From 91d51b22f53dbb8e1cdbfe63ab8436eb3c4e1db4 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 24 Aug 2024 01:19:55 +0000
Subject: [PATCH] fix: Gemfile & Gemfile.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-REXML-7814166
---
 Gemfile      |   2 +-
 Gemfile.lock | 138 +++++++++++++++++++++++++++------------------------
 2 files changed, 74 insertions(+), 66 deletions(-)

diff --git a/Gemfile b/Gemfile
index 23c5819..3304354 100644
--- a/Gemfile
+++ b/Gemfile
@@ -24,7 +24,7 @@ group :development do
   gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0',     require: false, platforms: [:ruby]
   gem "puppet-module-win-default-r#{minor_version}", '~> 1.0',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
   gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0',       require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "bolt", "~> 3.24", ">= 3.24.0", require: false
+  gem "bolt", "~> 3.25", ">= 3.25.0", require: false
   gem "github_changelog_generator", '~> 1.15',                   require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')
 end
 group :system_tests do
diff --git a/Gemfile.lock b/Gemfile.lock
index 6dd868b..d12805d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,15 +1,18 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (2.3.6)
+    CFPropertyList (3.0.7)
+      base64
+      nkf
+      rexml
     activesupport (6.1.4.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
       zeitwerk (~> 2.3)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     ansi (1.5.0)
     ast (2.4.2)
     async (1.30.1)
@@ -31,22 +34,23 @@ GEM
     async-pool (0.3.9)
       async (>= 1.25)
     awesome_print (1.9.2)
-    aws-eventstream (1.2.0)
-    aws-partitions (1.609.0)
-    aws-sdk-core (3.131.3)
-      aws-eventstream (~> 1, >= 1.0.2)
-      aws-partitions (~> 1, >= 1.525.0)
-      aws-sigv4 (~> 1.1)
+    aws-eventstream (1.3.0)
+    aws-partitions (1.968.0)
+    aws-sdk-core (3.201.5)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.651.0)
+      aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ec2 (1.323.0)
-      aws-sdk-core (~> 3, >= 3.127.0)
-      aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.5.1)
+    aws-sdk-ec2 (1.470.0)
+      aws-sdk-core (~> 3, >= 3.201.0)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.9.1)
       aws-eventstream (~> 1, >= 1.0.2)
+    base64 (0.2.0)
     bcrypt_pbkdf (1.1.0)
-    bindata (2.4.10)
-    bolt (3.24.0)
-      CFPropertyList (~> 2.2)
+    bindata (2.5.0)
+    bolt (3.30.0)
+      CFPropertyList (>= 2.2)
       addressable (~> 2.5)
       aws-sdk-ec2 (~> 1)
       concurrent-ruby (~> 1.0)
@@ -55,29 +59,29 @@ GEM
       jwt (~> 2.2)
       logging (~> 2.2)
       minitar (~> 0.6)
-      net-scp (~> 1.2)
-      net-ssh (>= 4.0, < 7.0)
+      net-scp (>= 1.2, < 5.0)
+      net-ssh (>= 4.0, < 8.0)
       net-ssh-krb (~> 0.5)
       orchestrator_client (~> 0.5)
       puppet (>= 6.18.0)
       puppet-resource_api (>= 1.8.1)
-      puppet-strings (~> 2.3)
-      puppetfile-resolver (~> 0.5)
+      puppet-strings (>= 2.3.0, < 5.0)
+      puppetfile-resolver (>= 0.6.2, < 1.0)
       r10k (~> 3.10)
       ruby_smb (~> 1.0)
       terminal-table (~> 3.0)
