From c7acacd2a90fadf7ebb6b25774550c4138da31cf Mon Sep 17 00:00:00 2001 From: Anton Ouzounov <aouzounov@vmware.com> Date: Tue, 23 Nov 2021 16:54:16 -0500 Subject: [PATCH] chore: upgrade date gem and bundler - upgrade date gem to `~> 3.2.1` for [CVE-2021-41817](https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/) - upgrade bundler to version `>= 2.2.32` - removing `date-3.0.0` from default rubygems Signed-off-by: Anton Ouzounov <aouzounov@vmware.com> --- base-image/Dockerfile | 9 ++++---- base-image/Gemfile.lock | 36 ++++++++++++++++---------------- base-image/basegems/Gemfile | 7 ++++--- base-image/basegems/Gemfile.lock | 14 +++++++------ 4 files changed, 35 insertions(+), 31 deletions(-) diff --git a/base-image/Dockerfile b/base-image/Dockerfile index 8fa724ef..c805f29f 100644 --- a/base-image/Dockerfile +++ b/base-image/Dockerfile @@ -46,10 +46,10 @@ RUN git clone git://github.com/rbenv/ruby-build.git $RUBY_PATH/plugins/ruby-buil && $RUBY_PATH/plugins/ruby-build/install.sh \ && ruby-build $RUBY_VERSION $RUBY_PATH/ \ && gem update --system --no-document \ - && gem install bundler -v '>= 2.2.30' --default --no-document \ + && gem install bundler -v '>= 2.2.32' --default --no-document \ && gem install rexml -v '>= 3.2.5' --default --no-document \ - && gem install rdoc -v '>= 6.3.2' --default --no-document \ - && gem install json -v '>= 2.6.0' --default --no-document \ + && gem install rdoc -v '>= 6.3.3' --default --no-document \ + && gem install json -v '>= 2.6.1' --default --no-document \ && gem install webrick -v '>= 1.7.0' --default --no-document \ && bundler install \ && gem uninstall rake -v 13.0.6 \ @@ -57,7 +57,8 @@ RUN git clone git://github.com/rbenv/ruby-build.git $RUBY_PATH/plugins/ruby-buil && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/rexml-3.2.3.1.gemspec \ && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/rdoc-6.2.1.1.gemspec \ && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/json-2.3.0.gemspec \ - && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/webrick-1.6.1.gemspec + && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/webrick-1.6.1.gemspec \ + && rm -rf $RUBY_PATH/lib/ruby/gems/2.7.0/specifications/default/date-3.0.0.gemspec FROM photon:4.0 ARG RUBY_PATH diff --git a/base-image/Gemfile.lock b/base-image/Gemfile.lock index e0171dfa..aedf4ef6 100644 --- a/base-image/Gemfile.lock +++ b/base-image/Gemfile.lock @@ -5,30 +5,30 @@ GEM public_suffix (>= 2.0.2, < 5.0) amq-protocol (2.3.2) aws-eventstream (1.2.0) - aws-partitions (1.523.0) - aws-sdk-cloudwatchlogs (1.46.0) - aws-sdk-core (~> 3, >= 3.121.2) + aws-partitions (1.534.0) + aws-sdk-cloudwatchlogs (1.47.0) + aws-sdk-core (~> 3, >= 3.122.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.121.6) + aws-sdk-core (3.123.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.520.1) + aws-partitions (~> 1, >= 1.525.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-firehose (1.43.0) - aws-sdk-core (~> 3, >= 3.121.2) + aws-sdk-firehose (1.44.0) + aws-sdk-core (~> 3, >= 3.122.0) aws-sigv4 (~> 1.1) - aws-sdk-kinesis (1.36.0) - aws-sdk-core (~> 3, >= 3.121.2) + aws-sdk-kinesis (1.37.0) + aws-sdk-core (~> 3, >= 3.122.