From 2ff369cba51fb97128244592fce37292310ec6d3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 28 Apr 2020 19:20:51 -0700 Subject: [PATCH 1/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-CHEF-20450 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 9d643da..f0773a8 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ group :test do gem 'chef-vault', '~> 2.5' gem 'chef-vault-testfixtures', '= 0.2.0' gem 'foodcritic', '~> 4.0' - gem 'chefspec', '~> 4.1' + gem 'chefspec', '~> 4.2', '>= 4.2.0' gem 'ci_reporter_rspec', '~> 1.0' gem 'test-kitchen', '~> 1.3' gem 'kitchen-vagrant', '~> 0.15' From 0b01859dedd7736a0a4776369e6e7c7f7fa04dc6 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 28 Apr 2020 19:20:52 -0700 Subject: [PATCH 2/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-CHEF-20450 --- Gemfile.lock | 177 +++++++++++++++++++++++++++++---------------------- 1 file changed, 101 insertions(+), 76 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index d1f6c4a..4d351ab 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -33,7 +33,7 @@ GEM buff-ruby_engine (0.1.0) buff-shell_out (0.2.0) buff-ruby_engine (~> 0.1.0) - builder (3.2.2) + builder (3.2.4) byebug (4.0.5) columnize (= 0.9.0) celluloid (0.16.0) @@ -41,42 +41,56 @@ GEM celluloid-io (0.16.2) celluloid (>= 0.16.0) nio4r (>= 1.1.0) - chef (12.2.1) - chef-zero (~> 4.0) + chef (13.12.14) + addressable + bundler (>= 1.10) + chef-config (= 13.12.14) + chef-zero (~> 13.0) diff-lcs (~> 1.2, >= 1.2.4) erubis (~> 2.7) - ffi-yajl (>= 1.2, < 3.0) + ffi-yajl (~> 2.2) highline (~> 1.6, >= 1.6.9) - mixlib-authentication (~> 1.3) - mixlib-cli (~> 1.4) - mixlib-config (~> 2.0) + iniparse (~> 1.4) + iso8601 (~> 0.12.1) + mixlib-archive (~> 0.4) + mixlib-authentication (~> 1.4) + mixlib-cli (~> 1.7) mixlib-log (~> 1.3) - mixlib-shellout (>= 2.0.0.rc.0, < 3.0) - net-ssh (~> 2.6) - net-ssh-multi (~> 1.1) - ohai (~> 8.0) - plist (~> 3.1.0) - pry (~> 0.9) - rspec-core (~> 3.2) - rspec-expectations (~> 3.2) - rspec-mocks (~> 3.2) + mixlib-shellout (~> 2.4) + net-sftp (~> 2.1, >= 2.1.2) + net-ssh (>= 2.9, < 5.0) + net-ssh-multi (~> 1.2, >= 1.2.1) + ohai (~> 13.0) + plist (~> 3.2) + proxifier (~> 1.0) + rspec-core (~> 3.5, < 3.8) + rspec-expectations (~> 3.5, < 3.8) + rspec-mocks (~> 3.5, < 3.8) rspec_junit_formatter (~> 0.2.0) serverspec (~> 2.7) specinfra (~> 2.10) + syslog-logger (~> 1.6) + uuidtools (~> 2.1.5) + chef-config (13.12.14) + addressable + fuzzyurl + mixlib-config (>= 2.2.12, < 3.0) + mixlib-shellout (~> 2.0) + tomlrb (~> 1.2) chef-vault (2.5.0) chef-vault-testfixtures (0.2.0) chef-vault (~> 2.5) little-plugger (~> 1.1) rspec (~> 3.1) - chef-zero (4.2.1) - ffi-yajl (>= 1.1, < 3.0) - hashie (~> 2.0) + chef-zero (13.1.0) + ffi-yajl (~> 2.2) + hashie (>= 2.0, < 4.0) mixlib-log (~> 1.3) - rack + rack (~> 2.0) uuidtools (~> 2.1) - chefspec (4.2.0) + chefspec (4.7.0) chef (>= 11.14) - fauxhai (~> 2.0) + fauxhai (~> 3.2) rspec (~> 3.0) ci_reporter (2.0.0) builder (>= 2.1.2) @@ -84,23 +98,21 @@ GEM ci_reporter (~> 2.0) rspec (>= 2.14, < 4) cleanroom (1.0.0) - coderay (1.1.0) + coderay (1.1.2) columnize (0.9.0) debug_inspector (0.0.2) dep-selector-libgecode (1.0.2) dep_selector (1.0.3) dep-selector-libgecode (~> 1.0) ffi (~> 1.9) - diff-lcs (1.2.5) + diff-lcs (1.3) erubis (2.7.0) faraday (0.9.1) multipart-post (>= 1.2, < 3) - fauxhai (2.3.0) + fauxhai (3.10.0) net-ssh - ohai - ffi (1.9.8) - ffi-yajl (2.0.0) - ffi (~> 1.5) + ffi (1.12.2) + ffi-yajl (2.3.3) libyajl2 (~> 1.2) foodcritic (4.0.0) erubis @@ -111,6 +123,7 @@ GEM treetop (~> 1.4) yajl-ruby (~> 1.1) formatador (0.2.5) + fuzzyurl (0.9.0) gherkin (2.12.2) multi_json (~> 1.3) guard (2.8.2) @@ -132,10 +145,12 @@ GEM guard (~> 2.0) rubocop (~> 0.20) hashie (2.1.2) - highline (1.7.1) + highline (1.7.10) hitimes (1.2.2) + iniparse (1.5.0) interception (0.5) - ipaddress (0.8.0) + ipaddress (0.8.3) + iso8601 (0.12.1) json (1.8.2) kitchen-vagrant (0.16.0) test-kitchen (~> 1.0) @@ -146,53 +161,57 @@ GEM rb-inotify (>= 0.9) little-plugger (1.1.3) lumberjack (1.0.9) - method_source (0.8.2) - mime-types (2.4.3) + method_source (1.0.0) mini_portile (0.6.2) minitar (0.5.4) - mixlib-authentication (1.3.0) + mixlib-archive (0.4.20) mixlib-log - mixlib-cli (1.5.0) - mixlib-config (2.1.0) - mixlib-log (1.6.0) - mixlib-shellout (2.0.1) - multi_json (1.11.0) + mixlib-authentication (1.4.2) + mixlib-cli (1.7.0) + mixlib-config (2.2.18) + tomlrb + mixlib-log (1.7.1) + mixlib-shellout (2.4.4) + multi_json (1.14.1) multipart-post (2.0.0) net-http-persistent (2.9.4) net-scp (1.2.1) net-ssh (>= 2.6.5) - net-ssh (2.9.2) - net-ssh-gateway (1.2.0) + net-sftp (2.1.2) + net-ssh (>= 2.6.5) + net-ssh (2.9.4) + net-ssh-gateway (1.3.0) net-ssh (>= 2.6.5) net-ssh-multi (1.2.1) net-ssh (>= 2.6.5) net-ssh-gateway (>= 1.2.0) + net-telnet (0.1.1) nio4r (1.1.0) nokogiri (1.6.6.2) mini_portile (~> 0.6.0) octokit (3.8.0) sawyer (~> 0.6.0, >= 0.5.3) - ohai (8.2.0) + ohai (13.12.6) + chef-config (>= 12.5.0.alpha.1, < 14) ffi (~> 1.9) - ffi-yajl (>= 1.1, < 3.0) + ffi-yajl (~> 2.2) ipaddress - mime-types (~> 2.0) - mixlib-cli + mixlib-cli (< 2.0) mixlib-config (~> 2.0) - mixlib-log + mixlib-log (>= 1.7.1, < 2.0) mixlib-shellout (~> 2.0) - rake (~> 10.1) + plist (~> 3.1) systemu (~> 2.6.4) wmi-lite (~> 1.0) parser (2.2.2.0) ast (>= 1.1, < 3.0) - plist (3.1.0) + plist (3.5.0) polyglot (0.3.5) powerpack (0.0.9) - pry (0.10.1) - coderay (~> 1.1.0) - method_source (~> 0.8.1) - slop (~> 3.4) + proxifier (1.0.3) + pry (0.13.1) + coderay (~> 1.1) + method_source (~> 1.0) pry-byebug (3.1.0) byebug (~> 4.0) pry (~> 0.10) @@ -202,9 +221,9 @@ GEM pry-stack_explorer (0.4.9.2) binding_of_caller (>= 0.7) pry (>= 0.9.11) - rack (1.6.0) + rack (2.2.2) rainbow (2.0.0) - rake (10.4.2) + rake (10.5.0) rb-fsevent (0.9.4) rb-inotify (0.9.5) ffi (>= 0.5.0) @@ -226,26 +245,25 @@ GEM retryable (>= 2.0.0) semverse (~> 1.1) varia_model (~> 0.4) - rspec (3.2.0) - rspec-core (~> 3.2.0) - rspec-expectations (~> 3.2.0) - rspec-mocks (~> 3.2.0) - rspec-core (3.2.3) - rspec-support (~> 3.2.0) - rspec-expectations (3.2.1) + rspec (3.7.0) + rspec-core (~> 3.7.0) + rspec-expectations (~> 3.7.0) + rspec-mocks (~> 3.7.0) + rspec-core (3.7.1) + rspec-support (~> 3.7.0) + rspec-expectations (3.7.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.2.0) - rspec-its (1.2.0) + rspec-support (~> 3.7.0) + rspec-its (1.3.0) rspec-core (>= 3.0.0) rspec-expectations (>= 3.0.0) - rspec-mocks (3.2.1) + rspec-mocks (3.7.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.2.0) - rspec-support (3.2.2) - rspec_junit_formatter (0.2.0) + rspec-support (~> 3.7.0) + rspec-support (3.7.1) + rspec_junit_formatter (0.2.3) builder (< 4) - rspec (>= 2, < 4) - rspec-core (!= 2.12.0) + rspec-core (>= 2, < 4, != 2.12.0) rubocop (0.28.0) astrolabe (~> 1.3) parser (>= 2.2.0.pre.7, < 3.0) @@ -260,18 +278,21 @@ GEM addressable (~> 2.3.5) faraday (~> 0.8, < 0.10) semverse (1.2.1) - serverspec (2.14.1) + serverspec (2.41.5) multi_json rspec (~> 3.0) rspec-its - specinfra (~> 2.25) - slop (3.6.0) + specinfra (~> 2.72) + sfl (2.3) solve (1.2.1) dep_selector (~> 1.0) semverse (~> 1.1) - specinfra (2.28.4) + specinfra (2.82.16) net-scp - net-ssh + net-ssh (>= 2.7) + net-telnet (= 0.1.1) + sfl + syslog-logger (1.6.8) systemu (2.6.5) test-kitchen (1.3.1) mixlib-shellout (>= 1.2, < 3.0) @@ -282,13 +303,14 @@ GEM thor (0.19.1) timers (4.0.1) hitimes + tomlrb (1.3.0) treetop (1.6.2) polyglot (~> 0.3) uuidtools (2.1.5) varia_model (0.4.0) buff-extensions (~> 1.0) hashie (>= 2.0.2, < 3.0.0) - wmi-lite (1.0.0) + wmi-lite (1.0.5) yajl-ruby (1.2.1) PLATFORMS @@ -298,7 +320,7 @@ DEPENDENCIES berkshelf (~> 3.1) chef-vault (~> 2.5) chef-vault-testfixtures (= 0.2.0) - chefspec (~> 4.1) + chefspec (~> 4.2, >= 4.2.0) ci_reporter_rspec (~> 1.0) foodcritic (~> 4.0) guard (~> 2.8.2) @@ -315,3 +337,6 @@ DEPENDENCIES rubocop (~> 0.28.0) ruby_gntp test-kitchen (~> 1.3) + +BUNDLED WITH + 1.17.3