From 2f6c6d5f13e56285a4434f60e44c782efe52d10e Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 7 Dec 2024 05:46:42 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-8453714
---
 Gemfile      |   2 +-
 Gemfile.lock | 115 ++++++++++++++++++++++++++++++++++-----------------
 2 files changed, 79 insertions(+), 38 deletions(-)

diff --git a/Gemfile b/Gemfile
index 722e7fa59..ecf3a142d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,7 +6,7 @@ group :rake do
   gem 'rake',         '>=0.9.2.2'
   gem 'puppet-lint',  '>=0.1.12'
   gem 'puppetlabs_spec_helper'
-  gem 'puppet-blacksmith'
+  gem 'puppet-blacksmith', '>= 3.0.0'
   gem 'librarian-puppet-maestrodev'
   gem 'rspec-system-puppet',     :require => false
   gem 'serverspec',              :require => false
diff --git a/Gemfile.lock b/Gemfile.lock
index d78d90213..57af6773c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -2,13 +2,21 @@ GEM
   remote: https://rubygems.org/
   specs:
     builder (3.2.2)
-    diff-lcs (1.2.4)
-    facter (1.7.1)
-    hiera (1.2.1)
-      json_pure
+    concurrent-ruby (1.3.4)
+    deep_merge (1.2.2)
+    diff-lcs (1.5.1)
+    domain_name (0.6.20240107)
+    facter (2.5.7)
+    fast_gettext (2.4.0)
+      prime
+    forwardable (1.3.3)
+    hiera (3.12.0)
     highline (1.6.19)
+    hocon (1.4.0)
+    http-accept (1.7.0)
+    http-cookie (1.0.8)
+      domain_name (~> 0.5)
     json (1.8.0)
-    json_pure (1.8.0)
     kwalify (0.7.2)
     librarian (0.1.0)
       highline
@@ -17,47 +25,73 @@ GEM
       json
       librarian (>= 0.1.0)
       thor (~> 0.15)
-    metaclass (0.0.1)
-    mime-types (1.23)
-    mocha (0.14.0)
-      metaclass (~> 0.0.1)
+    locale (2.1.4)
+    logger (1.6.2)
+    mime-types (3.6.0)
+      logger
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2024.1203)
+    minitar (0.12.1)
+    mocha (2.6.1)
+      ruby2_keywords (>= 0.0.5)
+    multi_json (1.15.0)
     net-scp (1.1.2)
       net-ssh (>= 2.6.5)
     net-ssh (2.6.8)
-    nokogiri (1.5.9)
-    puppet (3.2.1)
-      facter (~> 1.6)
-      hiera (~> 1.0)
-      rgen (~> 0.6)
-    puppet-blacksmith (1.0.5)
-      nokogiri
-      puppet (>= 2.7.16)
-      puppetlabs_spec_helper (>= 0.3.0)
-      rake
-      rest-client
+    netrc (0.11.0)
+    nokogiri (1.5.11)
+    pathspec (1.1.3)
+    prime (0.1.3)
+      forwardable
+      singleton
+    puppet (7.34.0)
+      concurrent-ruby (~> 1.0)
+      deep_merge (~> 1.0)
+      facter (> 2.0.1, < 5)
+      fast_gettext (>= 1.1, < 3)
+      hiera (>= 3.2.1, < 4)
+      locale (~> 2.1)
+      multi_json (~> 1.10)
+      puppet-resource_api (~> 1.5)
+      scanf (~> 1.0)
+      semantic_puppet (~> 1.0)
+    puppet-blacksmith (8.0.0)
+      puppet-modulebuilder (~> 2.0, >= 2.0.2)
+      rest-client (~> 2.0)
     puppet-lint (0.3.2)
-    puppetlabs_spec_helper (0.4.1)
-      mocha (>= 0.10.5)
+    puppet-modulebuilder (2.0.2)
+      minitar (~> 0.9)
+      pathspec (>= 0.2.1, < 3.0.0)
+    puppet-resource_api (1.9.0)
+      hocon (>= 1.0)
+    puppet-syntax (4.1.1)
+      puppet (>= 7, < 9)
+      rake (~> 13.1)
+    puppetlabs_spec_helper (1.1.1)
+      mocha
+      puppet-lint
+      puppet-syntax
       rake
-      rspec (>= 2.9.0)
-      rspec-puppet (>= 0.1.1)
-    rake (10.0.4)
+      rspec-puppet
+    rake (13.2.1)
     rbvmomi (1.6.0)
       builder
       nokogiri (>= 1.4.1)
       trollop
-    rest-client (1.6.7)
-      mime-types (>= 1.16)
-    rgen (0.6.2)
-    rspec (2.13.0)
-      rspec-core (~> 2.13.0)
-      rspec-expectations (~> 2.13.0)
-      rspec-mocks (~> 2.13.0)
-    rspec-core (2.13.1)
-    rspec-expectations (2.13.0)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
+    rspec (2.99.0)
+      rspec-core (~> 2.99.0)
+      rspec-expectations (~> 2.99.0)
+      rspec-mocks (~> 2.99.0)
+    rspec-core (2.99.2)
+    rspec-expectations (2.99.2)
       diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.13.1)
-    rspec-puppet (0.1.6)
+    rspec-mocks (2.99.4)
+    rspec-puppet (3.0.0)
       rspec
     rspec-system (2.2.0)
       kwalify (~> 0.7.2)
@@ -72,10 +106,14 @@ GEM
     rspec-system-serverspec (1.0.0)
       rspec-system (~> 2.0)
       serverspec (~> 0.6.0)
+    ruby2_keywords (0.0.5)
+    scanf (1.0.0)
+    semantic_puppet (1.1.0)
     serverspec (0.6.3)
       highline
       net-ssh
       rspec (~> 2.0)
+    singleton (0.3.0)
     systemu (2.5.2)
     thor (0.18.1)
     trollop (2.0)
@@ -86,7 +124,7 @@ PLATFORMS
 DEPENDENCIES
   librarian-puppet-maestrodev
   puppet (>= 3.0.1)
-  puppet-blacksmith
+  puppet-blacksmith (>= 3.0.0)
   puppet-lint (>= 0.1.12)
   puppetlabs_spec_helper
   rake (>= 0.9.2.2)
@@ -94,3 +132,6 @@ DEPENDENCIES
   rspec-system-puppet
   rspec-system-serverspec
   serverspec
+
+BUNDLED WITH
+   2.1.4