From f36eb767a17cb8946c12bb7b785596b50c9052c3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 29 Apr 2020 20:54:39 -0700 Subject: [PATCH 1/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-JSON-567822 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 801b55a..f59b3fe 100644 --- a/Gemfile +++ b/Gemfile @@ -14,7 +14,7 @@ group :test do gem 'ci_reporter_rspec', '~> 1.0' gem 'test-kitchen', '~> 1.4' gem 'kitchen-vagrant', '~> 0.16' - gem 'berkshelf', '~> 4.0' + gem 'berkshelf', '~> 3.2', '>= 3.2.4' gem 'guard', '~> 2.12' gem 'guard-rspec', '~> 4.5' gem 'guard-foodcritic', '~> 1.1' From 5f954aa5abd32029e55efae9f4b9058641db0e89 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 29 Apr 2020 20:54:40 -0700 Subject: [PATCH 2/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-JSON-567822 --- Gemfile.lock | 69 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 41 insertions(+), 28 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ee7d2b4..a48fa2f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -13,7 +13,7 @@ GEM multi_json (~> 1.0) aws-sdk-resources (2.0.47) aws-sdk-core (= 2.0.47) - berkshelf (3.2.4) + berkshelf (3.3.0) addressable (~> 2.3.4) berkshelf-api-client (~> 1.2) buff-config (~> 1.0) @@ -23,21 +23,23 @@ GEM celluloid-io (~> 0.16.1) cleanroom (~> 1.0) faraday (~> 0.9.0) + httpclient (~> 2.6.0) minitar (~> 0.5.4) octokit (~> 3.0) retryable (~> 2.0) ridley (~> 4.0) solve (~> 1.1) thor (~> 0.19) - berkshelf-api-client (1.2.1) - faraday (~> 0.9.0) + berkshelf-api-client (1.3.1) + faraday (~> 0.9.1) + httpclient (~> 2.6.0) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) buff-config (1.0.1) buff-extensions (~> 1.0) varia_model (~> 0.4) buff-extensions (1.0.0) - buff-ignore (1.1.1) + buff-ignore (1.2.0) buff-ruby_engine (0.1.0) buff-shell_out (0.2.0) buff-ruby_engine (~> 0.1.0) @@ -71,6 +73,12 @@ GEM rspec_junit_formatter (~> 0.2.0) serverspec (~> 2.7) specinfra (~> 2.10) + chef-config (14.2.0) + addressable + fuzzyurl + mixlib-config (~> 2.0) + mixlib-shellout (~> 2.0) + tomlrb (~> 1.2) chef-vault (2.6.1) chef-vault-testfixtures (0.5.0) chef-vault (~> 2.5) @@ -95,18 +103,18 @@ GEM coderay (1.1.0) columnize (0.9.0) debug_inspector (0.0.2) - dep-selector-libgecode (1.0.2) - dep_selector (1.0.3) + dep-selector-libgecode (1.3.5) + dep_selector (1.0.6) dep-selector-libgecode (~> 1.0) ffi (~> 1.9) diff-lcs (1.2.5) erubis (2.7.0) - faraday (0.9.1) + faraday (0.9.2) multipart-post (>= 1.2, < 3) fauxhai (2.3.0) net-ssh ohai - ffi (1.9.8) + ffi (1.12.2) ffi-yajl (2.2.0) libyajl2 (~> 1.2) foodcritic (4.0.0) @@ -118,6 +126,7 @@ GEM treetop (~> 1.4) yajl-ruby (~> 1.1) formatador (0.2.5) + fuzzyurl (0.9.0) gherkin (2.12.2) multi_json (~> 1.3) guard (2.12.5) @@ -146,12 +155,13 @@ GEM rubocop (~> 0.20) hashie (2.1.2) highline (1.7.2) - hitimes (1.2.2) + hitimes (2.0.0) + httpclient (2.6.0.1) interception (0.5) ipaddress (0.8.0) jmespath (1.0.2) multi_json (~> 1.0) - json (1.8.2) + json (2.3.0) kitchen-vagrant (0.18.0) test-kitchen (~> 1.4) libyajl2 (1.2.0) @@ -164,16 +174,14 @@ GEM mime-types (2.6.1) mini_portile (0.6.2) minitar (0.5.4) - mixlib-authentication (1.3.0) - mixlib-log + mixlib-authentication (1.4.2) mixlib-cli (1.5.0) mixlib-config (2.2.1) - mixlib-log (1.6.0) + mixlib-log (1.7.1) mixlib-shellout (2.1.0) multi_json (1.11.0) - multipart-post (2.0.0) + multipart-post (2.1.1) nenv (0.2.0) - net-http-persistent (2.9.4) net-scp (1.2.1) net-ssh (>= 2.6.5) net-ssh (2.9.2) @@ -182,7 +190,7 @@ GEM net-ssh-multi (1.2.1) net-ssh (>= 2.6.5) net-ssh-gateway (>= 1.2.0) - nio4r (1.1.0) + nio4r (2.5.2) nokogiri (1.6.6.2) mini_portile (~> 0.6.0) notiffany (0.0.6) @@ -226,8 +234,8 @@ GEM rb-fsevent (0.9.5) rb-inotify (0.9.5) ffi (>= 0.5.0) - retryable (2.0.1) - ridley (4.1.2) + retryable (2.0.4) + ridley (4.4.2) addressable buff-config (~> 1.0) buff-extensions (~> 1.0) @@ -235,15 +243,16 @@ GEM buff-shell_out (~> 0.1) celluloid (~> 0.16.0) celluloid-io (~> 0.16.1) + chef-config erubis faraday (~> 0.9.0) - hashie (>= 2.0.2, < 3.0.0) + hashie (>= 2.0.2, < 4.0.0) + httpclient (~> 2.6) json (>= 1.7.7) mixlib-authentication (>= 1.3.0) - net-http-persistent (>= 2.8) - retryable (>= 2.0.0) + retryable (~> 2.0) semverse (~> 1.1) - varia_model (~> 0.4) + varia_model (~> 0.4.0) rspec (3.2.0) rspec-core (~> 3.2.0) rspec-expectations (~> 3.2.0) @@ -297,15 +306,16 @@ GEM net-ssh (~> 2.7) safe_yaml (~> 1.0) thor (~> 0.18) - thor (0.19.1) - timers (4.0.1) + thor (0.20.3) + timers (4.0.4) hitimes + tomlrb (1.3.0) treetop (1.6.2) polyglot (~> 0.3) uuidtools (2.1.5) - varia_model (0.4.0) + varia_model (0.4.1) buff-extensions (~> 1.0) - hashie (>= 2.0.2, < 3.0.0) + hashie (>= 2.0.2, < 4.0.0) wmi-lite (1.0.0) yajl-ruby (1.2.1) @@ -314,9 +324,9 @@ PLATFORMS DEPENDENCIES aws-sdk (~> 2.0) - berkshelf (~> 3.2) + berkshelf (~> 3.2, >= 3.2.4) chef-vault (~> 2.5) - chef-vault-testfixtures (~> 0.4) + chef-vault-testfixtures (~> 0.5) chefspec (~> 4.2) ci_reporter_rspec (~> 1.0) foodcritic (~> 4.0) @@ -334,3 +344,6 @@ DEPENDENCIES rubocop (~> 0.28.0) ruby_gntp (~> 0.3) test-kitchen (~> 1.4) + +BUNDLED WITH + 1.17.3