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.50.0) - aws-sdk-core (~> 3, >= 3.121.2) + aws-sdk-kms (1.51.0) + aws-sdk-core (~> 3, >= 3.122.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.104.0) - aws-sdk-core (~> 3, >= 3.121.2) + aws-sdk-s3 (1.107.0) + aws-sdk-core (~> 3, >= 3.122.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) - aws-sdk-sqs (1.45.0) - aws-sdk-core (~> 3, >= 3.121.2) + aws-sdk-sqs (1.47.0) + aws-sdk-core (~> 3, >= 3.122.0) aws-sigv4 (~> 1.1) aws-sigv4 (1.4.0) aws-eventstream (~> 1, >= 1.0.2) @@ -239,9 +239,9 @@ GEM logfmt (0.0.9) lru_redux (1.1.0) ltsv (0.1.2) - mime-types (3.3.1) + mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2021.0901) + mime-types-data (3.2021.1115) mongo (2.6.4) bson (>= 4.3.0, < 5.0.0) msgpack (1.4.2) @@ -341,4 +341,4 @@ DEPENDENCIES oj (= 3.11.8) BUNDLED WITH - 2.2.30 + 2.2.32 diff --git a/base-image/basegems/Gemfile b/base-image/basegems/Gemfile index c8fd9852..d8fe9c5c 100644 --- a/base-image/basegems/Gemfile +++ b/base-image/basegems/Gemfile @@ -5,9 +5,10 @@ gem 'async-http', '0.54.0' gem 'async-io', '1.28.0' gem 'async-pool', '0.2.0' gem 'bigdecimal' +gem 'date', '~> 3.2.1' gem 'did_you_mean', '1.3.0' gem 'ext_monitor', '0.1.2' -gem 'json', '2.6.0' +gem 'json', '2.6.1' gem 'logger', '1.3.0' gem 'matrix', '0.1.0' gem 'mutex_m', '0.1.0' @@ -20,7 +21,7 @@ gem 'protocol-hpack', '1.4.1' gem 'protocol-http', '0.21.0' gem 'protocol-http1', '0.13.0' gem 'protocol-http2', '0.14.0' -gem 'rdoc', '>= 6.3.2' +gem 'rdoc', '>= 6.3.3' gem 'rexml', '3.2.5' gem 'rss', '0.2.7' gem 'sync', '0.5.0' @@ -28,6 +29,6 @@ gem 'thwait' gem 'unf_ext' gem 'xmlrpc', '0.3.0' gem 'webrick' -gem 'bundler', '>= 2.2.30' +gem 'bundler', '>= 2.2.32' gem 'rake', '13.0.6' gem 'resolv', '0.2.1' diff --git a/base-image/basegems/Gemfile.lock b/base-image/basegems/Gemfile.lock index 951bfdca..6485d8ff 100644 --- a/base-image/basegems/Gemfile.lock +++ b/base-image/basegems/Gemfile.lock @@ -17,14 +17,15 @@ GEM async-pool (0.2.0) async (~> 1.8) bigdecimal (3.0.2) - console (1.13.1) + console (1.14.0) fiber-local + date (3.2.2) did_you_mean (1.3.0) e2mmap (0.1.0) ext_monitor (0.1.2) fiber-local (1.0.0) forwardable (1.3.2) - json (2.6.0) + json (2.6.1) logger (1.3.0) matrix (0.1.0) mutex_m (0.1.0) @@ -43,7 +44,7 @@ GEM protocol-hpack (~> 1.4) protocol-http (~> 0.18) rake (13.0.6) - rdoc (6.3.2) + rdoc (6.3.3) resolv (0.2.1) rexml (3.2.5) rss (0.2.7) @@ -66,9 +67,10 @@ DEPENDENCIES async-pool (= 0.2.0) bigdecimal bundler (>= 2.2.30) + date (>= 3.2.1) did_you_mean (= 1.3.0) ext_monitor (= 0.1.2) - json (= 2.6.0) + json (= 2.6.1) logger (= 1.3.0) matrix (= 0.1.0) mutex_m (= 0.1.0) @@ -82,7 +84,7 @@ DEPENDENCIES protocol-http1 (= 0.13.0) protocol-http2 (= 0.14.0) rake (= 13.0.6) - rdoc (>= 6.3.2) + rdoc (>= 6.3.3) resolv (= 0.2.1) rexml (= 3.2.5) rss (= 0.2.7) @@ -93,4 +95,4 @@ DEPENDENCIES xmlrpc (= 0.3.0) BUNDLED WITH - 2.2.30 + 2.2.32