax, and webrick to pull in security patches.
• Keeps existing dependency lines intact while extending their version ranges.

Comments suppressed due to low confidence (1)

Gemfile:2

• After updating the Gemfile, run bundle update to regenerate Gemfile.lock so that the new versions are locked in and the security fixes take effect.

source 'https://rubygems.org'

[Copilot]

[nitpick] Consider simplifying the version constraint to "> 4.4.2" instead of combining "> 4.4" and ">= 4.4.2" for clarity and conciseness.

Suggested change

	gem 'middleman', '~> 4.4', '>= 4.4.2'
	gem 'middleman', '~> 4.4.2'

[Copilot]

[nitpick] Consider simplifying this constraint to "> 3.3.0" since "> 3.3" already implies ">= 3.3.0" and < 4.0 for better readability.

Suggested change

	gem 'middleman-syntax', '~> 3.3', '>= 3.3.0'
	gem 'middleman-syntax', '~> 3.3.0'

[Copilot]

[nitpick] To prevent future breaking updates, you may want to specify a pessimistic constraint like "~> 1.8.2" which caps the upper version range.

Suggested change

	gem 'webrick', '>= 1.8.2'
	gem 'webrick', '~> 1.8.2'