       winrm (~> 2.0)
       winrm-fs (~> 1.3)
-    builder (3.2.4)
+    builder (3.3.0)
     codecov (0.6.0)
       simplecov (>= 0.15, < 0.22)
     coderay (1.1.3)
     colored2 (3.1.2)
-    concurrent-ruby (1.1.10)
-    connection_pool (2.2.5)
+    concurrent-ruby (1.3.4)
+    connection_pool (2.4.1)
     console (1.13.1)
       fiber-local
-    cri (2.15.11)
+    cri (2.15.12)
     deep_merge (1.2.2)
     dependency_checker (0.2.0)
       parallel
@@ -92,31 +96,32 @@ GEM
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     ed25519 (1.2.4)
-    erubi (1.10.0)
+    erubi (1.13.0)
     excon (0.92.4)
-    facter (4.2.10)
+    facter (4.8.0)
       hocon (~> 1.3)
-      thor (>= 1.0.1, < 2.0)
+      thor (>= 1.0.1, < 1.3)
     facterdb (1.12.0)
       facter (< 5.0.0)
       jgrep
-    faraday (0.17.5)
+    faraday (0.17.6)
       multipart-post (>= 1.2, < 3)
     faraday-http-cache (2.2.0)
       faraday (>= 0.8)
     faraday_middleware (0.14.0)
       faraday (>= 0.7.4, < 1.0)
     fast_gettext (1.1.2)
-    ffi (1.15.5)
+    ffi (1.17.0)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
     fiber-local (1.0.0)
-    forwardable (1.3.2)
-    gettext (3.4.3)
+    forwardable (1.3.3)
+    gettext (3.4.9)
       erubi
       locale (>= 2.0.5)
       prime
+      racc
       text (>= 1.3.0)
     gettext-setup (0.31)
       fast_gettext (~> 1.1.0)
@@ -136,13 +141,13 @@ GEM
     gyoku (1.4.0)
       builder (>= 2.1.2)
       rexml (~> 3.0)
-    hiera (3.9.0)
-    hiera-eyaml (3.3.0)
+    hiera (3.12.0)
+    hiera-eyaml (3.4.0)
       highline
       optimist
-    highline (2.0.3)
+    highline (2.1.0)
     hirb (0.7.3)
-    hocon (1.3.1)
+    hocon (1.4.0)
     honeycomb-beeline (2.11.0)
       libhoney (>= 1.14.2)
     http (4.4.1)
@@ -160,19 +165,19 @@ GEM
     i18n (1.8.10)
       concurrent-ruby (~> 1.0)
     jgrep (1.5.4)
-    jmespath (1.6.1)
+    jmespath (1.6.2)
     json (2.5.1)
     json-schema (2.8.1)
       addressable (>= 2.4)
-    jwt (2.2.3)
+    jwt (2.7.1)
     libhoney (2.2.0)
       addressable (~> 2.0)
       excon
       http (>= 2.0, < 6.0)
     little-plugger (1.1.4)
-    locale (2.1.3)
+    locale (2.1.4)
     log4r (1.1.10)
-    logging (2.3.1)
+    logging (2.4.0)
       little-plugger (~> 1.1)
       multi_json (~> 1.14)
     metaclass (0.0.4)
@@ -183,29 +188,30 @@ GEM
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2021.1115)
-    minitar (0.9)
+    minitar (0.12.1)
     minitest (5.14.4)
     mocha (1.1.0)
       metaclass (~> 0.0.1)
     molinillo (0.8.0)
     multi_json (1.15.0)
-    multipart-post (2.2.3)
-    net-http-persistent (4.0.1)
+    multipart-post (2.4.1)
+    net-http-persistent (4.0.2)
       connection_pool (~> 2.2)
-    net-scp (1.2.1)
-      net-ssh (>= 2.6.5)
-    net-ssh (6.1.0)
+    net-scp (4.0.0)
+      net-ssh (>= 2.6.5, < 8.0.0)
+    net-ssh (7.2.3)
     net-ssh-krb (0.5.1)
       gssapi (~> 1.3.0)
       net-ssh (>= 2.0)
     net-telnet (0.1.1)
     netrc (0.11.0)
     nio4r (2.5.8)
+    nkf (0.2.0)
     nori (2.6.0)
     octokit (4.21.0)
       faraday (>= 0.9)
       sawyer (~> 0.8.0, >= 0.5.3)
-    optimist (3.0.1)
+    optimist (3.1.0)
     orchestrator_client (0.5.4)
       faraday (~> 0.17.4)
