From c7acacd2a90fadf7ebb6b25774550c4138da31cf Mon Sep 17 00:00:00 2001
From: Anton Ouzounov <aouzounov@vmware.com>
Date: Tue, 23 Nov 2021 16:54:16 -0500
Subject: [PATCH] chore: upgrade date gem and bundler

 - upgrade date gem to `~> 3.2.1` for [CVE-2021-41817](https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/)
 - upgrade bundler to version `>= 2.2.32`
 - removing `date-3.0.0` from default rubygems

Signed-off-by: Anton Ouzounov <aouzounov@vmware.com>
---
 base-image/Dockerfile            |  9 ++++----
 base-image/Gemfile.lock          | 36 ++++++++++++++++----------------
 base-image/basegems/Gemfile      |  7 ++++---
 base-image/basegems/Gemfile.lock | 14 +++++++------
 4 files changed, 35 insertions(+), 31 deletions(-)

diff --git a/base-image/Dockerfile b/base-image/Dockerfile
index 8fa724ef..c805f29f 100644
--- a/base-image/Dockerfile
+++ b/base-image/Dockerfile
@@ -46,10 +46,10 @@ RUN git clone git://github.com/rbenv/ruby-build.git $RUBY_PATH/plugins/ruby-buil
     && $RUBY_PATH/plugins/ruby-build/install.sh \
     && ruby-build $RUBY_VERSION $RUBY_PATH/ \
     && gem update --system --no-document \
-    && gem install bundler -v '>= 2.2.30' --default --no-document \
+    && gem install bundler -v '>= 2.2.32' --default --no-document \
     && gem install rexml -v '>= 3.2.5' --default --no-document \
-    && gem install rdoc -v '>= 6.3.2' --default --no-document \
-    && gem install json -v '>= 2.6.0' --default --no-document \
+    && gem install rdoc -v '>= 6.3.3' --default --no-document \
+    && gem install json -v '>= 2.6.1' --default --no-document \
     && gem install webrick -v '>= 1.7.0' --default --no-document \
     && bundler install \
     && gem uninstall rake -v 13.0.6 \
@@ -57,7 +57,8 @@ RUN git clone git://github.com/rbenv/ruby-build.git $RUBY_PATH/plugins/ruby-buil
     && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/rexml-3.2.3.1.gemspec \
     && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/rdoc-6.2.1.1.gemspec \
     && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/json-2.3.0.gemspec \
-    && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/webrick-1.6.1.gemspec
+    && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/webrick-1.6.1.gemspec \
+    && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/date-3.0.0.gemspec
 
 FROM photon:4.0
 ARG RUBY_PATH
diff --git a/base-image/Gemfile.lock b/base-image/Gemfile.lock
index e0171dfa..aedf4ef6 100644
--- a/base-image/Gemfile.lock
+++ b/base-image/Gemfile.lock
@@ -5,30 +5,30 @@ GEM
       public_suffix (>= 2.0.2, < 5.0)
     amq-protocol (2.3.2)
     aws-eventstream (1.2.0)
-    aws-partitions (1.523.0)
-    aws-sdk-cloudwatchlogs (1.46.0)
-      aws-sdk-core (~> 3, >= 3.121.2)
+    aws-partitions (1.534.0)
+    aws-sdk-cloudwatchlogs (1.47.0)
+      aws-sdk-core (~> 3, >= 3.122.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-core (3.121.6)
+    aws-sdk-core (3.123.0)
       aws-eventstream (~> 1, >= 1.0.2)
-      aws-partitions (~> 1, >= 1.520.1)
+      aws-partitions (~> 1, >= 1.525.0)
       aws-sigv4 (~> 1.1)
       jmespath (~> 1.0)
-    aws-sdk-firehose (1.43.0)
-      aws-sdk-core (~> 3, >= 3.121.2)
+    aws-sdk-firehose (1.44.0)
+      aws-sdk-core (~> 3, >= 3.122.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-kinesis (1.36.0)
-      aws-sdk-core (~> 3, >= 3.121.2)
+    aws-sdk-kinesis (1.37.0)
+      aws-sdk-core (~> 3, >= 3.122.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-kms (1.50.0)
-      aws-sdk-core (~> 3, >= 3.121.2)
+    aws-sdk-kms (1.51.0)
+      aws-sdk-core (~> 3, >= 3.122.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.104.0)
-      aws-sdk-core (~> 3, >= 3.121.2)
+    aws-sdk-s3 (1.107.0)
+      aws-sdk-core (~> 3, >= 3.122.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.4)
-    aws-sdk-sqs (1.45.0)
-      aws-sdk-core (~> 3, >= 3.121.2)
+    aws-sdk-sqs (1.47.0)
+      aws-sdk-core (~> 3, >= 3.122.0)
       aws-sigv4 (~> 1.1)
     aws-sigv4 (1.4.0)
       aws-eventstream (~> 1, >= 1.0.2)
@@ -239,9 +239,9 @@ GEM
     logfmt (0.0.9)
     lru_redux (1.1.0)
     ltsv (0.1.2)
-    mime-types (3.3.1)
+    mime-types (3.4.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2021.0901)
+    mime-types-data (3.2021.1115)
     mongo (2.6.4)
       bson (>= 4.3.0, < 5.0.0)
     msgpack (1.4.2)
@@ -341,4 +341,4 @@ DEPENDENCIES
   oj (= 3.11.8)
 
