[Chef-18] Updating for CVE-2023-22796 #15298
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: John McCrae <john.mccrae@progress.com>
|
johnmccrae
changed the title
jaymzh
approved these changes
Sep 24, 2025
Collaborator
jaymzh
left a comment
jaymzh
left a comment
There was a problem hiding this comment.
Normally I'd want to point to a main branch version of this, but approving for CVE since it's technically correct. Did we do this on main too?
Finally - didn't we get rid of activesupportt?!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Updating Activesupport to get past CVE-2023-22796
bundle update --conservative activesupport
Fetching gem metadata from https://rubygems.org/.......
Resolving dependencies......
Fetching rake 13.2.1
Installing rake 13.2.1
Fetching base64 0.2.0
Using benchmark 0.4.1
Using concurrent-ruby 1.3.5
Fetching bigdecimal 3.1.9
Fetching connection_pool 2.5.3
Installing base64 0.2.0
Installing connection_pool 2.5.3
Using drb 2.2.3
Using logger 1.5.3
Using minitest 5.25.5
Using mutex_m 0.3.0
Using securerandom 0.4.1
Fetching public_suffix 6.0.1
Installing bigdecimal 3.1.9 with native extensions
Using mixlib-cli 2.1.8
Using ffi 1.16.3 (x64-mingw-ucrt)
Using wmi-lite 1.0.7
Fetching ast 2.4.2
Installing public_suffix 6.0.1
Installing ast 2.4.2
Fetching aws-eventstream 1.3.0
Fetching aws-partitions 1.1048.0
Installing aws-eventstream 1.3.0
Installing aws-partitions 1.1048.0
Using jmespath 1.6.2
Using debug_inspector 1.2.0
Using builder 3.3.0
Using bundler 2.3.27
Fetching byebug 11.1.3
Using fuzzyurl 0.9.0
Using tomlrb 1.3.0
Using libyajl2 2.1.0
Fetching chef-vault 4.1.11
Installing byebug 11.1.3 with native extensions
Installing chef-vault 4.1.11
Fetching hashie 4.1.0
Installing hashie 4.1.0
Fetching rack 3.1.16
Installing rack 3.1.16
Using unf_ext 0.0.8.2 (x64-mingw-ucrt)
Using uuidtools 2.2.0
Using webrick 1.9.1
Using diff-lcs 1.5.1
Using erubis 2.7.0
Using iniparse 1.5.0
Fetching parallel 1.26.3
Installing parallel 1.26.3
Using racc 1.8.1
Using rainbow 3.1.1
Fetching regexp_parser 2.10.0
Installing regexp_parser 2.10.0
Fetching rexml 3.4.0
Installing rexml 3.4.0
Using ruby-progressbar 1.13.0
Using unicode-display_width 2.6.0
Using uri 1.0.3
Fetching json 2.13.2
Installing json 2.13.2 with native extensions
Using tty-color 0.6.0
Using strings-ansi 0.2.0
Using unicode_utils 1.4.0
Using tty-cursor 0.7.1
Using tty-screen 0.8.2
Using wisper 2.0.1
Using method_source 1.1.0
Using multipart-post 2.4.1
Using parslet 2.0.0
Using coderay 1.1.3
Fetching rspec-support 3.12.2
Installing rspec-support 3.12.2
Using rubyzip 2.4.1
Using semverse 3.0.2
Using sslshake 1.3.1
Using thor 1.4.0
Using net-ssh 7.3.0
Using iso8601 0.13.0
Using mixlib-authentication 3.0.10
Using timeout 0.4.3
Using date 3.4.1
Using ipaddress 0.8.3
Using plist 3.7.2
Using proxifier2 1.1.0
Using syslog-logger 1.6.8
Using http-accept 2.1.1
Using domain_name 0.6.20240107
Fetching mime-types-data 3.2025.0204
Installing mime-types-data 3.2025.0204
Using netrc 0.11.0
Using erubi 1.13.1
Fetching httpclient 2.8.3
Installing httpclient 2.8.3
Using little-plugger 1.1.4
Fetching multi_json 1.15.0
Installing multi_json 1.15.0
Using win32-api 1.10.1 (universal-mingw32)
Using structured_warnings 0.4.0
Fetching ed25519 1.3.0
Installing ed25519 1.3.0 with native extensions
Fetching hashdiff 1.1.1
Installing hashdiff 1.1.1
