From 834baee4f273b947e45cef8383e53f23dc794d27 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 8 Jun 2022 02:45:39 +0000 Subject: [PATCH] fix: pkgs/tools/security/metasploit/Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-JMESPATH-2859799 --- pkgs/tools/security/metasploit/Gemfile.lock | 206 +++++++++++--------- 1 file changed, 111 insertions(+), 95 deletions(-) diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock index 7142983f98cc2..5d1b4ad0557a2 100644 --- a/pkgs/tools/security/metasploit/Gemfile.lock +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -89,7 +89,7 @@ GIT GEM remote: https://rubygems.org/ specs: - Ascii85 (1.0.3) + Ascii85 (1.1.0) actionpack (4.2.11.3) actionview (= 4.2.11.3) activesupport (= 4.2.11.3) @@ -115,48 +115,48 @@ GEM minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) afm (0.2.2) arel (6.0.4) - arel-helpers (2.11.0) - activerecord (>= 3.1.0, < 7) - aws-eventstream (1.1.0) - aws-partitions (1.319.0) - aws-sdk-core (3.96.1) + arel-helpers (2.14.0) + activerecord (>= 3.1.0, < 8) + aws-eventstream (1.2.0) + aws-partitions (1.597.0) + aws-sdk-core (3.131.1) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.239.0) + aws-partitions (~> 1, >= 1.525.0) aws-sigv4 (~> 1.1) - jmespath (~> 1.0) - aws-sdk-ec2 (1.162.0) - aws-sdk-core (~> 3, >= 3.71.0) + jmespath (~> 1, >= 1.6.1) + aws-sdk-ec2 (1.317.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-iam (1.37.0) - aws-sdk-core (~> 3, >= 3.71.0) + aws-sdk-iam (1.68.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.31.0) - aws-sdk-core (~> 3, >= 3.71.0) + aws-sdk-kms (1.57.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.66.0) - aws-sdk-core (~> 3, >= 3.96.1) + aws-sdk-s3 (1.114.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sdk-kms (~> 1) - aws-sigv4 (~> 1.1) - aws-sigv4 (1.1.3) - aws-eventstream (~> 1.0, >= 1.0.2) + aws-sigv4 (~> 1.4) + aws-sigv4 (1.5.0) + aws-eventstream (~> 1, >= 1.0.2) bcrypt (3.1.12) - bcrypt_pbkdf (1.0.1) - bindata (2.4.7) - bit-struct (0.16) - bson (4.8.2) + bcrypt_pbkdf (1.1.0) + bindata (2.4.10) + bit-struct (0.17) + bson (4.15.0) builder (3.2.4) concurrent-ruby (1.0.5) cookiejar (0.3.3) crass (1.0.6) - daemons (1.3.1) - dnsruby (1.61.3) - addressable (~> 2.5) - ed25519 (1.2.4) - em-http-request (1.1.5) + daemons (1.4.1) + dnsruby (1.61.9) + simpleidn (~> 0.1) + ed25519 (1.3.0) + em-http-request (1.1.7) addressable (>= 2.3.4) cookiejar (!= 0.3.1) em-socksify (>= 0.3) @@ -168,26 +168,28 @@ GEM eventmachine (1.2.7) faker (2.2.1) i18n (>= 0.8) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - faye-websocket (0.10.9) + faraday (2.3.0) + faraday-net_http (~> 2.0) + ruby2_keywords (>= 0.0.4) + faraday-net_http (2.0.3) + faye-websocket (0.11.1) eventmachine (>= 0.12.0) websocket-driver (>= 0.5.1) filesize (0.2.0) hashery (2.1.2) hrr_rb_ssh (0.3.0.pre2) ed25519 (~> 1.2) - http_parser.rb (0.6.0) + http_parser.rb (0.8.0) i18n (0.9.5) concurrent-ruby (~> 1.0) - jmespath (1.4.0) + jmespath (1.6.1) jsobfu (0.4.2) rkelly-remix - json (2.3.0) - loofah (2.5.0) + json (2.6.2) + loofah (2.18.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - metasm (1.0.4) + metasm (1.0.5) metasploit-concern (2.0.5) activemodel (~> 4.2.6) activesupport (~> 4.2.6) @@ -218,29 +220,30 @@ GEM railties (~> 4.2.6) recog (~> 2.0) metasploit_payloads-mettle (0.5.21) - mini_portile2 (2.4.0) - minitest (5.14.1) + mini_portile2 (2.8.0) + minitest (5.15.0) mqtt (0.5.0) - msgpack (1.3.3) - multipart-post (2.1.1) + msgpack (1.5.2) nessus_rest (0.1.6) - net-ldap (0.16.2) - net-ssh (6.0.2) + net-ldap (0.17.1) + net-ssh (6.1.0) network_interface (0.0.2) - nexpose (7.2.1) - nokogiri (1.10.9) - mini_portile2 (~> 2.4.0) - octokit (4.18.0) - faraday (>= 0.9) - sawyer (~> 0.8.0, >= 0.5.3) + nexpose (7.3.0) + nokogiri (1.13.6) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) + octokit (4.24.0) + faraday (>= 1, < 3) + sawyer (~> 0.9) openssl-ccm (1.2.2) + openssl-cmac (2.0.1) openvas-omp (0.0.4) packetfu (1.1.13) pcaprub patch_finder (1.0.2) - pcaprub (0.13.0) - pdf-reader (2.4.0) - Ascii85 (~> 1.0.0) + pcaprub (0.13.1) + pdf-reader (2.10.0) + Ascii85 (~> 1.0) afm (~> 0.2.1) hashery (~> 2.0) ruby-rc4 @@ -251,117 +254,130 @@ GEM activerecord (~> 4.0) arel (>= 4.0.1) pg_array_parser (~> 0.0.9) - public_suffix (4.0.5) + public_suffix (4.0.7) + racc (1.6.0) rack (1.6.13) rack-protection (1.5.5) rack rack-test (0.6.3) rack (>= 1.0) - rails-deprecated_sanitizer (1.0.3) + rails-deprecated_sanitizer (1.0.4) activesupport (>= 4.2.0.alpha) rails-dom-testing (1.0.9) activesupport (>= 4.2.0, < 5.0) nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.2) loofah (~> 2.3) railties (4.2.11.3) actionpack (= 4.2.11.3) activesupport (= 4.2.11.3) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (13.0.1) + rake (13.0.6) rb-readline (0.5.5) - recog (2.3.7) + recog (2.3.23) nokogiri - redcarpet (3.5.0) - rex-arch (0.1.13) + redcarpet (3.5.1) + rex-arch (0.1.14) rex-text - rex-bin_tools (0.1.6) + rex-bin_tools (0.1.8) metasm rex-arch rex-core rex-struct2 rex-text - rex-core (0.1.13) - rex-encoder (0.1.4) + rex-core (0.1.28) + rex-encoder (0.1.6) metasm rex-arch rex-text - rex-exploitation (0.1.24) + rex-exploitation (0.1.30) jsobfu metasm rex-arch rex-encoder rex-text - rex-java (0.1.5) - rex-mime (0.1.5) + rexml + rex-java (0.1.6) + rex-mime (0.1.7) rex-text - rex-nop (0.1.1) + rex-nop (0.1.2) rex-arch - rex-ole (0.1.6) + rex-ole (0.1.7) rex-text - rex-powershell (0.1.87) + rex-powershell (0.1.96) rex-random_identifier rex-text ruby-rc4 - rex-random_identifier (0.1.4) + rex-random_identifier (0.1.8) rex-text - rex-registry (0.1.3) - rex-rop_builder (0.1.3) + rex-registry (0.1.4) + rex-rop_builder (0.1.4) metasm rex-core rex-text - rex-socket (0.1.23) + rex-socket (0.1.39) rex-core - rex-sslscan (0.1.5) + rex-sslscan (0.1.7) rex-core rex-socket rex-text - rex-struct2 (0.1.2) - rex-text (0.2.26) - rex-zip (0.1.3) + rex-struct2 (0.1.3) + rex-text (0.2.37) + rex-zip (0.1.4) rex-text + rexml (3.2.5) rkelly-remix (0.0.7) - ruby-macho (2.2.0) + ruby-macho (3.0.0) ruby-rc4 (0.1.5) - ruby_smb (1.1.0) + ruby2_keywords (0.0.5) + ruby_smb (3.1.3) bindata + openssl-ccm + openssl-cmac rubyntlm - windows_error - rubyntlm (0.6.2) - rubyzip (2.3.0) - sawyer (0.8.2) + windows_error (>= 0.1.4) + rubyntlm (0.6.3) + rubyzip (2.3.2) + sawyer (0.9.2) addressable (>= 2.3.5) - faraday (> 0.8, < 2.0) + faraday (>= 0.17.3, < 3) + simpleidn (0.2.1) + unf (~> 0.1.4) sinatra (1.4.8) rack (~> 1.5) rack-protection (~> 1.4) tilt (>= 1.3, < 3) sqlite3 (1.4.2) sshkey (2.0.0) - thin (1.7.2) + thin (1.8.1) daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) - thor (1.0.1) + thor (1.2.1) thread_safe (0.3.6) tilt (2.0.10) - ttfunk (1.6.2.1) - tzinfo (1.2.7) + ttfunk (1.7.0) + tzinfo (1.2.9) thread_safe (~> 0.1) - tzinfo-data (1.2020.1) + tzinfo-data (1.2022.1) tzinfo (>= 1.0.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.8.2) warden (1.2.7) rack (>= 1.0) - websocket-driver (0.7.1) + webrick (1.7.0) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.4) - windows_error (0.1.2) - xdr (2.0.0) - activemodel (>= 4.2.7) - activesupport (>= 4.2.7) - xmlrpc (0.3.0) + websocket-extensions (0.1.5) + windows_error (0.1.4) + xdr (3.0.3) + activemodel (>= 4.2, < 8.0) + activesupport (>= 4.2, < 8.0) + xmlrpc (0.3.2) + webrick PLATFORMS ruby