Require chef-zero 14.0.11 or later to resolve Rack gem CVEschef_zero_rack_cve

There are 2 CVEs in rack < 2.0.6. We now require at least 2.0.6 in chef-zero 14.0.11. This requires that version of chef-zero so we can ensure we don't bring in the Rack with CVEs. Signed-off-by: Tim Smith <tsmith@chef.io>
author: Tim Smith <tsmith@chef.io> 2018-11-15 12:02:46 -0800
committer: Tim Smith <tsmith@chef.io> 2018-11-15 12:02:46 -0800
commit: c8460b9a3659a6ffd0cea0297a956933743edd92 (patch)
tree: ecbd43c0ed6c303c31e04d49d65344b0b98f2d86 /omnibus
parent: 5991cd84731a5c22e4ad411c38334b506d07ab9a (diff)
download: chef-c8460b9a3659a6ffd0cea0297a956933743edd92.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock
index a44cfac791..ea3fd8699c 100644
--- a/omnibus/Gemfile.lock
+++ b/omnibus/Gemfile.lock
@@ -32,7 +32,7 @@ GEM
       public_suffix (>= 2.0.2, < 4.0)
     awesome_print (1.8.0)
     aws-eventstream (1.0.1)
-    aws-partitions (1.112.0)
+    aws-partitions (1.113.0)
     aws-sdk-core (3.38.0)
       aws-eventstream (~> 1.0)
       aws-partitions (~> 1.0)
@@ -143,11 +143,11 @@ GEM
       mixlib-shellout (~> 2.0)
       tomlrb (~> 1.2)
     chef-sugar (4.1.0)
-    chef-zero (14.0.6)
+    chef-zero (14.0.11)
       ffi-yajl (~> 2.2)
       hashie (>= 2.0, < 4.0)
       mixlib-log (~> 2.0)
-      rack (~> 2.0)
+      rack (~> 2.0, >= 2.0.6)
       uuidtools (~> 2.1)
     citrus (3.0.2)
     cleanroom (1.0.0)
author	Tim Smith <tsmith@chef.io>	2018-11-15 12:02:46 -0800
committer	Tim Smith <tsmith@chef.io>	2018-11-15 12:02:46 -0800
commit	c8460b9a3659a6ffd0cea0297a956933743edd92 (patch)
tree	ecbd43c0ed6c303c31e04d49d65344b0b98f2d86 /omnibus
parent	5991cd84731a5c22e4ad411c38334b506d07ab9a (diff)
download	chef-c8460b9a3659a6ffd0cea0297a956933743edd92.tar.gz