diff options
author | Tim Smith <tsmith84@gmail.com> | 2019-08-28 15:16:50 -0700 |
---|---|---|
committer | Tim Smith <tsmith84@gmail.com> | 2019-09-03 14:01:50 -0700 |
commit | 33dd059fd6547c8c34ff71dbf3dcbe95a11d548e (patch) | |
tree | bc7f8c5488073aa4ade7b559edabf0c4aab04680 | |
parent | d32c038c7b6401bda4a357c2182a9414f4b39860 (diff) | |
download | chef-cve_patch.tar.gz |
Update Ruby to 2.6.4 and nokogori to 10.10.4 to resolve CVEscve_patch
https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md#1104--2019-08-11
https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r-- | omnibus_overrides.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/omnibus_overrides.rb b/omnibus_overrides.rb index 96342de8db..5907f24e95 100644 --- a/omnibus_overrides.rb +++ b/omnibus_overrides.rb @@ -6,7 +6,7 @@ # software here: bundle exec rake dependencies:update_omnibus_gemfile_lock override :rubygems, version: "3.0.3" # rubygems ships its own bundler which may differ from bundler defined below and then we get double bundler which results in performance issues / CLI warnings. Make sure these versions match before bumping either. override :bundler, version: "1.17.2" # currently pinned to what ships in Ruby to prevent double bundler -override "nokogiri", version: "1.10.2" +override "nokogiri", version: "1.10.4" override "libffi", version: "3.2.1" override "libiconv", version: "1.15" override "liblzma", version: "5.2.4" @@ -17,7 +17,7 @@ override "libyaml", version: "0.1.7" override "makedepend", version: "1.0.5" override "ncurses", version: "5.9" override "pkg-config-lite", version: "0.28-1" -override "ruby", version: "2.6.3" +override "ruby", version: "2.6.4" override "ruby-windows-devkit-bash", version: "3.1.23-4-msys-1.0.18" override "util-macros", version: "1.19.0" override "xproto", version: "7.0.28" |