[Snyk] Fix for 39 vulnerabilities

[cceneag]

Snyk has created this PR to fix 39 vulnerabilities in the rubygems dependencies of this project.

Snyk changed the following file(s):

• Gemfile

⚠️ Warning

Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	OS Command Injection SNYK-RUBY-THOR-10843853	****
	Deserialization of Untrusted Data SNYK-RUBY-ACTIVESUPPORT-569598	834
	HTTP Request Smuggling SNYK-RUBY-PUMA-8062124	731
	Expired Pointer Dereference SNYK-RUBY-NOKOGIRI-10674179	726
	Stack-based Buffer Overflow SNYK-RUBY-NOKOGIRI-10674176	721
	Expired Pointer Dereference SNYK-RUBY-NOKOGIRI-10674184	721
	Out-of-bounds Read SNYK-RUBY-NOKOGIRI-10674192	721
	Heap-based Buffer Overflow SNYK-RUBY-NOKOGIRI-7164639	696
	Stack-based Buffer Overflow SNYK-RUBY-NOKOGIRI-8732769	671
	Use After Free SNYK-RUBY-NOKOGIRI-8732779	671
	HTTP Request Smuggling SNYK-RUBY-PUMA-2437090	669
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-RUBY-REXML-7577227	666
	Improper Handling of Unexpected Data Type SNYK-RUBY-NOKOGIRI-2840634	624
	Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') SNYK-RUBY-REXML-7814166	624
	Use After Free SNYK-RUBY-NOKOGIRI-2413994	619
	Information Exposure SNYK-RUBY-PUMA-2400629	614
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-NOKOGIRI-2620374	589
	Out-of-bounds Write SNYK-RUBY-NOKOGIRI-2630623	589
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-2630898	589
	NULL Pointer Dereference SNYK-RUBY-NOKOGIRI-3052880	589
	Denial of Service (DoS) SNYK-RUBY-PUMA-1291014	589
	Directory Traversal SNYK-RUBY-TZINFO-2958048	589
	HTTP Request Smuggling SNYK-RUBY-PUMA-5846204	579
	Use After Free SNYK-RUBY-NOKOGIRI-9510795	576
	Denial of Service (DoS) SNYK-RUBY-REXML-7577228	559
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-REXML-8309365	559
	Cross-site Scripting (XSS) SNYK-RUBY-MIDDLEMANCORE-20359	539
	Use After Free SNYK-RUBY-NOKOGIRI-6228056	524
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIVESUPPORT-3360028	519
	HTTP Request Smuggling SNYK-RUBY-PUMA-6146928	509
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-ACTIVESUPPORT-3237242	479
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-RUBY-REXML-6861566	479
	Denial of Service (DoS) SNYK-RUBY-REXML-7462086	479
	Use After Free SNYK-RUBY-NOKOGIRI-9510789	469
	Buffer Under-read SNYK-RUBY-NOKOGIRI-9789079	426
	Cross-site Scripting (XSS) SNYK-RUBY-ERUBIS-20482	424
	HTTP Request Smuggling SNYK-RUBY-PUMA-1730572	399
	Stack-based Buffer Overflow SNYK-RUBY-NOKOGIRI-10674188	376
	Cross-site Scripting (XSS) SNYK-RUBY-NOKOGIRI-8453714	319

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Scripting (XSS)
🦉 Deserialization of Untrusted Data
🦉 More lessons are available in Snyk Learn

---

Summary by cubic

Update dependency constraints to address 39 Snyk-reported vulnerabilities by bumping Middleman to 4.6 and aligning html-proofer to 3.16. Regenerate Gemfile.lock to pull patched transitive versions and make this mergeable.

• Dependencies

  • middleman: "> 4.6", ">= 4.6.0" (was "> 4.1", ">= 4.1.8")
  • html-proofer: "> 3.16", ">= 3.16.0" (was "> 3.19", ">= 3.19.3")

• Migration

  • Run bundle update to regenerate Gemfile.lock.
  • Verify the site builds with Middleman 4.6 (check config and extensions).
  • Run tests/CI to confirm no regressions.

[cubic-dev-ai]

No issues found across 1 file