From e6802f643cadb2f20db9da6d1b7d475abccf8a96 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 12 Apr 2022 14:06:13 -0400 Subject: [PATCH 1/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index f0f457b..01e60b9 100644 --- a/Gemfile +++ b/Gemfile @@ -1,3 +1,3 @@ source :rubygems -gem 'test-kitchen' +gem 'test-kitchen', '>= 0.7.0' From 072c708f615c26fd0cb5057b169082f534c40c2c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 12 Apr 2022 14:06:13 -0400 Subject: [PATCH 2/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898 --- Gemfile.lock | 207 +++++++++++++++++++++++++-------------------------- 1 file changed, 101 insertions(+), 106 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index bf3ee8a..ee7fb4a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,115 +1,110 @@ GEM remote: http://rubygems.org/ specs: - archive-tar-minitar (0.5.2) - bunny (0.7.9) - chef (10.14.2) - bunny (>= 0.6.0, < 0.8.0) - erubis - highline (>= 1.6.9) - json (>= 1.4.4, <= 1.6.1) - mixlib-authentication (>= 1.3.0) - mixlib-cli (>= 1.1.0) - mixlib-config (>= 1.1.2) - mixlib-log (>= 1.3.0) + bcrypt_pbkdf (1.1.0) + builder (3.2.4) + chef-utils (17.10.0) + concurrent-ruby + concurrent-ruby (1.1.10) + ed25519 (1.3.0) + erubi (1.10.0) + ffi (1.15.5) + gssapi (1.3.1) + ffi (>= 1.0.1) + gyoku (1.4.0) + builder (>= 2.1.2) + rexml (~> 3.0) + httpclient (2.8.3) + license-acceptance (2.1.13) + pastel (~> 0.7) + tomlrb (>= 1.2, < 3.0) + tty-box (~> 0.6) + tty-prompt (~> 0.20) + little-plugger (1.1.4) + logging (2.3.0) + little-plugger (~> 1.1) + multi_json (~> 1.14) + mixlib-install (3.12.16) mixlib-shellout - moneta - net-ssh (~> 2.2.2) - net-ssh-multi (~> 1.1.0) - ohai (>= 0.6.0) - rest-client (>= 1.0.4, < 1.7.0) - treetop (~> 1.4.9) - uuidtools - yajl-ruby (~> 1.1) - childprocess (0.3.5) - ffi (~> 1.0, >= 1.0.6) - coderay (1.0.7) - erubis (2.7.0) - ffi (1.1.5) - foodcritic (1.6.1) - erubis - gherkin (~> 2.11.1) - gist (~> 3.1.0) - nokogiri (= 1.5.0) - pry (~> 0.9.8.4) - rak (~> 1.4) - treetop (~> 1.4.10) - yajl-ruby (~> 1.1.0) - gherkin (2.11.2) - json (>= 1.4.6) - gist (3.1.0) - hashr (0.0.22) - highline (1.6.14) - i18n (0.6.1) - ipaddress (0.8.0) - json (1.5.4) - librarian (0.0.24) - archive-tar-minitar (>= 0.5.2) - chef (>= 0.10) - highline - thor (~> 0.15) - log4r (1.1.10) - method_source (0.7.1) - mime-types (1.19) - mixlib-authentication (1.3.0) - mixlib-log - mixlib-cli (1.2.2) - mixlib-config (1.1.2) - mixlib-log (1.4.1) - mixlib-shellout (1.1.0) - moneta (0.6.0) - net-scp (1.0.4) - net-ssh (>= 1.99.1) - net-ssh (2.2.2) - net-ssh-gateway (1.1.0) - net-ssh (>= 1.99.1) - net-ssh-multi (1.1) - net-ssh (>= 2.1.4) - net-ssh-gateway (>= 0.99.0) - nokogiri (1.5.0) - ohai (6.14.0) - ipaddress - mixlib-cli - mixlib-config - mixlib-log - systemu - yajl-ruby - polyglot (0.3.3) - pry (0.9.8.4) - coderay (~> 1.0.5) - method_source (~> 0.7.1) - slop (>= 2.4.4, < 3) - rak (1.4) - rest-client (1.6.7) - mime-types (>= 1.16) - slop (2.4.4) - systemu (2.5.2) - test-kitchen (0.5.4) - foodcritic (~> 1.4) - hashr (~> 0.0.20) - highline (>= 1.6.9) - librarian (~> 0.0.20) - mixlib-cli (~> 1.2.2) - vagrant (~> 1.0.2) - yajl-ruby (~> 1.1.0) - thor (0.16.0) - treetop (1.4.10) - polyglot - polyglot (>= 0.3.1) - uuidtools (2.1.3) - vagrant (1.0.3) - archive-tar-minitar (= 0.5.2) - childprocess (~> 0.3.1) - erubis (~> 2.7.0) - i18n (~> 0.6.0) - json (~> 1.5.1) - log4r (~> 1.1.9) - net-scp (~> 1.0.4) - net-ssh (~> 2.2.2) - yajl-ruby (1.1.0) + mixlib-versioning + thor + mixlib-shellout (3.2.7) + chef-utils + mixlib-versioning (1.2.12) + multi_json (1.15.0) + net-scp (3.0.0) + net-ssh (>= 2.6.5, < 7.0.0) + net-ssh (6.1.0) + net-ssh-gateway (2.0.0) + net-ssh (>= 4.0.0) + nori (2.6.0) + pastel (0.8.0) + tty-color (~> 0.5) + rexml (3.2.5) + rubyntlm (0.6.3) + rubyzip (2.3.2) + strings (0.2.1) + strings-ansi (~> 0.2) + unicode-display_width (>= 1.5, < 3.0) + unicode_utils (~> 1.4) + strings-ansi (0.2.0) + test-kitchen (3.2.2) + bcrypt_pbkdf (~> 1.0) + chef-utils (>= 16.4.35) + ed25519 (~> 1.2) + license-acceptance (>= 1.0.11, < 3.0) + mixlib-install (~> 3.6) + mixlib-shellout (>= 1.2, < 4.0) + net-scp (>= 1.1, < 4.0) + net-ssh (>= 2.9, < 7.0) + net-ssh-gateway (>= 1.2, < 3.0) + thor (>= 0.19, < 2.0) + winrm (~> 2.0) + winrm-elevated (~> 1.0) + winrm-fs (~> 1.1) + thor (1.2.1) + tomlrb (2.0.1) + tty-box (0.7.0) + pastel (~> 0.8) + strings (~> 0.2.0) + tty-cursor (~> 0.7) + tty-color (0.6.0) + tty-cursor (0.7.1) + tty-prompt (0.23.1) + pastel (~> 0.8) + tty-reader (~> 0.8) + tty-reader (0.9.0) + tty-cursor (~> 0.7) + tty-screen (~> 0.8) + wisper (~> 2.0) + tty-screen (0.8.1) + unicode-display_width (2.1.0) + unicode_utils (1.4.0) + winrm (2.3.6) + builder (>= 2.1.2) + erubi (~> 1.8) + gssapi (~> 1.2) + gyoku (~> 1.0) + httpclient (~> 2.2, >= 2.2.0.2) + logging (>= 1.6.1, < 3.0) + nori (~> 2.0) + rubyntlm (~> 0.6.0, >= 0.6.3) + winrm-elevated (1.2.3) + erubi (~> 1.8) + winrm (~> 2.0) + winrm-fs (~> 1.0) + winrm-fs (1.3.5) + erubi (~> 1.8) + logging (>= 1.6.1, < 3.0) + rubyzip (~> 2.0) + winrm (~> 2.0) + wisper (2.0.1) PLATFORMS ruby DEPENDENCIES - test-kitchen + test-kitchen (>= 0.7.0) + +BUNDLED WITH + 2.1.4