summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Smith <tsmith@chef.io>2018-11-15 12:02:46 -0800
committerTim Smith <tsmith@chef.io>2018-11-15 12:02:46 -0800
commitc8460b9a3659a6ffd0cea0297a956933743edd92 (patch)
treeecbd43c0ed6c303c31e04d49d65344b0b98f2d86
parent5991cd84731a5c22e4ad411c38334b506d07ab9a (diff)
downloadchef_zero_rack_cve.tar.gz
Require chef-zero 14.0.11 or later to resolve Rack gem CVEschef_zero_rack_cve
There are 2 CVEs in rack < 2.0.6. We now require at least 2.0.6 in chef-zero 14.0.11. This requires that version of chef-zero so we can ensure we don't bring in the Rack with CVEs. Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r--Gemfile.lock8
-rw-r--r--chef.gemspec2
-rw-r--r--omnibus/Gemfile.lock6
3 files changed, 8 insertions, 8 deletions
diff --git a/Gemfile.lock b/Gemfile.lock
index 286f124d13..9b6c93ddc9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -31,7 +31,7 @@ PATH
addressable
bundler (>= 1.10)
chef-config (= 15.0.69)
- chef-zero (>= 13.0)
+ chef-zero (>= 14.0.11)
diff-lcs (~> 1.2, >= 1.2.4)
erubis (~> 2.7)
ffi (~> 1.9, >= 1.9.25)
@@ -61,7 +61,7 @@ PATH
addressable
bundler (>= 1.10)
chef-config (= 15.0.69)
- chef-zero (>= 13.0)
+ chef-zero (>= 14.0.11)
diff-lcs (~> 1.2, >= 1.2.4)
erubis (~> 2.7)
ffi (~> 1.9, >= 1.9.25)
@@ -125,11 +125,11 @@ GEM
builder (3.2.3)
byebug (10.0.2)
chef-vault (3.4.3)
- chef-zero (14.0.6)
+ chef-zero (14.0.11)
ffi-yajl (~> 2.2)
hashie (>= 2.0, < 4.0)
mixlib-log (~> 2.0)
- rack (~> 2.0)
+ rack (~> 2.0, >= 2.0.6)
uuidtools (~> 2.1)
cheffish (14.0.4)
chef-zero (~> 14.0)
diff --git a/chef.gemspec b/chef.gemspec
index 1db824c927..c787e00580 100644
--- a/chef.gemspec
+++ b/chef.gemspec
@@ -33,7 +33,7 @@ Gem::Specification.new do |s|
s.add_dependency "erubis", "~> 2.7"
s.add_dependency "diff-lcs", "~> 1.2", ">= 1.2.4"
- s.add_dependency "chef-zero", ">= 13.0"
+ s.add_dependency "chef-zero", ">= 14.0.11"
s.add_dependency "plist", "~> 3.2"
s.add_dependency "iniparse", "~> 1.4"
diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock
index a44cfac791..ea3fd8699c 100644
--- a/omnibus/Gemfile.lock
+++ b/omnibus/Gemfile.lock
@@ -32,7 +32,7 @@ GEM
public_suffix (>= 2.0.2, < 4.0)
awesome_print (1.8.0)
aws-eventstream (1.0.1)
- aws-partitions (1.112.0)
+ aws-partitions (1.113.0)
aws-sdk-core (3.38.0)
aws-eventstream (~> 1.0)
aws-partitions (~> 1.0)
@@ -143,11 +143,11 @@ GEM
mixlib-shellout (~> 2.0)
tomlrb (~> 1.2)
chef-sugar (4.1.0)
- chef-zero (14.0.6)
+ chef-zero (14.0.11)
ffi-yajl (~> 2.2)
hashie (>= 2.0, < 4.0)
mixlib-log (~> 2.0)
- rack (~> 2.0)
+ rack (~> 2.0, >= 2.0.6)
uuidtools (~> 2.1)
citrus (3.0.2)
cleanroom (1.0.0)