From 3fa7081e7ef05f66a9c742cfb4812f74c03b25b4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 9 Mar 2023 21:42:50 +0000 Subject: [PATCH] fix: Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-RACK-3356639 --- Gemfile.lock | 109 +++++++++++++++++++++++++++------------------------ 1 file changed, 57 insertions(+), 52 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8b4972f..a352ab6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -7,8 +7,8 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) zeitwerk (~> 2.2, >= 2.2.2) - addressable (2.7.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) ast (2.4.1) aws-eventstream (1.1.0) aws-partitions (1.360.0) @@ -168,13 +168,13 @@ GEM azure_mgmt_resources (0.18.0) ms_rest_azure (~> 0.12.0) bcrypt_pbkdf (1.1.0.rc1) - berkshelf (7.1.0) + berkshelf (8.0.5) chef (>= 15.7.32) chef-config cleanroom (~> 1.0) concurrent-ruby (~> 1.0) minitar (>= 0.6) - mixlib-archive (>= 0.4, < 2.0) + mixlib-archive (>= 1.1.4, < 2.0) mixlib-config (>= 2.2.5) mixlib-shellout (>= 2.0, < 4.0) octokit (~> 4.0) @@ -182,12 +182,12 @@ GEM solve (~> 4.0) thor (>= 0.20) builder (3.2.4) - chef (16.4.41) + chef (16.7.61) addressable bcrypt_pbkdf (= 1.1.0.rc1) bundler (>= 1.10) - chef-config (= 16.4.41) - chef-utils (= 16.4.41) + chef-config (= 16.7.61) + chef-utils (= 16.7.61) chef-vault chef-zero (>= 14.0.11) diff-lcs (>= 1.2.4, < 1.4.0) @@ -198,7 +198,7 @@ GEM ffi-yajl (~> 2.2) highline (>= 1.6.9, < 3) iniparse (~> 1.4) - license-acceptance (~> 1.0, >= 1.0.5) + license-acceptance (>= 1.0.5, < 3) mixlib-archive (>= 0.4, < 2.0) mixlib-authentication (>= 2.1, < 4) mixlib-cli (>= 2.1.1, < 3.0) @@ -216,13 +216,14 @@ GEM train-winrm (>= 0.2.5) tty-prompt (~> 0.21) tty-screen (~> 0.6) + tty-table (~> 0.11) uuidtools (~> 2.1.5) chef-api (0.10.10) mime-types mixlib-log (>= 1, < 4) - chef-config (16.4.41) + chef-config (16.7.61) addressable - chef-utils (= 16.4.41) + chef-utils (= 16.7.61) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) @@ -231,20 +232,21 @@ GEM chef-config concurrent-ruby (~> 1.0) ffi-yajl (~> 2.2) - chef-utils (16.4.41) - chef-vault (4.0.11) - chef-zero (15.0.2) + chef-utils (16.7.61) + chef-vault (4.1.11) + chef-zero (15.0.11) ffi-yajl (~> 2.2) hashie (>= 2.0, < 5.0) mixlib-log (>= 2.0, < 4.0) rack (~> 2.0, >= 2.0.6) uuidtools (~> 2.1) + webrick cleanroom (1.0.0) codecov (0.2.8) json simplecov coderay (1.1.3) - concurrent-ruby (1.1.7) + concurrent-ruby (1.2.2) cookstyle (6.15.9) rubocop (= 0.89.1) crack (0.4.3) @@ -260,12 +262,12 @@ GEM unf (>= 0.0.5, < 1.0.0) ecma-re-validator (0.2.1) regexp_parser (~> 1.2) - ed25519 (1.2.4) - equatable (0.6.1) - erubi (1.9.0) + ed25519 (1.3.0) + equatable (0.7.0) + erubi (1.12.0) erubis (2.7.0) excon (0.76.0) - faraday (0.17.3) + faraday (0.17.6) multipart-post (>= 1.2, < 3) faraday-cookie_jar (0.0.6) faraday (>= 0.7.4) @@ -274,11 +276,11 @@ GEM faraday (>= 0.8) faraday_middleware (0.12.2) faraday (>= 0.7.4, < 1.0) - ffi (1.13.1) - ffi-libarchive (1.0.4) + ffi (1.15.5) + ffi-libarchive (1.1.3) ffi (~> 1.0) - ffi-yajl (2.3.4) - libyajl2 (~> 1.2) + ffi-yajl (2.4.0) + libyajl2 (>= 1.2) fuzzyurl (0.9.0) github_changelog_generator (1.15.2) activesupport @@ -303,14 +305,15 @@ GEM multi_json (~> 1.11) os (>= 0.9, < 2.0) signet (~> 0.7) - gssapi (1.3.0) + gssapi (1.3.1) ffi (>= 1.0.1) - gyoku (1.3.1) + gyoku (1.4.0) builder (>= 2.1.2) + rexml (~> 3.0) hana (1.3.6) hashdiff (1.0.1) hashie (3.6.0) - highline (2.0.3) + highline (2.1.0) http-cookie (1.0.3) domain_name (~> 0.5) httpclient (2.8.3) @@ -350,7 +353,7 @@ GEM tty-table (~> 0.10) ipaddress (0.8.3) jmespath (1.4.0) - json (2.3.1) + json (2.6.3) json_schemer (0.2.11) ecma-re-validator (~> 0.2) hana (~> 1.3) @@ -363,14 +366,14 @@ GEM test-kitchen (>= 1.6, < 