From 7ba356c9f304607774a4ee2739ee2a53866a4267 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 6 Mar 2017 12:50:06 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-MINITAR-20335 - https://snyk.io/vuln/SNYK-RUBY-RUBYZIP-20336 Latest report for fenton-project/fenton_integration_test: https://snyk.io/test/github/fenton-project/fenton_integration_test --- Gemfile | 4 +- Gemfile.lock | 128 +++++++++++++++++++++++++++------------------------ 2 files changed, 70 insertions(+), 62 deletions(-) diff --git a/Gemfile b/Gemfile index 357d84f..61e0aab 100644 --- a/Gemfile +++ b/Gemfile @@ -14,7 +14,7 @@ group :style do end group :unit do - gem 'berkshelf' + gem 'berkshelf', '>= 5.2.0' gem 'chefspec' gem 'simplecov' end @@ -22,5 +22,5 @@ end group :integration do gem 'test-kitchen' gem 'kitchen-vagrant' - gem 'kitchen-inspec' + gem 'kitchen-inspec', '>= 0.16.1' end diff --git a/Gemfile.lock b/Gemfile.lock index 5dda5e0..abb449d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -3,10 +3,10 @@ GEM specs: addressable (2.5.0) public_suffix (~> 2.0, >= 2.0.2) - artifactory (2.5.1) + artifactory (2.7.0) ast (2.3.0) backports (3.6.8) - berkshelf (5.2.0) + berkshelf (5.6.3) addressable (~> 2.3, >= 2.3.4) berkshelf-api-client (>= 2.0.2, < 4.0) buff-config (~> 2.0) @@ -16,16 +16,17 @@ GEM faraday (~> 0.9) httpclient (~> 2.7) minitar (~> 0.5, >= 0.5.4) - mixlib-archive (~> 0.1) + mixlib-archive (~> 0.4) octokit (~> 4.0) retryable (~> 2.0) ridley (~> 5.0) solve (> 2.0, < 4.0) - thor (~> 0.19) + thor (~> 0.19, < 0.19.2) berkshelf-api-client (3.0.0) faraday (~> 0.9) httpclient (~> 2.7) ridley (>= 4.5, < 6.0) + blankslate (2.1.2.4) buff-config (2.0.0) buff-extensions (~> 2.0) varia_model (~> 0.6) @@ -34,7 +35,7 @@ GEM buff-ruby_engine (1.0.0) buff-shell_out (1.1.0) buff-ruby_engine (~> 1.0) - builder (3.2.2) + builder (3.2.3) bundler-audit (0.5.0) bundler (~> 1.2) thor (~> 0.18) @@ -43,25 +44,25 @@ GEM celluloid-io (0.16.2) celluloid (>= 0.16.0) nio4r (>= 1.1.0) - chef (12.16.42) + chef (12.19.36) addressable bundler (>= 1.10) - chef-config (= 12.16.42) + chef-config (= 12.19.36) chef-zero (>= 4.8) diff-lcs (~> 1.2, >= 1.2.4) erubis (~> 2.7) ffi-yajl (~> 2.2) highline (~> 1.6, >= 1.6.9) iniparse (~> 1.4) - mixlib-archive (>= 0.2.0) + mixlib-archive (~> 0.4) mixlib-authentication (~> 1.4) mixlib-cli (~> 1.7) mixlib-log (~> 1.3) mixlib-shellout (~> 2.0) net-sftp (~> 2.1, >= 2.1.2) - net-ssh (>= 2.9, < 4.0) - net-ssh-multi (~> 1.1) - ohai (>= 8.6.0.alpha.1, < 9) + net-ssh (>= 2.9, < 5.0) + net-ssh-multi (~> 1.2, >= 1.2.1) + ohai (>= 8.6.0.alpha.1, < 13) plist (~> 3.2) proxifier (~> 1.0) rspec-core (~> 3.5) @@ -72,18 +73,18 @@ GEM specinfra (~> 2.10) syslog-logger (~> 1.6) uuidtools (~> 2.1.5) - chef-config (12.16.42) + chef-config (12.19.36) addressable fuzzyurl mixlib-config (~> 2.0) mixlib-shellout (~> 2.0) - chef-zero (5.1.0) + chef-zero (5.3.0) ffi-yajl (~> 2.2) hashie (>= 2.0, < 4.0) mixlib-log (~> 1.3) rack (~> 2.0) uuidtools (~> 2.1) - chefspec (5.3.0) + chefspec (6.0.1) chef (>= 12.0) fauxhai (~> 3.6) rspec (~> 3.0) @@ -92,21 +93,21 @@ GEM cucumber-core (2.0.0) backports (~> 3.6) gherkin (~> 4.0) - diff-lcs (1.2.5) + diff-lcs (1.3) docile (1.1.5) - docker-api (1.32.1) + docker-api (1.33.2) excon (>= 0.38.0) json erubis (2.7.0) - excon (0.54.0) + excon (0.55.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) fauxhai (3.10.0) net-ssh - ffi (1.9.14) + ffi (1.9.18) ffi-yajl (2.3.0) libyajl2 (~> 1.2) - foodcritic (8.1.0) + foodcritic (9.0.0) cucumber-core (>= 1.3) erubis nokogiri (>= 1.5, < 2.0) @@ -120,12 +121,13 @@ GEM ffi (>= 1.0.1) gyoku (1.3.1) builder (>= 2.1.2) - hashie (3.4.6) + hashie (3.5.5) highline (1.7.8) hitimes (1.2.4) - httpclient (2.8.2.4) + httpclient (2.8.3) iniparse (1.4.2) - inspec (1.5.0) + inspec (1.16.0) + faraday (>= 0.9.0) hashie (~> 3.4) json (>= 1.8, < 3.0) method_source (~> 0.8) @@ -135,17 +137,19 @@ GEM rainbow (~> 2) rspec (~> 3) rspec-its (~> 1.2) + rspec_junit_formatter (~> 0.2.3) rubyzip (~> 1.1) sslshake (~> 1) thor (~> 0.19) - train (>= 0.20.1, < 1.0) + toml (~> 0.1) + train (>= 0.22.0, < 1.0) ipaddress (0.8.3) - json (2.0.2) - kitchen-inspec (0.16.1) + json (2.0.3) + kitchen-inspec (0.17.0) hashie (~> 3.4) inspec (>= 0.34.0, < 2.0.0) test-kitchen (~> 1.6) - kitchen-vagrant (0.20.0) + kitchen-vagrant (1.0.2) test-kitchen (~> 1.4) libyajl2 (1.2.0) little-plugger (1.1.4) @@ -154,14 +158,14 @@ GEM multi_json (~> 1.10) method_source (0.8.2) mini_portile2 (2.1.0) - minitar (0.5.4) - mixlib-archive (0.2.0) + minitar (0.6.1) + mixlib-archive (0.4.1) mixlib-log mixlib-authentication (1.4.1) mixlib-log mixlib-cli (1.7.0) mixlib-config (2.2.4) - mixlib-install (2.1.7) + mixlib-install (2.1.12) artifactory mixlib-shellout mixlib-versioning @@ -169,27 +173,27 @@ GEM mixlib-log (1.7.1) mixlib-shellout (2.2.7) mixlib-versioning (1.1.0) - molinillo (0.5.4) + molinillo (0.5.7) multi_json (1.12.1) multipart-post (2.0.0) net-scp (1.2.1) net-ssh (>= 2.6.5) net-sftp (2.1.2) net-ssh (>= 2.6.5) - net-ssh (3.2.0) - net-ssh-gateway (1.2.0) + net-ssh (4.1.0) + net-ssh-gateway (1.3.0) net-ssh (>= 2.6.5) net-ssh-multi (1.2.1) net-ssh (>= 2.6.5) net-ssh-gateway (>= 1.2.0) net-telnet (0.1.1) - nio4r (1.2.1) - nokogiri (1.6.8.1) + nio4r (2.0.0) + nokogiri (1.7.0.1) mini_portile2 (~> 2.1.0) nori (2.6.0) octokit (4.6.2) sawyer (~> 0.8.0, >= 0.5.3) - ohai (8.21.0) + ohai (8.23.0) chef-config (>= 12.5.0.alpha.1, < 13) ffi (~> 1.9) ffi-yajl (~> 2.2) @@ -202,8 +206,10 @@ GEM systemu (~> 2.6.4) wmi-lite (~> 1.0) parallel (1.10.0) - parser (2.3.2.0) + parser (2.4.0.0) ast (~> 2.2) + parslet (1.5.0) + blankslate (~> 2.0) plist (3.2.0) polyglot (0.3.5) powerpack (0.1.1) @@ -212,10 +218,10 @@ GEM coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) - public_suffix (2.0.4) + public_suffix (2.0.5) rack (2.0.1) - rainbow (2.1.0) - rake (11.3.0) + rainbow (2.2.1) + rake (12.0.0) retryable (2.0.4) ridley (5.1.0) addressable @@ -254,71 +260,73 @@ GEM rspec_junit_formatter (0.2.3) builder (< 4) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (0.45.0) - parser (>= 2.3.1.1, < 3.0) + rubocop (0.47.1) + parser (>= 2.3.3.1, < 3.0) powerpack (~> 0.1) rainbow (>= 1.99.1, < 3.0) ruby-progressbar (~> 1.7) unicode-display_width (~> 1.0, >= 1.0.1) ruby-progressbar (1.8.1) rubyntlm (0.6.1) - rubyzip (1.2.0) + rubyzip (1.2.1) rufus-lru (1.1.0) safe_yaml (1.0.4) sawyer (0.8.1) addressable (>= 2.3.5, < 2.6) faraday (~> 0.8, < 1.0) semverse (2.0.0) - serverspec (2.37.2) + serverspec (2.38.0) multi_json rspec (~> 3.0) rspec-its specinfra (~> 2.53) sfl (2.3) - simplecov (0.12.0) + simplecov (0.13.0) docile (~> 1.1.0) json (>= 1.8, < 3) simplecov-html (~> 0.10.0) simplecov-html (0.10.0) slop (3.6.0) - solve (3.0.1) - molinillo (~> 0.4) + solve (3.1.0) + molinillo (>= 0.5) semverse (>= 1.1, < 3.0) - specinfra (2.66.0) + specinfra (2.67.2) net-scp - net-ssh (>= 2.7, < 4.0) + net-ssh (>= 2.7, < 5.0) net-telnet sfl sslshake (1.0.13) syslog-logger (1.6.8) systemu (2.6.5) - test-kitchen (1.14.0) + test-kitchen (1.16.0) mixlib-install (>= 1.2, < 3.0) mixlib-shellout (>= 1.2, < 3.0) net-scp (~> 1.1) - net-ssh (>= 2.9, < 4.0) - net-ssh-gateway (~> 1.2.0) + net-ssh (>= 2.9, < 5.0) + net-ssh-gateway (~> 1.2) safe_yaml (~> 1.0) - thor (~> 0.18) + thor (~> 0.19, < 0.19.2) thor (0.19.1) timers (4.0.4) hitimes - train (0.21.1) + toml (0.1.2) + parslet (~> 1.5.0) + train (0.22.1) docker-api (~> 1.26) json (>= 1.8, < 3.0) mixlib-shellout (~> 2.0) net-scp (~> 1.2) - net-ssh (>= 2.9, < 4.0) + net-ssh (>= 2.9, < 5.0) winrm (~> 2.0) winrm-fs (~> 1.0) treetop (1.6.8) polyglot (~> 0.3) - unicode-display_width (1.1.1) + unicode-display_width (1.1.3) uuidtools (2.1.5) varia_model (0.6.0) buff-extensions (~> 2.0) hashie (>= 2.0.2, < 4.0.0) - winrm (2.1.0) + winrm (2.1.3) builder (>= 2.1.2) erubis (~> 2.7) gssapi (~> 1.2) @@ -327,7 +335,7 @@ GEM logging (>= 1.6.1, < 3.0) nori (~> 2.0) rubyntlm (~> 0.6.0, >= 0.6.1) - winrm-fs (1.0.0) + winrm-fs (1.0.1) erubis (~> 2.7) logging (>= 1.6.1, < 3.0) rubyzip (~> 1.1) @@ -339,12 +347,12 @@ PLATFORMS ruby DEPENDENCIES - berkshelf + berkshelf (>= 5.2.0) bundler-audit chef chefspec foodcritic - kitchen-inspec + kitchen-inspec (>= 0.16.1) kitchen-vagrant rake rubocop @@ -355,4 +363,4 @@ RUBY VERSION ruby 2.2.3p173 BUNDLED WITH - 1.12.5 + 1.13.6