From 835df2b0ac6723c859392aa0e4183b3276c028eb Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 20 Jan 2023 10:14:14 +0000 Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242 --- Gemfile | 2 +- Gemfile.lock | 44 ++++++++++++++++++++++---------------------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/Gemfile b/Gemfile index 23c5819..357f33e 100644 --- a/Gemfile +++ b/Gemfile @@ -25,7 +25,7 @@ group :development do gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "bolt", "~> 3.24", ">= 3.24.0", require: false - gem "github_changelog_generator", '~> 1.15', require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0') + gem "github_changelog_generator", "~> 1.16", ">= 1.16.4", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0') end group :system_tests do gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] diff --git a/Gemfile.lock b/Gemfile.lock index 6dd868b..1570ec5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,33 +2,33 @@ GEM remote: https://rubygems.org/ specs: CFPropertyList (2.3.6) - activesupport (6.1.4.1) + activesupport (7.0.4.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) ansi (1.5.0) ast (2.4.2) - async (1.30.1) + async (1.30.3) console (~> 1.10) nio4r (~> 2.3) timers (~> 4.1) - async-http (0.56.5) + async-http (0.59.4) async (>= 1.25) async-io (>= 1.28) async-pool (>= 0.2) - protocol-http (~> 0.22.0) + protocol-http (~> 0.23.1) protocol-http1 (~> 0.14.0) protocol-http2 (~> 0.14.0) + traces (>= 0.8.0) async-http-faraday (0.11.0) async-http (~> 0.42) faraday - async-io (1.32.2) + async-io (1.34.1) async - async-pool (0.3.9) + async-pool (0.3.12) async (>= 1.25) awesome_print (1.9.2) aws-eventstream (1.2.0) @@ -75,7 +75,7 @@ GEM colored2 (3.1.2) concurrent-ruby (1.1.10) connection_pool (2.2.5) - console (1.13.1) + console (1.16.2) fiber-local cri (2.15.11) deep_merge (1.2.2) @@ -100,9 +100,9 @@ GEM facterdb (1.12.0) facter (< 5.0.0) jgrep - faraday (0.17.5) + faraday (0.17.6) multipart-post (>= 1.2, < 3) - faraday-http-cache (2.2.0) + faraday-http-cache (2.4.1) faraday (>= 0.8) faraday_middleware (0.14.0) faraday (>= 0.7.4, < 1.0) @@ -157,7 +157,7 @@ GEM http-parser (1.2.3) ffi-compiler (>= 1.0, < 2.0) httpclient (2.8.3) - i18n (1.8.10) + i18n (1.12.0) concurrent-ruby (~> 1.0) jgrep (1.5.4) jmespath (1.6.1) @@ -184,7 +184,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2021.1115) minitar (0.9) - minitest (5.14.4) + minitest (5.17.0) mocha (1.1.0) metaclass (~> 0.0.1) molinillo (0.8.0) @@ -202,7 +202,7 @@ GEM netrc (0.11.0) nio4r (2.5.8) nori (2.6.0) - octokit (4.21.0) + octokit (4.22.0) faraday (>= 0.9) sawyer (~> 0.8.0, >= 0.5.3) optimist (3.0.1) @@ -220,8 +220,8 @@ GEM forwardable singleton protocol-hpack (1.4.2) - protocol-http (0.22.5) - protocol-http1 (0.14.2) + protocol-http (0.23.12) + protocol-http1 (0.14.6) protocol-http (~> 0.22) protocol-http2 (0.14.2) protocol-hpack (~> 1.4) @@ -229,7 +229,7 @@ GEM pry (0.14.1) coderay (~> 1.1) method_source (~> 1.0) - public_suffix (4.0.7) + public_suffix (5.0.1) puppet (7.17.0) concurrent-ruby (~> 1.0) deep_merge (~> 1.0) @@ -433,7 +433,8 @@ GEM unicode-display_width (>= 1.1.1, < 3) text (1.3.1) thor (1.2.1) - timers (4.3.3) + timers (4.3.5) + traces (0.8.0) tty-cursor (0.7.1) tty-pager (0.13.0) strings (~> 0.1.8) @@ -441,7 +442,7 @@ GEM tty-screen (0.8.1) tty-spinner (0.9.3) tty-cursor (~> 0.7) - tzinfo (2.0.4) + tzinfo (2.0.5) concurrent-ruby (~> 1.0) unf (0.1.4) unf_ext @@ -466,14 +467,13 @@ GEM winrm (~> 2.0) yard (0.9.28) webrick (~> 1.7.0) - zeitwerk (2.4.2) PLATFORMS ruby DEPENDENCIES bolt (~> 3.24, >= 3.24.0) - github_changelog_generator (~> 1.15) + github_changelog_generator (~> 1.16, >= 1.16.4) json (~> 2.5) puppet puppet-module-posix-default-r2.6 (~> 1.0)