 BUNDLED WITH
-   2.2.30
+   2.2.32
diff --git a/base-image/basegems/Gemfile b/base-image/basegems/Gemfile
index c8fd9852..d8fe9c5c 100644
--- a/base-image/basegems/Gemfile
+++ b/base-image/basegems/Gemfile
@@ -5,9 +5,10 @@ gem 'async-http', '0.54.0'
 gem 'async-io', '1.28.0'
 gem 'async-pool', '0.2.0'
 gem 'bigdecimal'
+gem 'date', '~> 3.2.1'
 gem 'did_you_mean', '1.3.0'
 gem 'ext_monitor', '0.1.2'
-gem 'json', '2.6.0'
+gem 'json', '2.6.1'
 gem 'logger', '1.3.0'
 gem 'matrix', '0.1.0'
 gem 'mutex_m', '0.1.0'
@@ -20,7 +21,7 @@ gem 'protocol-hpack', '1.4.1'
 gem 'protocol-http', '0.21.0'
 gem 'protocol-http1', '0.13.0'
 gem 'protocol-http2', '0.14.0'
-gem 'rdoc', '>= 6.3.2'
+gem 'rdoc', '>= 6.3.3'
 gem 'rexml', '3.2.5'
 gem 'rss', '0.2.7'
 gem 'sync', '0.5.0'
@@ -28,6 +29,6 @@ gem 'thwait'
 gem 'unf_ext'
 gem 'xmlrpc', '0.3.0'
 gem 'webrick'
-gem 'bundler', '>= 2.2.30'
+gem 'bundler', '>= 2.2.32'
 gem 'rake', '13.0.6'
 gem 'resolv', '0.2.1'
diff --git a/base-image/basegems/Gemfile.lock b/base-image/basegems/Gemfile.lock
index 951bfdca..6485d8ff 100644
--- a/base-image/basegems/Gemfile.lock
+++ b/base-image/basegems/Gemfile.lock
@@ -17,14 +17,15 @@ GEM
     async-pool (0.2.0)
       async (~> 1.8)
     bigdecimal (3.0.2)
-    console (1.13.1)
+    console (1.14.0)
       fiber-local
+    date (3.2.2)
     did_you_mean (1.3.0)
     e2mmap (0.1.0)
     ext_monitor (0.1.2)
     fiber-local (1.0.0)
     forwardable (1.3.2)
-    json (2.6.0)
+    json (2.6.1)
     logger (1.3.0)
     matrix (0.1.0)
     mutex_m (0.1.0)
@@ -43,7 +44,7 @@ GEM
       protocol-hpack (~> 1.4)
       protocol-http (~> 0.18)
     rake (13.0.6)
-    rdoc (6.3.2)
+    rdoc (6.3.3)
     resolv (0.2.1)
     rexml (3.2.5)
     rss (0.2.7)
@@ -66,9 +67,10 @@ DEPENDENCIES
   async-pool (= 0.2.0)
   bigdecimal
   bundler (>= 2.2.30)
+  date (>= 3.2.1)
   did_you_mean (= 1.3.0)
   ext_monitor (= 0.1.2)
-  json (= 2.6.0)
+  json (= 2.6.1)
   logger (= 1.3.0)
   matrix (= 0.1.0)
   mutex_m (= 0.1.0)
@@ -82,7 +84,7 @@ DEPENDENCIES
   protocol-http1 (= 0.13.0)
   protocol-http2 (= 0.14.0)
   rake (= 13.0.6)
-  rdoc (>= 6.3.2)
+  rdoc (>= 6.3.3)
   resolv (= 0.2.1)
   rexml (= 3.2.5)
   rss (= 0.2.7)
@@ -93,4 +95,4 @@ DEPENDENCIES
   xmlrpc (= 0.3.0)
 
 BUNDLED WITH
-   2.2.30
+   2.2.32