[Security] Bump sinatra from 2.0.1 to 2.0.7 in /pushpop

[dependabot-preview[bot]]

Bumps sinatra from 2.0.1 to 2.0.7. This update includes security fixes.

Vulnerabilities fixed

*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2018-11627.yml).* > **XSS via the 400 Bad Request page** > Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. > > Patched versions: >= 2.0.2 > Unaffected versions: < 2.0.0 *Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2018-11627.yml).* > **XSS via the 400 Bad Request page** > Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. > > Patched versions: >= 2.0.2 > Unaffected versions: < 2.0.0.beta1; 2.0.0-alpha

Changelog

*Sourced from [sinatra's changelog](https://github.com/sinatra/sinatra/blob/master/CHANGELOG.md).* > ## 2.0.7 / 2019-08-22 > > * Fix a regression [#1560](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1560) by Kunpei Sakai > > ## 2.0.6 / 2019-08-21 > > * Fix an issue setting environment from command line option [#1547](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1547), [#1554](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1554) by Jordan Owens, Kunpei Sakai > > * Support pandoc as a new markdown renderer [#1533](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1533) by Vasiliy > > * Remove outdated code for tilt 1.x [#1532](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1532) by Vasiliy > > * Remove an extra logic for `force_encoding` [#1527](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1527) by Jordan Owens > > * Avoid multiple errors even if `params` contains special values [#1526](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1527) by Kunpei Sakai > > * Support `bundler/inline` with `require 'sinatra'` integration [#1520](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1520) by Kunpei Sakai > > * Avoid `TypeError` when params contain a key without a value on Ruby < 2.4 [#1516](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1516) by Samuel Giddins > > * Improve development support and documentation and source code by Olle Jonsson, Basavanagowda Kanur, Yuki MINAMIYA > > ## 2.0.5 / 2018-12-22 > > * Avoid FrozenError when params contains frozen value [#1506](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1506) by Kunpei Sakai > > * Add support for Erubi [#1494](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1494) by [@​tkmru](https://github.com/tkmru) > > * `IndifferentHash` monkeypatch warning improvements [#1477](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1477) by Mike Pastore > > * Improve development support and documentation and source code by Anusree Prakash, Jordan Owens, [@​ceclinux](https://github.com/ceclinux) and [@​krororo](https://github.com/krororo). > > ### sinatra-contrib > > * Add `flush` option to `content_for` [#1225](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1225) by Shota Iguchi > > * Drop activesupport dependency from sinatra-contrib [#1448](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1448) > > * Update `yield_content` to append default to ERB template buffer [#1500](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1500) by Jordan Owens > > ### rack-protection > > * Don't track the Accept-Language header by default [#1504](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1504) by Artem Chistyakov > > ## 2.0.4 / 2018-09-15 > > * Don't blow up when passing frozen string to `send_file` disposition [#1137](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1137) by Andrew Selder > > * Fix ubygems LoadError [#1436](https://github-redirect.dependabot.com/sinatra/sinatra/pull/1436) by Pavel Rosický > > ... (truncated)

Commits

- [`32d6833`](https://github.com/sinatra/sinatra/commit/32d683317790180d19ff5974aea2dd277e37724f) 2.0.7 release - [`3dbbd9e`](https://github.com/sinatra/sinatra/commit/3dbbd9ea7971051a8f75009040c5f3f9ae707fbb) update CHANGELOG - [`3563a08`](https://github.com/sinatra/sinatra/commit/3563a08b68baf38956bef729afa865e0d166960e) Merge pull request [#1560](https://github-redirect.dependabot.com/sinatra/sinatra/issues/1560) from sinatra/fix-regression - [`dde8f05`](https://github.com/sinatra/sinatra/commit/dde8f0561db34188776f955256cfbd89fe01c8e8) fix a regression, closes [#1559](https://github-redirect.dependabot.com/sinatra/sinatra/issues/1559) - [`6795b45`](https://github.com/sinatra/sinatra/commit/6795b45876c71f3de18c7ae36475b928ccf7fcaa) 2.0.6 release - [`0df27f3`](https://github.com/sinatra/sinatra/commit/0df27f34f3e3c73c0daf9a7881378b53214a9e95) don't use sed. sed has difference for each platform - [`423cef3`](https://github.com/sinatra/sinatra/commit/423cef3ff383c9141b66ea2a301d540a67c7272b) Merge pull request [#1555](https://github-redirect.dependabot.com/sinatra/sinatra/issues/1555) from sinatra/bump-version-to-2.0.6 - [`0ee9f88`](https://github.com/sinatra/sinatra/commit/0ee9f88843c89aee3a392e7c39f06190e70f32e2) bump version to 2.0.6 - [`dfc6d99`](https://github.com/sinatra/sinatra/commit/dfc6d99a2999ff5cf16712c992e08e29679aebae) add v2.0.6 entry to changelog - [`95f2a18`](https://github.com/sinatra/sinatra/commit/95f2a18ddef92038e10b55e35b656adb2b82c200) Merge pull request [#1554](https://github-redirect.dependabot.com/sinatra/sinatra/issues/1554) from sinatra/correct-fix-1547 - Additional commits viewable in [compare view](https://github.com/sinatra/sinatra/compare/v2.0.1...v2.0.7)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.