From 558b736fc5466d7e14d36624dc11be60194e0e19 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 10 Oct 2025 21:48:25 +0000
Subject: [PATCH] fix: chef/cookbooks/apt/Gemfile &
 chef/cookbooks/apt/Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20432
---
 chef/cookbooks/apt/Gemfile      |   2 +-
 chef/cookbooks/apt/Gemfile.lock | 263 +++++++++++++++++---------------
 2 files changed, 141 insertions(+), 124 deletions(-)

diff --git a/chef/cookbooks/apt/Gemfile b/chef/cookbooks/apt/Gemfile
index 01e60b95c..d9e3034fe 100644
--- a/chef/cookbooks/apt/Gemfile
+++ b/chef/cookbooks/apt/Gemfile
@@ -1,3 +1,3 @@
 source :rubygems
 
-gem 'test-kitchen', '>= 0.7.0'
+gem 'test-kitchen', '>= 1.0.0'
diff --git a/chef/cookbooks/apt/Gemfile.lock b/chef/cookbooks/apt/Gemfile.lock
index 07e4652e0..e362acf9f 100644
--- a/chef/cookbooks/apt/Gemfile.lock
+++ b/chef/cookbooks/apt/Gemfile.lock
@@ -1,132 +1,149 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    archive-tar-minitar (0.5.2)
-    builder (3.1.4)
-    bunny (0.7.9)
-    chef (10.18.2)
-      bunny (>= 0.6.0, < 0.8.0)
-      erubis
-      highline (>= 1.6.9)
-      json (>= 1.4.4, <= 1.6.1)
-      mixlib-authentication (>= 1.3.0)
-      mixlib-cli (>= 1.1.0)
-      mixlib-config (>= 1.1.2)
-      mixlib-log (>= 1.3.0)
+    base64 (0.3.0)
+    bcrypt_pbkdf (1.1.1)
+    bigdecimal (3.3.1)
+    builder (3.3.0)
+    cgi (0.5.0)
+    chef-utils (18.8.11)
+      concurrent-ruby
+    concurrent-ruby (1.3.5)
+    csv (3.3.5)
+    date (3.4.1)
+    ed25519 (1.4.0)
+    erb (4.0.4)
+      cgi (>= 0.3.3)
+    erubi (1.13.1)
+    ffi (1.17.2)
+    gssapi (1.3.1)
+      ffi (>= 1.0.1)
+    gyoku (1.4.0)
+      builder (>= 2.1.2)
+      rexml (~> 3.0)
+    httpclient (2.9.0)
+      mutex_m
+    io-console (0.8.1)
+    irb (1.15.2)
+      pp (>= 0.6.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    license-acceptance (2.1.13)
+      pastel (~> 0.7)
+      tomlrb (>= 1.2, < 3.0)
+      tty-box (~> 0.6)
+      tty-prompt (~> 0.20)
+    little-plugger (1.1.4)
+    logger (1.7.0)
+    logging (2.4.0)
+      little-plugger (~> 1.1)
+      multi_json (~> 1.14)
+    mixlib-install (3.12.30)
       mixlib-shellout
-      moneta (< 0.7.0)
-      net-ssh (~> 2.2.2)
-      net-ssh-multi (~> 1.1.0)
-      ohai (>= 0.6.0)
-      rest-client (>= 1.0.4, < 1.7.0)
-      treetop (~> 1.4.9)
-      uuidtools
-      yajl-ruby (~> 1.1)
-    childprocess (0.3.7)
-      ffi (~> 1.0, >= 1.0.6)
-    coderay (1.0.8)
-    erubis (2.7.0)
-    excon (0.16.10)
-    ffi (1.3.1)
-    fog (1.9.0)
-      builder
-      excon (~> 0.14)
-      formatador (~> 0.2.0)
-      mime-types
-      multi_json (~> 1.0)
-      net-scp (~> 1.0.4)
-      net-ssh (>= 2.1.3)
-      nokogiri (~> 1.5.0)
-      ruby-hmac
-    foodcritic (1.7.0)
-      erubis
-      gherkin (~> 2.11.1)
-      gist (~> 3.1.0)
-      nokogiri (~> 1.5.4)
-      pry (~> 0.9.8.4)
-      rak (~> 1.4)
-      treetop (~> 1.4.10)
-      yajl-ruby (~> 1.1.0)
-    formatador (0.2.4)
-    gherkin (2.11.5)
-      json (>= 1.4.6)
-    gist (3.1.1)
-    hashr (0.0.22)
-    highline (1.6.15)
-    i18n (0.6.1)
-    ipaddress (0.8.0)
-    json (1.5.4)
-    librarian (0.0.26)
-      archive-tar-minitar (>= 0.5.2)
-      chef (>= 0.10)
-      highline
-      thor (~> 0.15)
-    log4r (1.1.10)
-    method_source (0.7.1)
-    mime-types (1.19)
-    mixlib-authentication (1.3.0)
-      mixlib-log
-    mixlib-cli (1.2.2)
-    mixlib-config (1.1.2)
-    mixlib-log (1.4.1)
-    mixlib-shellout (1.1.0)
-    moneta (0.6.0)
-    multi_json (1.5.0)
-    net-scp (1.0.4)
-      net-ssh (>= 1.99.1)
-    net-ssh (2.2.2)
-    net-ssh-gateway (1.1.0)