       net-http-persistent
@@ -229,8 +235,8 @@ GEM
     pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (4.0.7)
-    puppet (7.17.0)
+    public_suffix (5.1.1)
+    puppet (7.32.1)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
       facter (> 2.0.1, < 5)
@@ -289,7 +295,7 @@ GEM
     puppet-modulebuilder (0.3.0)
       minitar (~> 0.9)
       pathspec (>= 0.2.1, < 2.0.0)
-    puppet-resource_api (1.8.14)
+    puppet-resource_api (1.9.0)
       hocon (>= 1.0)
     puppet-strings (2.9.0)
       rgen
@@ -313,7 +319,7 @@ GEM
       rspec
       rspec_honeycomb_formatter
       tty-spinner (>= 0.5.0, < 1.0.0)
-    puppetfile-resolver (0.6.1)
+    puppetfile-resolver (0.6.3)
       molinillo (~> 0.6)
       semantic_puppet (~> 1.0)
     puppetlabs_spec_helper (3.0.0)
@@ -322,17 +328,18 @@ GEM
       puppet-lint (~> 2.0)
       puppet-syntax (>= 2.0, < 4)
       rspec-puppet (~> 2.0)
-    r10k (3.15.0)
+    r10k (3.16.2)
       colored2 (= 3.1.2)
       cri (>= 2.15.10)
       fast_gettext (>= 1.1.0, < 3.0.0)
       gettext (>= 3.0.2, < 4.0.0)
-      gettext-setup (~> 0.24)
-      jwt (~> 2.2.3)
+      gettext-setup (>= 0.24, < 2.0.0)
+      jwt (>= 2.2.3, < 2.8.0)
       log4r (= 1.1.10)
       minitar (~> 0.9)
       multi_json (~> 1.10)
-      puppet_forge (>= 2.3.0)
+      puppet_forge (>= 2.3.0, < 4.0.0)
+    racc (1.8.1)
     rainbow (2.2.2)
       rake
     rake (12.3.3)
@@ -344,8 +351,9 @@ GEM
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
     retryable (3.0.5)
-    rexml (3.2.5)
-    rgen (0.9.0)
+    rexml (3.3.6)
+      strscan
+    rgen (0.9.1)
     rspec (3.11.0)
       rspec-core (~> 3.11.0)
       rspec-expectations (~> 3.11.0)
@@ -395,13 +403,14 @@ GEM
       bindata
       rubyntlm
       windows_error
-    rubyntlm (0.6.3)
+    rubyntlm (0.6.5)
+      base64
     rubyzip (2.3.2)
     sawyer (0.8.2)
       addressable (>= 2.3.5)
       faraday (> 0.8, < 2.0)
     scanf (1.0.0)
-    semantic_puppet (1.0.4)
+    semantic_puppet (1.1.0)
     serverspec (2.41.8)
       multi_json
       rspec (~> 3.0)
@@ -416,7 +425,7 @@ GEM
       hirb
       simplecov
     simplecov-html (0.12.3)
-    singleton (0.1.1)
+    singleton (0.2.0)
     spdx-licenses (1.3.0)
     specinfra (2.82.2)
       net-scp
@@ -428,11 +437,12 @@ GEM
       unicode-display_width (~> 1.5)
       unicode_utils (~> 1.4)
     strings-ansi (0.2.0)
+    strscan (3.1.0)
     table_print (1.5.7)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
     text (1.3.1)
-    thor (1.2.1)
+    thor (1.2.2)
     timers (4.3.3)
     tty-cursor (0.7.1)
     tty-pager (0.13.0)
@@ -448,8 +458,7 @@ GEM
     unf_ext (0.0.8.2)
     unicode-display_width (1.8.0)
     unicode_utils (1.4.0)
-    webrick (1.7.0)
-    windows_error (0.1.4)
+    windows_error (0.1.5)
     winrm (2.3.6)
       builder (>= 2.1.2)
       erubi (~> 1.8)
@@ -464,15 +473,14 @@ GEM
       logging (>= 1.6.1, < 3.0)
       rubyzip (~> 2.0)
       winrm (~> 2.0)
-    yard (0.9.28)
-      webrick (~> 1.7.0)
+    yard (0.9.36)
     zeitwerk (2.4.2)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bolt (~> 3.24, >= 3.24.0)
+  bolt (~> 3.25, >= 3.25.0)
   github_changelog_generator (~> 1.15)
   json (~> 2.5)
   puppet