3) kitchen-vagrant (1.7.0) test-kitchen (>= 1.4, < 3) - libyajl2 (1.2.0) + libyajl2 (2.1.0) license-acceptance (1.0.19) pastel (~> 0.7) tomlrb (~> 1.2) tty-box (~> 0.3) tty-prompt (~> 0.18) little-plugger (1.1.4) - logging (2.3.0) + logging (2.3.1) little-plugger (~> 1.1) multi_json (~> 1.14) memoist (0.16.2) @@ -381,21 +384,21 @@ GEM mini_portile2 (2.4.0) minitar (0.9) minitest (5.14.1) - mixlib-archive (1.0.7) + mixlib-archive (1.1.7) mixlib-log - mixlib-authentication (3.0.7) + mixlib-authentication (3.0.10) mixlib-cli (2.1.8) - mixlib-config (3.0.9) + mixlib-config (3.0.27) tomlrb mixlib-install (3.12.3) mixlib-shellout mixlib-versioning thor mixlib-log (3.0.9) - mixlib-shellout (3.1.4) + mixlib-shellout (3.2.7) chef-utils mixlib-versioning (1.2.12) - molinillo (0.6.6) + molinillo (0.8.0) ms_rest (0.7.6) concurrent-ruby (~> 1.0) faraday (>= 0.9, < 2.0.0) @@ -406,7 +409,7 @@ GEM faraday-cookie_jar (~> 0.0.6) ms_rest (~> 0.7.6) multi_json (1.15.0) - multipart-post (2.1.1) + multipart-post (2.3.0) necromancer (0.5.1) net-scp (2.0.0) net-ssh (>= 2.6.5, < 6.0.0) @@ -421,11 +424,11 @@ GEM nokogiri (1.10.10) mini_portile2 (~> 2.4.0) nori (2.6.0) - octokit (4.18.0) + octokit (4.22.0) faraday (>= 0.9) sawyer (~> 0.8.0, >= 0.5.3) - ohai (16.4.12) - chef-config (>= 12.8, < 17) + ohai (16.17.2) + chef-config (>= 14.12, < 17) chef-utils (>= 16.0, < 17) ffi (~> 1.9) ffi-yajl (~> 2.2) @@ -433,8 +436,9 @@ GEM mixlib-cli (>= 1.7.0) mixlib-config (>= 2.0, < 4.0) mixlib-log (>= 2.0.1, < 4.0) - mixlib-shellout (>= 2.0, < 4.0) + mixlib-shellout (~> 3.2, >= 3.2.5) plist (~> 3.1) + train-core wmi-lite (~> 1.0) os (1.1.1) parallel (1.19.2) @@ -444,13 +448,13 @@ GEM pastel (0.7.4) equatable (~> 0.6) tty-color (~> 0.5) - plist (3.5.0) + plist (3.7.0) proxifier (1.0.3) pry (0.13.1) coderay (~> 1.1) method_source (~> 1.0) - public_suffix (4.0.5) - rack (2.2.3) + public_suffix (5.0.1) + rack (2.2.6.3) rainbow (3.0.0) rake (12.3.3) regexp_parser (1.7.1) @@ -489,13 +493,13 @@ GEM rubocop-ast (0.3.0) parser (>= 2.7.1.4) ruby-progressbar (1.10.1) - rubyntlm (0.6.2) + rubyntlm (0.6.3) rubyzip (1.3.0) safe_yaml (1.0.5) sawyer (0.8.2) addressable (>= 2.3.5) faraday (> 0.8, < 2.0) - semverse (3.0.0) + semverse (3.0.2) signet (0.14.0) addressable (~> 2.3) faraday (>= 0.17.3, < 2.0) @@ -531,7 +535,7 @@ GEM winrm (~> 2.0) winrm-elevated (~> 1.0) winrm-fs (~> 1.1) - thor (1.0.1) + thor (1.2.1) thread_safe (0.3.6) timeliness (0.3.10) tomlrb (1.2.9) @@ -596,13 +600,13 @@ GEM aws-sdk-sns (~> 1.9) aws-sdk-sqs (~> 1.10) aws-sdk-ssm (~> 1.0) - train-core (3.3.16) + train-core (3.10.7) addressable (~> 2.5) ffi (!= 1.13.0) json (>= 1.8, < 3.0) mixlib-shellout (>= 2.0, < 4.0) - net-scp (>= 1.2, < 4.0) - net-ssh (>= 2.9, < 7.0) + net-scp (>= 1.2, < 5.0) + net-ssh (>= 2.9, < 8.0) train-habitat (0.2.13) train-winrm (0.2.6) winrm (~> 2.0) @@ -611,7 +615,7 @@ GEM pastel (~> 0.7.2) strings (~> 0.1.6) tty-cursor (~> 0.7) - tty-color (0.5.2) + tty-color (0.6.0) tty-cursor (0.7.1) tty-prompt (0.21.0) necromancer (~> 0.5.0) @@ -634,7 +638,7 @@ GEM unf (0.1.4) unf_ext unf_ext (0.0.7.7) - unicode-display_width (1.7.0) + unicode-display_width (1.8.0) unicode_utils (1.4.0) uri_template (0.7.0) uuidtools (2.1.5) @@ -642,7 +646,8 @@ GEM addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - winrm (2.3.4) + webrick (1.8.1) + winrm (2.3.6) builder (>= 2.1.2) erubi (~> 1.8) gssapi (~> 1.2) @@ -650,7 +655,7 @@ GEM httpclient (~> 2.2, >= 2.2.0.2) logging (>= 1.6.1, < 3.0) nori (~> 2.0) - rubyntlm (~> 0.6.0, >= 0.6.1) + rubyntlm (~> 0.6.0, >= 0.6.3) winrm-elevated (1.2.1) erubi (~> 1.8) winrm (~> 2.0) @@ -661,7 +666,7 @@ GEM rubyzip (~> 1.1) winrm (~> 2.0) wisper (2.0.1) - wmi-lite (1.0.5) + wmi-lite (1.0.7) zeitwerk (2.4.0) PLATFORMS