From cdd5c6287133895931bb035179723f68107a05e6 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Thu, 13 Aug 2020 13:35:50 -0400
Subject: [PATCH 1/2] Bump middleman from 4.3.7 to 4.3.8 (#1302)

Bumps [middleman](https://github.com/middleman/middleman) from 4.3.7 to 4.3.8.
- [Release notes](https://github.com/middleman/middleman/releases)
- [Changelog](https://github.com/middleman/middleman/blob/master/CHANGELOG.md)
- [Commits](https://github.com/middleman/middleman/compare/v4.3.7...v4.3.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
---
 Gemfile.lock | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index b3db4b0..dc76f57 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -10,19 +10,19 @@ GEM
       public_suffix (>= 2.0.2, < 5.0)
     autoprefixer-rails (9.5.1.1)
       execjs
-    backports (3.17.2)
+    backports (3.18.1)
     coffee-script (2.4.1)
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.7)
     contracts (0.13.0)
-    dotenv (2.7.5)
+    dotenv (2.7.6)
     erubis (2.7.0)
     execjs (2.7.0)
     fast_blank (1.0.0)
-    fastimage (2.1.7)
-    ffi (1.12.2)
+    fastimage (2.2.0)
+    ffi (1.13.1)
     haml (5.1.2)
       temple (>= 0.8.0)
       tilt
@@ -31,23 +31,24 @@ GEM
     hashie (3.6.0)
     i18n (0.9.5)
       concurrent-ruby (~> 1.0)
-    kramdown (1.17.0)
+    kramdown (2.3.0)
+      rexml
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
     memoist (0.16.2)
-    middleman (4.3.7)
+    middleman (4.3.8)
       coffee-script (~> 2.2)
       haml (>= 4.0.5)
-      kramdown (~> 1.2)
-      middleman-cli (= 4.3.7)
-      middleman-core (= 4.3.7)
+      kramdown (>= 2.3.0)
+      middleman-cli (= 4.3.8)
+      middleman-core (= 4.3.8)
     middleman-autoprefixer (2.10.1)
       autoprefixer-rails (~> 9.1)
       middleman-core (>= 3.3.3)
-    middleman-cli (4.3.7)
+    middleman-cli (4.3.8)
       thor (>= 0.17.0, < 2.0)
-    middleman-core (4.3.7)
+    middleman-core (4.3.8)
       activesupport (>= 4.2, < 6.0)
       addressable (~> 2.3)
       backports (~> 3.6)
@@ -86,20 +87,21 @@ GEM
       tilt (>= 1.4.1, < 3)
     padrino-support (0.13.3.4)
       activesupport (>= 3.1)
-    parallel (1.19.1)
+    parallel (1.19.2)
     public_suffix (4.0.5)
     rack (2.2.3)
     rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     redcarpet (3.5.0)
+    rexml (3.2.4)
     rouge (3.20.0)
     sass (3.7.4)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
-    sassc (2.3.0)
+    sassc (2.4.0)
       ffi (~> 1.9)
     servolux (0.13.0)
     sprockets (3.7.2)

From 6f24a0df7a5d5f2a0517a69728818a65d67c60aa Mon Sep 17 00:00:00 2001
From: Matthew Peveler <matt.peveler@gmail.com>
Date: Thu, 13 Aug 2020 13:42:52 -0400
Subject: [PATCH 2/2] cut 2.7.1 release

Signed-off-by: Matthew Peveler <matt.peveler@gmail.com>
---
 CHANGELOG.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ad63e5f..30b9e1f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Changelog
 
+## Version 2.7.1
+
+*August 13, 2020*
+
+* __[security]__ Bumped middleman from 4.3.7 to 4.3.8
+
+_Note_: Slate uses redcarpet, not kramdown, for rendering markdown to HTML, and so was unaffected by the security vulnerability in middleman.
+If you have changed slate to use kramdown, and with GFM, you may need to install the `kramdown-parser-gfm` gem.
+
 ## Version 2.7.0
 
 *June 21, 2020*