From 8c44bb5b4b448a53832a95e9547411de8925fc7b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 16 Mar 2023 17:59:53 +0000 Subject: [PATCH] fix: Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028 - https://snyk.io/vuln/SNYK-RUBY-RACK-3360233 --- Gemfile.lock | 169 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 102 insertions(+), 67 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8b4972f..138fd2b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,15 +1,33 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.0.3.2) + activesupport (7.0.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) - addressable (2.7.0) - public_suffix (>= 2.0.2, < 5.0) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) ast (2.4.1) + async (1.31.0) + console (~> 1.10) + nio4r (~> 2.3) + timers (~> 4.1) + async-http (0.60.1) + async (>= 1.25) + async-io (>= 1.28) + async-pool (>= 0.2) + protocol-http (~> 0.24.0) + protocol-http1 (~> 0.15.0) + protocol-http2 (~> 0.15.0) + traces (>= 0.8.0) + async-http-faraday (0.11.0) + async-http (~> 0.42) + faraday + async-io (1.34.3) + async + async-pool (0.4.0) + async (>= 1.25) aws-eventstream (1.1.0) aws-partitions (1.360.0) aws-sdk-apigateway (1.51.0) @@ -168,13 +186,13 @@ GEM azure_mgmt_resources (0.18.0) ms_rest_azure (~> 0.12.0) bcrypt_pbkdf (1.1.0.rc1) - berkshelf (7.1.0) + berkshelf (8.0.5) chef (>= 15.7.32) chef-config cleanroom (~> 1.0) concurrent-ruby (~> 1.0) minitar (>= 0.6) - mixlib-archive (>= 0.4, < 2.0) + mixlib-archive (>= 1.1.4, < 2.0) mixlib-config (>= 2.2.5) mixlib-shellout (>= 2.0, < 4.0) octokit (~> 4.0) @@ -182,12 +200,12 @@ GEM solve (~> 4.0) thor (>= 0.20) builder (3.2.4) - chef (16.4.41) + chef (16.7.61) addressable bcrypt_pbkdf (= 1.1.0.rc1) bundler (>= 1.10) - chef-config (= 16.4.41) - chef-utils (= 16.4.41) + chef-config (= 16.7.61) + chef-utils (= 16.7.61) chef-vault chef-zero (>= 14.0.11) diff-lcs (>= 1.2.4, < 1.4.0) @@ -198,7 +216,7 @@ GEM ffi-yajl (~> 2.2) highline (>= 1.6.9, < 3) iniparse (~> 1.4) - license-acceptance (~> 1.0, >= 1.0.5) + license-acceptance (>= 1.0.5, < 3) mixlib-archive (>= 0.4, < 2.0) mixlib-authentication (>= 2.1, < 4) mixlib-cli (>= 2.1.1, < 3.0) @@ -216,13 +234,14 @@ GEM train-winrm (>= 0.2.5) tty-prompt (~> 0.21) tty-screen (~> 0.6) + tty-table (~> 0.11) uuidtools (~> 2.1.5) chef-api (0.10.10) mime-types mixlib-log (>= 1, < 4) - chef-config (16.4.41) + chef-config (16.7.61) addressable - chef-utils (= 16.4.41) + chef-utils (= 16.7.61) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) @@ -231,20 +250,23 @@ GEM chef-config concurrent-ruby (~> 1.0) ffi-yajl (~> 2.2) - chef-utils (16.4.41) - chef-vault (4.0.11) - chef-zero (15.0.2) + chef-utils (16.7.61) + chef-vault (4.1.11) + chef-zero (15.0.11) ffi-yajl (~> 2.2) hashie (>= 2.0, < 5.0) mixlib-log (>= 2.0, < 4.0) rack (~> 2.0, >= 2.0.6) uuidtools (~> 2.1) + webrick cleanroom (1.0.0) codecov (0.2.8) json simplecov coderay (1.1.3) - concurrent-ruby (1.1.7) + concurrent-ruby (1.2.2) + console (1.16.2) + fiber-local cookstyle (6.15.9) rubocop (= 