Require chef-zero 14.0.11 or later to resolve Rack gem CVEschef_zero_rack_cve

There are 2 CVEs in rack < 2.0.6. We now require at least 2.0.6 in chef-zero 14.0.11. This requires that version of chef-zero so we can ensure we don't bring in the Rack with CVEs. Signed-off-by: Tim Smith <tsmith@chef.io>
author: Tim Smith <tsmith@chef.io> 2018-11-15 12:02:46 -0800
committer: Tim Smith <tsmith@chef.io> 2018-11-15 12:02:46 -0800
commit: c8460b9a3659a6ffd0cea0297a956933743edd92 (patch)
tree: ecbd43c0ed6c303c31e04d49d65344b0b98f2d86
parent: 5991cd84731a5c22e4ad411c38334b506d07ab9a (diff)
download: chef_zero_rack_cve.tar.gz
3 files changed, 8 insertions, 8 deletions
diff --git a/Gemfile.lock b/Gemfile.lock
index 286f124d13..9b6c93ddc9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -31,7 +31,7 @@ PATH
       addressable
       bundler (>= 1.10)
       chef-config (= 15.0.69)
-      chef-zero (>= 13.0)
+      chef-zero (>= 14.0.11)
       diff-lcs (~> 1.2, >= 1.2.4)
       erubis (~> 2.7)
       ffi (~> 1.9, >= 1.9.25)
@@ -61,7 +61,7 @@ PATH
       addressable
       bundler (>= 1.10)
       chef-config (= 15.0.69)
-      chef-zero (>= 13.0)
+      chef-zero (>= 14.0.11)
       diff-lcs (~> 1.2, >= 1.2.4)
       erubis (~> 2.7)
       ffi (~> 1.9, >= 1.9.25)
@@ -125,11 +125,11 @@ GEM
     builder (3.2.3)
     byebug (10.0.2)
     chef-vault (3.4.3)
-    chef-zero (14.0.6)
+    chef-zero (14.0.11)
       ffi-yajl (~> 2.2)
       hashie (>= 2.0, < 4.0)
       mixlib-log (~> 2.0)
-      rack (~> 2.0)
+      rack (~> 2.0, >= 2.0.6)
       uuidtools (~> 2.1)
     cheffish (14.0.4)
       chef-zero (~> 14.0)
diff --git a/chef.gemspec b/chef.gemspec
index 1db824c927..c787e00580 100644
--- a/chef.gemspec
+++ b/chef.gemspec
@@ -33,7 +33,7 @@ Gem::Specification.new do |s|
   s.add_dependency "erubis", "~> 2.7"
   s.add_dependency "diff-lcs", "~> 1.2", ">= 1.2.4"
 
-  s.add_dependency "chef-zero", ">= 13.0"
+  s.add_dependency "chef-zero", ">= 14.0.11"
 
   s.add_dependency "plist", "~> 3.2"
   s.add_dependency "iniparse", "~> 1.4"
diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock
index a44cfac791..ea3fd8699c 100644
--- a/omnibus/Gemfile.lock
+++ b/omnibus/Gemfile.lock
@@ -32,7 +32,7 @@ GEM
       public_suffix (>= 2.0.2, < 4.0)
     awesome_print (1.8.0)
     aws-eventstream (1.0.1)
-    aws-partitions (1.112.0)
+    aws-partitions (1.113.0)
     aws-sdk-core (3.38.0)
       aws-eventstream (~> 1.0)
       aws-partitions (~> 1.0)
@@ -143,11 +143,11 @@ GEM
       mixlib-shellout (~> 2.0)
       tomlrb (~> 1.2)
     chef-sugar (4.1.0)
-    chef-zero (14.0.6)
+    chef-zero (14.0.11)
       ffi-yajl (~> 2.2)
       hashie (>= 2.0, < 4.0)
       mixlib-log (~> 2.0)
-      rack (~> 2.0)
+      rack (~> 2.0, >= 2.0.6)
       uuidtools (~> 2.1)
     citrus (3.0.2)
     cleanroom (1.0.0)
author	Tim Smith <tsmith@chef.io>	2018-11-15 12:02:46 -0800
committer	Tim Smith <tsmith@chef.io>	2018-11-15 12:02:46 -0800
commit	c8460b9a3659a6ffd0cea0297a956933743edd92 (patch)
tree	ecbd43c0ed6c303c31e04d49d65344b0b98f2d86
parent	5991cd84731a5c22e4ad411c38334b506d07ab9a (diff)
download	chef_zero_rack_cve.tar.gz