From 4628a13ae0db93c204e198acf508effb1e4b1612 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 26 Jul 2025 09:34:42 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674179 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674176 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674184 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674192 - https://snyk.io/vuln/SNYK-RUBY-THOR-10843853 - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-10674188 --- Gemfile | 6 +- Gemfile.lock | 280 ++++++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 245 insertions(+), 41 deletions(-) diff --git a/Gemfile b/Gemfile index 722e7fa59..7c7954250 100644 --- a/Gemfile +++ b/Gemfile @@ -7,8 +7,8 @@ group :rake do gem 'puppet-lint', '>=0.1.12' gem 'puppetlabs_spec_helper' gem 'puppet-blacksmith' - gem 'librarian-puppet-maestrodev' - gem 'rspec-system-puppet', :require => false + gem 'librarian-puppet-maestrodev', '>= 0.9.9.6' + gem 'rspec-system-puppet', '>= 2.2.1', :require => false gem 'serverspec', :require => false - gem 'rspec-system-serverspec', :require => false + gem 'rspec-system-serverspec', '>= 1.0.1', :require => false end diff --git a/Gemfile.lock b/Gemfile.lock index d78d90213..ee6129e58 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,30 +1,216 @@ GEM remote: https://rubygems.org/ specs: - builder (3.2.2) - diff-lcs (1.2.4) + CFPropertyList (2.3.6) + activesupport (7.1.5.1) + base64 + benchmark (>= 0.3) + bigdecimal + concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + logger (>= 1.4.2) + minitest (>= 5.1) + mutex_m + securerandom (>= 0.3) + tzinfo (~> 2.0) + base64 (0.3.0) + benchmark (0.4.1) + bigdecimal (3.2.2) + builder (3.3.0) + concurrent-ruby (1.3.5) + connection_pool (2.5.3) + diff-lcs (1.6.2) + drb (2.2.3) + dry-inflector (1.1.0) + excon (0.112.0) facter (1.7.1) + fission (0.5.0) + CFPropertyList (~> 2.2) + fog (1.42.1) + fog-aliyun (>= 0.1.0) + fog-atmos + fog-aws (>= 0.6.0) + fog-brightbox (~> 0.4) + fog-cloudatcost (~> 0.1.0) + fog-core (~> 1.45) + fog-digitalocean (>= 0.3.0) + fog-dnsimple (~> 1.0) + fog-dynect (~> 0.0.2) + fog-ecloud (~> 0.1) + fog-google (<= 0.1.0) + fog-internet-archive + fog-joyent + fog-json + fog-local + fog-openstack + fog-ovirt + fog-powerdns (>= 0.1.1) + fog-profitbricks + fog-rackspace + fog-radosgw (>= 0.0.2) + fog-riakcs + fog-sakuracloud (>= 0.0.4) + fog-serverlove + fog-softlayer + fog-storm_on_demand + fog-terremark + fog-vmfusion + fog-voxel + fog-vsphere (>= 0.4.0) + fog-xenserver + fog-xml (~> 0.1.1) + ipaddress (~> 0.5) + json (~> 2.0) + fog-aliyun (0.3.13) + fog-core + fog-json + ipaddress (~> 0.8) + xml-simple (~> 1.1) + fog-atmos (0.1.0) + fog-core + fog-xml + fog-aws (2.0.1) + fog-core (~> 1.38) + fog-json (~> 1.0) + fog-xml (~> 0.1) + ipaddress (~> 0.8) + fog-brightbox (0.16.1) + dry-inflector + fog-core + fog-json + mime-types + fog-cloudatcost (0.1.2) + fog-core (~> 1.36) + fog-json (~> 1.0) + fog-xml (~> 0.1) + ipaddress (~> 0.8) + fog-core (1.45.0) + builder + excon (~> 0.58) + formatador (~> 0.2) + fog-digitalocean (0.4.0) + fog-core + fog-json + fog-xml + ipaddress (>= 0.5) + fog-dnsimple (1.0.0) + fog-core (~> 1.38) + fog-json (~> 1.0) + fog-dynect (0.0.3) + fog-core + fog-json + fog-xml + fog-ecloud (0.3.0) + fog-core + fog-xml + fog-google (0.1.0) + fog-core + fog-json + fog-xml + fog-internet-archive (0.0.2) + fog-core + fog-json + fog-xml + fog-joyent (0.0.1) + fog-core (~> 1.42) + fog-json (>= 1.0) + fog-json (1.2.0) + fog-core + multi_json (~> 1.10) + fog-local (0.9.0) + fog-core (>= 1.27, < 3.0) + fog-openstack (0.3.10) + fog-core (>= 1.45, <= 2.1.0) + fog-json (>= 1.0) + ipaddress (>= 0.8) + fog-ovirt (2.0.3) + activesupport + fog-core + fog-json + fog-xml + ovirt-engine-sdk (>= 4.3.1) + fog-powerdns (0.2.1) + fog-core + fog-json + fog-xml + fog-profitbricks (4.1.1) + fog-core (~> 1.42) + fog-json (~> 1.0) + fog-rackspace (0.1.6) + fog-core (>= 1.35) + fog-json (>= 1.0) + fog-xml (>= 0.1) + ipaddress (>= 0.8) + fog-radosgw (0.0.5) + fog-core (>= 1.21.0) + fog-json + fog-xml (>= 0.0.1) + fog-riakcs (0.1.0) + fog-core + fog-json + fog-xml + fog-sakuracloud (1.7.5) + fog-core + fog-json + fog-serverlove (0.1.2) + fog-core + fog-json + fog-softlayer (1.1.4) + fog-core + fog-json + fog-storm_on_demand (0.1.1) + fog-core + fog-json + fog-terremark (0.1.0) + fog-core + fog-xml + fog-vmfusion (0.1.0) + fission + fog-core + fog-voxel (0.1.0) + fog-core + fog-xml + fog-vsphere (3.5.3) + fog-core + rbvmomi (>= 1.9, < 3) + fog-xenserver (1.0.0) + fog-core + fog-xml + xmlrpc + fog-xml (0.1.5) + fog-core + nokogiri (>= 1.5.11, < 2.0.0) + formatador (0.3.0) hiera (1.2.1) json_pure - highline (1.6.19) - json (1.8.0) + highline (2.1.0) + i18n (1.14.7) + concurrent-ruby (~> 1.0) + ipaddress (0.8.3) + json (2.13.1) json_pure (1.8.0) kwalify (0.7.2) - librarian (0.1.0) + librarian (0.1.2) highline thor (~> 0.15) - librarian-puppet-maestrodev (0.9.9.2) - json - librarian (>= 0.1.0) - thor (~> 0.15) + librarian-puppet-maestrodev (0.9.11.6) + librarian (>= 0.1.1) + logger (1.7.0) metaclass (0.0.1) mime-types (1.23) + minitest (5.25.5) mocha (0.14.0) metaclass (~> 0.0.1) - net-scp (1.1.2) + multi_json (1.15.0) + mutex_m (0.3.0) + net-scp (1.2.1) net-ssh (>= 2.6.5) - net-ssh (2.6.8) - nokogiri (1.5.9) + net-ssh (2.9.4) + nokogiri (1.5.11) + ovirt-engine-sdk (4.6.0) + json (>= 1, < 3) puppet (3.2.1) facter (~> 1.6) hiera (~> 1.0) @@ -42,55 +228,73 @@ GEM rspec (>= 2.9.0) rspec-puppet (>= 0.1.1) rake (10.0.4) - rbvmomi (1.6.0) - builder - nokogiri (>= 1.4.1) - trollop + rbvmomi (1.13.0) + builder (~> 3.0) + json (>= 1.8) + nokogiri (~> 1.5) + trollop (~> 2.1) rest-client (1.6.7) mime-types (>= 1.16) + rexml (3.4.1) rgen (0.6.2) - rspec (2.13.0) - rspec-core (~> 2.13.0) - rspec-expectations (~> 2.13.0) - rspec-mocks (~> 2.13.0) - rspec-core (2.13.1) - rspec-expectations (2.13.0) + rspec (2.99.0) + rspec-core (~> 2.99.0) + rspec-expectations (~> 2.99.0) + rspec-mocks (~> 2.99.0) + rspec-core (2.99.2) + rspec-expectations (2.99.2) diff-lcs (>= 1.1.3, < 2.0) - rspec-mocks (2.13.1) + rspec-mocks (2.99.4) rspec-puppet (0.1.6) rspec - rspec-system (2.2.0) + rspec-system (2.8.0) + fog (~> 1.18) kwalify (~> 0.7.2) + mime-types (~> 1.16) net-scp (~> 1.1) - net-ssh (~> 2.6) - nokogiri (~> 1.5.9) + net-ssh (~> 2.7) + nokogiri (~> 1.5.10) rbvmomi (~> 1.6) - rspec (~> 2.13) + rspec (~> 2.14) systemu (~> 2.5) - rspec-system-puppet (2.2.0) + rspec-system-puppet (2.2.1) rspec-system (~> 2.0) - rspec-system-serverspec (1.0.0) + rspec-system-serverspec (2.0.1) rspec-system (~> 2.0) - serverspec (~> 0.6.0) - serverspec (0.6.3) + serverspec (~> 0.0) + specinfra (~> 0.0) + securerandom (0.3.2) + serverspec (0.16.0) highline net-ssh - rspec (~> 2.0) - systemu (2.5.2) - thor (0.18.1) - trollop (2.0) + rspec (~> 2.13) + specinfra (>= 0.7.1) + specinfra (0.8.0) + systemu (2.6.5) + thor (0.20.3) + trollop (2.9.10) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + webrick (1.9.1) + xml-simple (1.1.9) + rexml + xmlrpc (0.3.3) + webrick PLATFORMS ruby DEPENDENCIES - librarian-puppet-maestrodev + librarian-puppet-maestrodev (>= 0.9.9.6) puppet (>= 3.0.1) puppet-blacksmith puppet-lint (>= 0.1.12) puppetlabs_spec_helper rake (>= 0.9.2.2) rspec-puppet (>= 0.1.3) - rspec-system-puppet - rspec-system-serverspec + rspec-system-puppet (>= 2.2.1) + rspec-system-serverspec (>= 1.0.1) serverspec + +BUNDLED WITH + 2.1.4