Resolve Hakiri warnings for Sinatra version (#15)

Because in the previous version of the gemspec we had an open reference to Sinatra it meant we were essentially saying any version would do. Hakiri was flagging this with [CVE-2018-7212](sinatra/sinatra#1379), the resolution of which was to specify a version equal to or greater than 2.0.1 It was then flagging this project with [CVE-2018-11627](sinatra/sinatra#1428), and again the resolution was to specify a version, this time equal to or greater than 2.0.2
DEFRA · Sep 9, 2019 · 808bb7a · 808bb7a
1 parent ab760ab
commit 808bb7a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/quke_demo_app.gemspec b/quke_demo_app.gemspec
@@ -38,7 +38,7 @@ Gem::Specification.new do |spec|
 
   # Sinatra is a DSL for quickly creating web applications in Ruby with minimal
   # effort. We've used it for creating our demo website
-  spec.add_dependency "sinatra"
+  spec.add_dependency "sinatra", "~> 2.0.2"
   # Thor is a toolkit for building powerful command-line interfaces.
   spec.add_dependency "thor"