diff options
author | Tim Smith <tsmith@chef.io> | 2018-11-15 12:02:46 -0800 |
---|---|---|
committer | Tim Smith <tsmith@chef.io> | 2018-11-15 12:02:46 -0800 |
commit | c8460b9a3659a6ffd0cea0297a956933743edd92 (patch) | |
tree | ecbd43c0ed6c303c31e04d49d65344b0b98f2d86 | |
parent | 5991cd84731a5c22e4ad411c38334b506d07ab9a (diff) | |
download | chef_zero_rack_cve.tar.gz |
Require chef-zero 14.0.11 or later to resolve Rack gem CVEschef_zero_rack_cve
There are 2 CVEs in rack < 2.0.6. We now require at least 2.0.6 in chef-zero 14.0.11. This requires that version of chef-zero so we can ensure we don't bring in the Rack with CVEs.
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r-- | Gemfile.lock | 8 | ||||
-rw-r--r-- | chef.gemspec | 2 | ||||
-rw-r--r-- | omnibus/Gemfile.lock | 6 |
3 files changed, 8 insertions, 8 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index 286f124d13..9b6c93ddc9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -31,7 +31,7 @@ PATH addressable bundler (>= 1.10) chef-config (= 15.0.69) - chef-zero (>= 13.0) + chef-zero (>= 14.0.11) diff-lcs (~> 1.2, >= 1.2.4) erubis (~> 2.7) ffi (~> 1.9, >= 1.9.25) @@ -61,7 +61,7 @@ PATH addressable bundler (>= 1.10) chef-config (= 15.0.69) - chef-zero (>= 13.0) + chef-zero (>= 14.0.11) diff-lcs (~> 1.2, >= 1.2.4) erubis (~> 2.7) ffi (~> 1.9, >= 1.9.25) @@ -125,11 +125,11 @@ GEM builder (3.2.3) byebug (10.0.2) chef-vault (3.4.3) - chef-zero (14.0.6) + chef-zero (14.0.11) ffi-yajl (~> 2.2) hashie (>= 2.0, < 4.0) mixlib-log (~> 2.0) - rack (~> 2.0) + rack (~> 2.0, >= 2.0.6) uuidtools (~> 2.1) cheffish (14.0.4) chef-zero (~> 14.0) diff --git a/chef.gemspec b/chef.gemspec index 1db824c927..c787e00580 100644 --- a/chef.gemspec +++ b/chef.gemspec @@ -33,7 +33,7 @@ Gem::Specification.new do |s| s.add_dependency "erubis", "~> 2.7" s.add_dependency "diff-lcs", "~> 1.2", ">= 1.2.4" - s.add_dependency "chef-zero", ">= 13.0" + s.add_dependency "chef-zero", ">= 14.0.11" s.add_dependency "plist", "~> 3.2" s.add_dependency "iniparse", "~> 1.4" diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock index a44cfac791..ea3fd8699c 100644 --- a/omnibus/Gemfile.lock +++ b/omnibus/Gemfile.lock @@ -32,7 +32,7 @@ GEM public_suffix (>= 2.0.2, < 4.0) awesome_print (1.8.0) aws-eventstream (1.0.1) - aws-partitions (1.112.0) + aws-partitions (1.113.0) aws-sdk-core (3.38.0) aws-eventstream (~> 1.0) aws-partitions (~> 1.0) @@ -143,11 +143,11 @@ GEM mixlib-shellout (~> 2.0) tomlrb (~> 1.2) chef-sugar (4.1.0) - chef-zero (14.0.6) + chef-zero (14.0.11) ffi-yajl (~> 2.2) hashie (>= 2.0, < 4.0) mixlib-log (~> 2.0) - rack (~> 2.0) + rack (~> 2.0, >= 2.0.6) uuidtools (~> 2.1) citrus (3.0.2) cleanroom (1.0.0) |