-      net-ssh (>= 1.99.1)
-    net-ssh-multi (1.1)
-      net-ssh (>= 2.1.4)
-      net-ssh-gateway (>= 0.99.0)
-    nokogiri (1.5.6)
-    ohai (6.16.0)
-      ipaddress
-      mixlib-cli
-      mixlib-config
-      mixlib-log
-      mixlib-shellout
-      systemu
-      yajl-ruby
-    polyglot (0.3.3)
-    pry (0.9.8.4)
-      coderay (~> 1.0.5)
-      method_source (~> 0.7.1)
-      slop (>= 2.4.4, < 3)
-    rak (1.4)
-    rest-client (1.6.7)
-      mime-types (>= 1.16)
-    ruby-hmac (0.4.0)
-    slop (2.4.4)
-    systemu (2.5.2)
-    test-kitchen (0.7.0)
-      fog
-      foodcritic (>= 1.4.0)
-      hashr (~> 0.0.20)
-      highline (>= 1.6.9)
-      librarian (~> 0.0.20)
-      mixlib-cli (~> 1.2.2)
-      vagrant (~> 1.0.2)
-      yajl-ruby (~> 1.1.0)
-    thor (0.16.0)
-    treetop (1.4.12)
-      polyglot
-      polyglot (>= 0.3.1)
-    uuidtools (2.1.3)
-    vagrant (1.0.6)
-      archive-tar-minitar (= 0.5.2)
-      childprocess (~> 0.3.1)
-      erubis (~> 2.7.0)
-      i18n (~> 0.6.0)
-      json (~> 1.5.1)
-      log4r (~> 1.1.9)
-      net-scp (~> 1.0.4)
-      net-ssh (~> 2.2.2)
-    yajl-ruby (1.1.0)
+      mixlib-versioning
+      thor
+    mixlib-shellout (3.3.9)
+      chef-utils
+    mixlib-versioning (1.2.12)
+    multi_json (1.17.0)
+    mutex_m (0.3.0)
+    net-scp (4.1.0)
+      net-ssh (>= 2.6.5, < 8.0.0)
+    net-ssh (7.3.0)
+    net-ssh-gateway (2.0.0)
+      net-ssh (>= 4.0.0)
+    nori (2.7.1)
+      bigdecimal
+    ostruct (0.6.3)
+    pastel (0.8.0)
+      tty-color (~> 0.5)
+    pp (0.6.3)
+      prettyprint
+    prettyprint (0.2.0)
+    psych (5.2.6)
+      date
+      stringio
+    rdoc (6.15.0)
+      erb
+      psych (>= 4.0.0)
+      tsort
+    reline (0.6.2)
+      io-console (~> 0.5)
+    rexml (3.4.4)
+    rubyntlm (0.6.5)
+      base64
+    rubyzip (2.4.1)
+    stringio (3.1.7)
+    strings (0.2.1)
+      strings-ansi (~> 0.2)
+      unicode-display_width (>= 1.5, < 3.0)
+      unicode_utils (~> 1.4)
+    strings-ansi (0.2.0)
+    syslog (0.3.0)
+      logger
+    test-kitchen (3.9.0)
+      bcrypt_pbkdf (~> 1.0)
+      chef-utils (>= 16.4.35)
+      csv (~> 3.3)
+      ed25519 (~> 1.3)
+      irb (~> 1.15)
+      license-acceptance (>= 1.0.11, < 3.0)
+      mixlib-install (~> 3.6)
+      mixlib-shellout (>= 1.2, < 4.0)
+      net-scp (>= 1.1, < 5.0)
+      net-ssh (>= 2.9, < 8.0)
+      net-ssh-gateway (>= 1.2, < 3.0)
+      ostruct (~> 0.6)
+      syslog (~> 0.3)
+      thor (>= 0.19, < 2.0)
+      winrm (~> 2.0)
+      winrm-elevated (~> 1.0)
+      winrm-fs (~> 1.1)
+    thor (1.4.0)
+    tomlrb (2.0.3)
+    tsort (0.2.0)
+    tty-box (0.7.0)
+      pastel (~> 0.8)
+      strings (~> 0.2.0)
+      tty-cursor (~> 0.7)
+    tty-color (0.6.0)
+    tty-cursor (0.7.1)
+    tty-prompt (0.23.1)
+      pastel (~> 0.8)
+      tty-reader (~> 0.8)
+    tty-reader (0.9.0)
+      tty-cursor (~> 0.7)
+      tty-screen (~> 0.8)
+      wisper (~> 2.0)
+    tty-screen (0.8.2)
+    unicode-display_width (2.6.0)
+    unicode_utils (1.4.0)
+    winrm (2.3.9)
+      builder (>= 2.1.2)
+      erubi (~> 1.8)
+      gssapi (~> 1.2)
+      gyoku (~> 1.0)
+      httpclient (~> 2.2, >= 2.2.0.2)
+      logging (>= 1.6.1, < 3.0)
+      nori (~> 2.0, >= 2.7.1)
+      rexml (~> 3.0)
+      rubyntlm (~> 0.6.0, >= 0.6.3)
+    winrm-elevated (1.2.3)
+      erubi (~> 1.8)
+      winrm (~> 2.0)
+      winrm-fs (~> 1.0)
+    winrm-fs (1.3.5)
+      erubi (~> 1.8)
+      logging (>= 1.6.1, < 3.0)
+      rubyzip (~> 2.0)
+      winrm (~> 2.0)
+    wisper (2.0.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  test-kitchen (>= 0.7.0)
+  test-kitchen (>= 1.0.0)
+
+BUNDLED WITH
+   2.3.27