From 07214f4c70d804494e373b832493320b20481ece Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 8 Sep 2021 20:16:52 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1583442 --- Gemfile | 4 +- Gemfile.lock | 171 ++++++++++++++++++++++++++++----------------------- 2 files changed, 96 insertions(+), 79 deletions(-) diff --git a/Gemfile b/Gemfile index 801b55a..e228420 100644 --- a/Gemfile +++ b/Gemfile @@ -9,7 +9,7 @@ group :development do end group :test do - gem 'foodcritic', '~> 4.0' + gem 'foodcritic', '~> 4.0', '>= 4.0.0' gem 'chefspec', '~> 4.2' gem 'ci_reporter_rspec', '~> 1.0' gem 'test-kitchen', '~> 1.4' @@ -17,7 +17,7 @@ group :test do gem 'berkshelf', '~> 4.0' gem 'guard', '~> 2.12' gem 'guard-rspec', '~> 4.5' - gem 'guard-foodcritic', '~> 1.1' + gem 'guard-foodcritic', '~> 1.1', '>= 1.1.0' gem 'guard-rake', '~> 0.0' gem 'rubocop', '~> 0.28.0' gem 'guard-rubocop', '~> 1.1' diff --git a/Gemfile.lock b/Gemfile.lock index ee7d2b4..a79da08 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,8 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.3.8) + addressable (2.8.0) + public_suffix (>= 2.0.2, < 5.0) ast (2.0.0) astrolabe (1.3.0) parser (>= 2.2.0.pre.3, < 3.0) @@ -13,24 +14,28 @@ GEM multi_json (~> 1.0) aws-sdk-resources (2.0.47) aws-sdk-core (= 2.0.47) - berkshelf (3.2.4) - addressable (~> 2.3.4) - berkshelf-api-client (~> 1.2) + berkshelf (4.3.5) + addressable (~> 2.3, >= 2.3.4) + berkshelf-api-client (~> 2.0, >= 2.0.2) buff-config (~> 1.0) buff-extensions (~> 1.0) buff-shell_out (~> 0.1) - celluloid (~> 0.16.0) + celluloid (= 0.16.0) celluloid-io (~> 0.16.1) cleanroom (~> 1.0) - faraday (~> 0.9.0) - minitar (~> 0.5.4) - octokit (~> 3.0) + faraday (~> 0.9) + httpclient (~> 2.7) + minitar (~> 0.5, >= 0.5.4) + mixlib-archive (~> 0.1) + octokit (~> 4.0) retryable (~> 2.0) - ridley (~> 4.0) - solve (~> 1.1) + ridley (~> 4.5) + solve (~> 2.0) thor (~> 0.19) - berkshelf-api-client (1.2.1) - faraday (~> 0.9.0) + berkshelf-api-client (2.0.2) + faraday (~> 0.9.1) + httpclient (~> 2.7.0) + ridley (~> 4.5) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) buff-config (1.0.1) @@ -71,6 +76,12 @@ GEM rspec_junit_formatter (~> 0.2.0) serverspec (~> 2.7) specinfra (~> 2.10) + chef-config (14.2.0) + addressable + fuzzyurl + mixlib-config (~> 2.0) + mixlib-shellout (~> 2.0) + tomlrb (~> 1.2) chef-vault (2.6.1) chef-vault-testfixtures (0.5.0) chef-vault (~> 2.5) @@ -92,21 +103,17 @@ GEM ci_reporter (~> 2.0) rspec (>= 2.14, < 4) cleanroom (1.0.0) - coderay (1.1.0) + coderay (1.1.3) columnize (0.9.0) debug_inspector (0.0.2) - dep-selector-libgecode (1.0.2) - dep_selector (1.0.3) - dep-selector-libgecode (~> 1.0) - ffi (~> 1.9) diff-lcs (1.2.5) erubis (2.7.0) - faraday (0.9.1) + faraday (0.9.2) multipart-post (>= 1.2, < 3) fauxhai (2.3.0) net-ssh ohai - ffi (1.9.8) + ffi (1.15.4) ffi-yajl (2.2.0) libyajl2 (~> 1.2) foodcritic (4.0.0) @@ -117,20 +124,21 @@ GEM rufus-lru (~> 1.0) treetop (~> 1.4) yajl-ruby (~> 1.1) - formatador (0.2.5) + formatador (0.3.0) + fuzzyurl (0.9.0) gherkin (2.12.2) multi_json (~> 1.3) - guard (2.12.5) + guard (2.18.0) formatador (>= 0.2.4) - listen (~> 2.7) - lumberjack (~> 1.0) + listen (>= 2.7, < 4.0) + lumberjack (>= 1.0.12, < 2.0) nenv (~> 0.1) notiffany (~> 0.0) - pry (>= 0.9.12) + pry (>= 0.13.0) shellany (~> 0.0) thor (>= 0.18.1) guard-compat (1.2.1) - guard-foodcritic (1.1.0) + guard-foodcritic (1.1.1) foodcritic (~> 4.0) guard (~> 2.12) guard-compat (~> 1.1) @@ -146,34 +154,36 @@ GEM rubocop (~> 0.20) hashie (2.1.2) highline (1.7.2) - hitimes (1.2.2) + hitimes (2.0.0) + httpclient (2.7.2) interception (0.5) ipaddress (0.8.0) jmespath (1.0.2) multi_json (~> 1.0) - json (1.8.2) + json (2.5.1) kitchen-vagrant (0.18.0) test-kitchen (~> 1.4) libyajl2 (1.2.0) - listen (2.10.0) - celluloid (~> 0.16.0) - rb-fsevent (>= 0.9.3) - rb-inotify (>= 0.9) - lumberjack (1.0.9) - method_source (0.8.2) + listen (3.7.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + lumberjack (1.2.8) + method_source (1.0.0) mime-types (2.6.1) - mini_portile (0.6.2) - minitar (0.5.4) + mini_portile2 (2.6.1) + minitar (0.9) + mixlib-archive (0.4.20) + mixlib-log mixlib-authentication (1.3.0) mixlib-log mixlib-cli (1.5.0) mixlib-config (2.2.1) mixlib-log (1.6.0) mixlib-shellout (2.1.0) - multi_json (1.11.0) - multipart-post (2.0.0) - nenv (0.2.0) - net-http-persistent (2.9.4) + molinillo (0.4.5) + multi_json (1.15.0) + multipart-post (2.1.1) + nenv (0.3.0) net-scp (1.2.1) net-ssh (>= 2.6.5) net-ssh (2.9.2) @@ -182,14 +192,16 @@ GEM net-ssh-multi (1.2.1) net-ssh (>= 2.6.5) net-ssh-gateway (>= 1.2.0) - nio4r (1.1.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) - notiffany (0.0.6) + nio4r (2.5.8) + nokogiri (1.12.4) + mini_portile2 (~> 2.6.1) + racc (~> 1.4) + notiffany (0.1.3) nenv (~> 0.1) shellany (~> 0.0) - octokit (3.8.0) - sawyer (~> 0.6.0, >= 0.5.3) + octokit (4.21.0) + faraday (>= 0.9) + sawyer (~> 0.8.0, >= 0.5.3) ohai (8.4.0) ffi (~> 1.9) ffi-yajl (>= 1.1, < 3.0) @@ -207,10 +219,9 @@ GEM plist (3.1.0) polyglot (0.3.5) powerpack (0.0.9) - pry (0.10.1) - coderay (~> 1.1.0) - method_source (~> 0.8.1) - slop (~> 3.4) + pry (0.14.1) + coderay (~> 1.1) + method_source (~> 1.0) pry-byebug (3.1.0) byebug (~> 4.0) pry (~> 0.10) @@ -220,30 +231,33 @@ GEM pry-stack_explorer (0.4.9.2) binding_of_caller (>= 0.7) pry (>= 0.9.11) + public_suffix (4.0.6) + racc (1.5.2) rack (1.6.1) rainbow (2.0.0) - rake (10.4.2) - rb-fsevent (0.9.5) - rb-inotify (0.9.5) - ffi (>= 0.5.0) - retryable (2.0.1) - ridley (4.1.2) + rake (10.5.0) + rb-fsevent (0.11.0) + rb-inotify (0.10.1) + ffi (~> 1.0) + retryable (2.0.4) + ridley (4.6.1) addressable buff-config (~> 1.0) buff-extensions (~> 1.0) - buff-ignore (~> 1.1) + buff-ignore (~> 1.1.1) buff-shell_out (~> 0.1) celluloid (~> 0.16.0) celluloid-io (~> 0.16.1) + chef-config (>= 12.5.0) erubis faraday (~> 0.9.0) - hashie (>= 2.0.2, < 3.0.0) + hashie (>= 2.0.2, < 4.0.0) + httpclient (~> 2.7) json (>= 1.7.7) mixlib-authentication (>= 1.3.0) - net-http-persistent (>= 2.8) - retryable (>= 2.0.0) + retryable (~> 2.0) semverse (~> 1.1) - varia_model (~> 0.4) + varia_model (~> 0.4.0) rspec (3.2.0) rspec-core (~> 3.2.0) rspec-expectations (~> 3.2.0) @@ -271,11 +285,11 @@ GEM ruby-progressbar (~> 1.4) ruby-progressbar (1.7.5) ruby_gntp (0.3.4) - rufus-lru (1.0.5) + rufus-lru (1.1.0) safe_yaml (1.0.4) - sawyer (0.6.0) - addressable (~> 2.3.5) - faraday (~> 0.8, < 0.10) + sawyer (0.8.2) + addressable (>= 2.3.5) + faraday (> 0.8, < 2.0) semverse (1.2.1) serverspec (2.17.0) multi_json @@ -283,9 +297,8 @@ GEM rspec-its specinfra (~> 2.32) shellany (0.0.1) - slop (3.6.0) - solve (1.2.1) - dep_selector (~> 1.0) + solve (2.0.3) + molinillo (~> 0.4.2) semverse (~> 1.1) specinfra (2.34.4) net-scp @@ -297,31 +310,32 @@ GEM net-ssh (~> 2.7) safe_yaml (~> 1.0) thor (~> 0.18) - thor (0.19.1) - timers (4.0.1) + thor (0.20.3) + timers (4.0.4) hitimes - treetop (1.6.2) + tomlrb (1.3.0) + treetop (1.6.11) polyglot (~> 0.3) uuidtools (2.1.5) - varia_model (0.4.0) + varia_model (0.4.1) buff-extensions (~> 1.0) - hashie (>= 2.0.2, < 3.0.0) + hashie (>= 2.0.2, < 4.0.0) wmi-lite (1.0.0) - yajl-ruby (1.2.1) + yajl-ruby (1.4.1) PLATFORMS ruby DEPENDENCIES aws-sdk (~> 2.0) - berkshelf (~> 3.2) + berkshelf (~> 4.0) chef-vault (~> 2.5) - chef-vault-testfixtures (~> 0.4) + chef-vault-testfixtures (~> 0.5) chefspec (~> 4.2) ci_reporter_rspec (~> 1.0) - foodcritic (~> 4.0) + foodcritic (~> 4.0, >= 4.0.0) guard (~> 2.12) - guard-foodcritic (~> 1.1) + guard-foodcritic (~> 1.1, >= 1.1.0) guard-rake (~> 0.0) guard-rspec (~> 4.5) guard-rubocop (~> 1.1) @@ -334,3 +348,6 @@ DEPENDENCIES rubocop (~> 0.28.0) ruby_gntp (~> 0.3) test-kitchen (~> 1.4) + +BUNDLED WITH + 2.1.4