0.89.1) crack (0.4.3) @@ -260,34 +282,36 @@ GEM unf (>= 0.0.5, < 1.0.0) ecma-re-validator (0.2.1) regexp_parser (~> 1.2) - ed25519 (1.2.4) - equatable (0.6.1) - erubi (1.9.0) + ed25519 (1.3.0) + equatable (0.7.0) + erubi (1.12.0) erubis (2.7.0) excon (0.76.0) - faraday (0.17.3) + faraday (0.17.6) multipart-post (>= 1.2, < 3) faraday-cookie_jar (0.0.6) faraday (>= 0.7.4) http-cookie (~> 1.0.0) - faraday-http-cache (2.2.0) + faraday-http-cache (2.4.1) faraday (>= 0.8) faraday_middleware (0.12.2) faraday (>= 0.7.4, < 1.0) - ffi (1.13.1) - ffi-libarchive (1.0.4) + ffi (1.15.5) + ffi-libarchive (1.1.3) ffi (~> 1.0) - ffi-yajl (2.3.4) - libyajl2 (~> 1.2) + ffi-yajl (2.4.0) + libyajl2 (>= 1.2) + fiber-local (1.0.0) fuzzyurl (0.9.0) - github_changelog_generator (1.15.2) + github_changelog_generator (1.16.4) activesupport + async (>= 1.25.0) + async-http-faraday faraday-http-cache multi_json octokit (~> 4.6) rainbow (>= 2.2.1) rake (>= 10.0) - retriable (~> 3.0) google-api-client (0.23.9) addressable (~> 2.5, >= 2.5.1) googleauth (>= 0.5, < 0.7.0) @@ -303,18 +327,19 @@ GEM multi_json (~> 1.11) os (>= 0.9, < 2.0) signet (~> 0.7) - gssapi (1.3.0) + gssapi (1.3.1) ffi (>= 1.0.1) - gyoku (1.3.1) + gyoku (1.4.0) builder (>= 2.1.2) + rexml (~> 3.0) hana (1.3.6) hashdiff (1.0.1) hashie (3.6.0) - highline (2.0.3) + highline (2.1.0) http-cookie (1.0.3) domain_name (~> 0.5) httpclient (2.8.3) - i18n (1.8.5) + i18n (1.12.0) concurrent-ruby (~> 1.0) inifile (3.0.0) iniparse (1.5.0) @@ -350,7 +375,7 @@ GEM tty-table (~> 0.10) ipaddress (0.8.3) jmespath (1.4.0) - json (2.3.1) + json (2.6.3) json_schemer (0.2.11) ecma-re-validator (~> 0.2) hana (~> 1.3) @@ -363,14 +388,14 @@ GEM test-kitchen (>= 1.6, < 3) kitchen-vagrant (1.7.0) test-kitchen (>= 1.4, < 3) - libyajl2 (1.2.0) + libyajl2 (2.1.0) license-acceptance (1.0.19) pastel (~> 0.7) tomlrb (~> 1.2) tty-box (~> 0.3) tty-prompt (~> 0.18) little-plugger (1.1.4) - logging (2.3.0) + logging (2.3.1) little-plugger (~> 1.1) multi_json (~> 1.14) memoist (0.16.2) @@ -380,22 +405,22 @@ GEM mime-types-data (3.2020.0512) mini_portile2 (2.4.0) minitar (0.9) - minitest (5.14.1) - mixlib-archive (1.0.7) + minitest (5.18.0) + mixlib-archive (1.1.7) mixlib-log - mixlib-authentication (3.0.7) + mixlib-authentication (3.0.10) mixlib-cli (2.1.8) - mixlib-config (3.0.9) + mixlib-config (3.0.27) tomlrb mixlib-install (3.12.3) mixlib-shellout mixlib-versioning thor mixlib-log (3.0.9) - mixlib-shellout (3.1.4) + mixlib-shellout (3.2.7) chef-utils mixlib-versioning (1.2.12) - molinillo (0.6.6) + molinillo (0.8.0) ms_rest (0.7.6) concurrent-ruby (~> 1.0) faraday (>= 0.9, < 2.0.0) @@ -406,7 +431,7 @@ GEM faraday-cookie_jar (~> 0.0.6) ms_rest (~> 0.7.6) multi_json (1.15.0) - multipart-post (2.1.1) + multipart-post (2.3.0) necromancer (0.5.1) net-scp (2.0.0) net-ssh (>= 2.6.5, < 6.0.0) @@ -418,14 +443,15 @@ GEM net-ssh-multi (1.2.1) net-ssh (>= 2.6.5) net-ssh-gateway (>= 1.2.0) + nio4r (2.5.8) nokogiri (1.10.10) mini_portile2 (~> 2.4.0) nori (2.6.0) - octokit (4.18.0) + octokit (4.22.0) faraday (>= 0.9) sawyer (~> 0.8.0, >= 0.5.3) - ohai (16.4.12) - chef-config (>= 12.8, < 17) + ohai (16.17.2) + chef-config (>= 14.12, < 17) chef-utils (>= 16.0, < 17) ffi (~> 1.9) ffi-yajl (~> 2.2) @@ -433,8 +459,9 @@ GEM mixlib-cli (>= 1.7.0) mixlib-config (>= 2.0, < 4.0) mixlib-log (>= 2.0.1, < 4.0) - mixlib-shellout (>= 2.0, < 4.0) + mixlib-shellout (~> 3.2, >= 3.2.5) plist (~> 3.1) + train-core wmi-lite (~> 1.0) os (1.1.1) parallel (1.19.2) @@ -444,14 +471,21 @@ GEM pastel (0.7.4) equatable (~> 0.6) tty-color (~> 0.5) - plist (3.5.0) + plist (3.7.0) + protocol-hpack (1.4.2) + protocol-http (0.24.1) + protocol-http1 (0.15.0) + protocol-http (~> 0.22) + protocol-http2 (0.15.1) + protocol-hpack (~> 1.4) + protocol-http (~> 0.18) proxifier (1.0.3) pry (0.13.1) coderay (~> 1.1) method_source (~> 1.0) - public_suffix (4.0.5) - rack (2.2.3) - rainbow (3.0.0) + public_suffix (5.0.1) + rack (2.2.6.4) + rainbow (3.1.1) rake (12.3.3) regexp_parser (1.7.1) representable (3.0.4) @@ -489,13 +523,13 @@ GEM rubocop-ast (0.3.0) parser (>= 2.7.1.4) ruby-progressbar (1.10.1) - rubyntlm (0.6.2) + rubyntlm (0.6.3) rubyzip (1.3.0) safe_yaml (1.0.5) sawyer (0.8.2) addressable (>= 2.3.5) faraday (> 0.8, < 2.0) - semverse (3.0.0) + semverse (3.0.2) signet (0.14.0) addressable (~> 2.3) faraday (>= 0.17.3, < 2.0) @@ -531,10 +565,11 @@ GEM winrm (~> 2.0) winrm-elevated (~> 1.0) winrm-fs (~> 1.1) - thor (1.0.1) - thread_safe (0.3.6) + thor (1.2.1) timeliness (0.3.10) + timers (4.3.5) tomlrb (1.2.9) + traces (0.9.1) train (3.1.4) azure_graph_rbac (~> 0.16) azure_mgmt_key_vault (~> 0.17) @@ -596,13 +631,13 @@ GEM aws-sdk-sns (~> 1.9) aws-sdk-sqs (~> 1.10) aws-sdk-ssm (~> 1.0) - train-core (3.3.16) + train-core (3.10.7) addressable (~> 2.5) ffi (!= 1.13.0) json (>= 1.8, < 3.0) mixlib-shellout (>= 2.0, < 4.0) - net-scp (>= 1.2, < 4.0) - net-ssh (>= 2.9, < 7.0) + net-scp (>= 1.2, < 5.0) + net-ssh (>= 2.9, < 8.0) train-habitat (0.2.13) train-winrm (0.2.6) winrm (~> 2.0) @@ -611,7 +646,7 @@ GEM pastel (~> 0.7.2) strings (~> 0.1.6) tty-cursor (~> 0.7) - tty-color (0.5.2) + tty-color (0.6.0) tty-cursor (0.7.1) tty-prompt (0.21.0) necromancer (~> 0.5.0) @@ -628,13 +663,13 @@ GEM pastel (~> 0.7.2) strings (~> 0.1.5) tty-screen (~> 0.7) - tzinfo (1.2.7) - thread_safe (~> 0.1) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) uber (0.1.0) unf (0.1.4) unf_ext unf_ext (0.0.7.7) - unicode-display_width (1.7.0) + unicode-display_width (1.8.0) unicode_utils (1.4.0) uri_template (0.7.0) uuidtools (2.1.5) @@ -642,7 +677,8 @@ GEM addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - winrm (2.3.4) + webrick (1.8.1) + winrm (2.3.6) builder (>= 2.1.2) erubi (~> 1.8) gssapi (~> 1.2) @@ -650,7 +686,7 @@ GEM httpclient (~> 2.2, >= 2.2.0.2) logging (>= 1.6.1, < 3.0) nori (~> 2.0) - rubyntlm (~> 0.6.0, >= 0.6.1) + rubyntlm (~> 0.6.0, >= 0.6.3) winrm-elevated (1.2.1) erubi (~> 1.8) winrm (~> 2.0) @@ -661,8 +697,7 @@ GEM rubyzip (~> 1.1) winrm (~> 2.0) wisper (2.0.1) - wmi-lite (1.0.5) - zeitwerk (2.4.0) + wmi-lite (1.0.7) PLATFORMS ruby