CHEF-15132-Updated Libraries having CVEs for upcoming WS release (#3283)

* updated libxml2 and libarchive and gems Signed-off-by: nikhil2611 <[email protected]> * added git-windows 2.47.0 Signed-off-by: nikhil2611 <[email protected]> * fixing the rdoc CVE Signed-off-by: nikhil2611 <[email protected]> * fixing the gemfile.lock issues Signed-off-by: nikhil2611 <[email protected]> * trying to update curl to 8.6.0 Signed-off-by: nikhil2611 <[email protected]> * updated the signing_identity and keypair_alias for windows Signed-off-by: nikhil2611 <[email protected]> * reverted back the curl version to 8.4.0 Signed-off-by: nikhil2611 <[email protected]> * updated the omnibus-sw and chef-cli gem versions to latest Signed-off-by: nikhil2611 <[email protected]> * reverted test-kitchen version Signed-off-by: nikhil2611 <[email protected]> * upgrading ruby and ruby-devkit to 3.1.6 Signed-off-by: nikhil2611 <[email protected]> * adding back the ffi Signed-off-by: nikhil2611 <[email protected]> --------- Signed-off-by: nikhil2611 <[email protected]>
chef · Nov 19, 2024 · 99af41a · 99af41a
1 parent 86d1adc
commit 99af41a
Show file tree

Hide file tree

Showing 6 changed files with 218 additions and 203 deletions.
diff --git a/components/gems/Gemfile b/components/gems/Gemfile
@@ -32,6 +32,8 @@ group(:omnibus_package, :development, :test) do
   # The version of ruby/openssl that supports the FIPS mode of OpenSSL 3.0/3.1 is 3.2.0
   # and later, hence pinning the version for openssl.
   gem "openssl", ">= 3.2.0"
+
+  gem "rdoc", "~> 6.4.1" # 6.4.1.1 required for CVE-2024-27281, allow patch upgrades
 end
 
 group(:dep_selector) do