Using openssl 3.3.0
Using rb-readline 0.5.5
Using i18n 1.14.7
Using tzinfo 2.0.6
Using chef-utils 18.8.19 from source at
chef-utilsUsing rubyntlm 0.6.5
Using ffi-win32-extensions 1.0.4
Using win32-process 0.10.0
Using mixlib-log 3.1.2.1
Using corefoundation 0.3.13
Fetching ffi-libarchive 1.1.3
Installing ffi-libarchive 1.1.3
Using gssapi 1.3.1
Using win32-ipc 0.7.0
Using win32-eventlog 0.6.3
Using win32-mmap 0.4.2
Using addressable 2.8.7
Fetching aws-sigv4 1.11.0
Installing aws-sigv4 1.11.0
Using binding_of_caller 1.0.1
Using mixlib-config 3.0.27
Using ffi-yajl 2.6.0
Using rackup 2.2.1
Fetching parser 3.3.7.1
Installing parser 3.3.7.1
Fetching chef-gyoku 1.4.1
Installing chef-gyoku 1.4.1
Using crack 0.4.5
Using net-http 0.6.0
Using pastel 0.8.0
Using strings 0.2.1
Using tty-reader 0.9.0
Using pry 0.13.0
Fetching rspec-core 3.12.3
Installing rspec-core 3.12.3
Fetching rspec-expectations 3.12.4
Installing rspec-expectations 3.12.4
Fetching rspec-mocks 3.12.7
Installing rspec-mocks 3.12.7
Using net-scp 4.1.0
Using net-sftp 4.0.0
Using fauxhai-ng 9.3.0
Using net-protocol 0.2.2
Using time 0.4.1
Using http-cookie 1.0.8
Fetching mime-types 3.6.0
Installing mime-types 3.6.0
Using logging 2.4.0
Using win32-taskscheduler 2.0.4
Fetching mixlib-shellout 3.3.6 (x64-mingw-ucrt)
Installing mixlib-shellout 3.3.6 (x64-mingw-ucrt)
Using win32-service 2.3.2
Using mixlib-archive 1.1.7 (universal-mingw32)
Using win32-event 0.6.3
Using win32-mutex 0.4.3
Fetching aws-sdk-core 3.218.1
Installing aws-sdk-core 3.218.1
Using vault 0.18.2
Using chef-powershell 18.1.0
Fetching rubocop-ast 1.38.0
Installing rubocop-ast 1.38.0
Fetching webmock 3.25.0
Installing webmock 3.25.0
Fetching faraday-net_http 3.4.0
Installing faraday-net_http 3.4.0
Using tty-box 0.7.0
Using tty-prompt 0.23.1
Using tty-table 0.12.0
Fetching pry-byebug 3.10.1
Installing pry-byebug 3.10.1
Using pry-stack_explorer 0.6.1
Fetching rspec-its 1.3.1
Installing rspec-its 1.3.1
Fetching rspec 3.12.0
Installing rspec 3.12.0
Using net-ftp 0.3.8
Using rest-client 2.1.0 from https://github.com/chef/rest-client (at jfm/ucrt_update1@3e962d5)
Using appbundler 0.13.4
Using chef-config 18.8.19 from source at
chef-configFetching aws-sdk-kms 1.98.0
Installing aws-sdk-kms 1.98.0
Fetching aws-sdk-secretsmanager 1.112.0
Installing aws-sdk-secretsmanager 1.112.0
Using win32-certstore 0.6.16
Using rubocop 1.25.1
Using license-acceptance 2.1.13
Using chef-telemetry 1.1.1
Fetching aws-sdk-s3 1.180.0
Installing aws-sdk-s3 1.180.0
Using cookstyle 7.32.8
Using chefstyle 2.2.3
Using train-core 3.12.13
Fetching faraday 2.12.2
Using ohai 18.2.5 from https://github.com/chef/ohai.git (at 18-stable@58ee0df)
Using train-rest 0.5.0
Installing faraday 2.12.2
Using faraday-follow_redirects 0.3.0
Using inspec-core 5.22.95
Using inspec-core-bin 5.22.95
Using activesupport 7.1.5.2
Using nori 2.7.0
Using chef-zero 15.0.21
Using cheffish 17.1.8
Fetching chef-winrm 2.3.11
Installing chef-winrm 2.3.11
Using chef-winrm-fs 1.3.7
Using chef-winrm-elevated 1.2.5
Fetching train-winrm 0.2.17
Installing train-winrm 0.2.17
Using chef 18.8.19 (universal-mingw-ucrt) from source at
.Using chef-bin 18.8.19 from source at
chef-binand installing its executablesBundle updated!
Related Issue
Types of changes
Checklist:
Gemfile.lockhas changed, I have used--conservativeto do it and included the full output in the Description above.