From 502a18a82e91632b8baf41fd7dd5bb60ff66d84a Mon Sep 17 00:00:00 2001 From: Andy Tinkham Date: Wed, 12 Jul 2023 18:41:06 -0500 Subject: [PATCH] Update bundler to 2.2.33 Signed-off-by: Andy Tinkham --- CHANGELOG.md | 5 +++++ Dockerfile.fpm | 2 +- ci/coverage-report-generator/Gemfile.lock | 2 +- ci/coverage-report-generator/run.sh | 2 +- docs/Dockerfile | 2 +- gems/policy-parser/Dockerfile.test | 2 +- gems/policy-parser/conjur-policy-parser.gemspec | 2 +- 7 files changed, 11 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e7fe7c5e6..e25f90ccc8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Nothing should go in this section, please add to the latest unreleased version (and update the corresponding date), or add a new version. +## [1.19.3.1] - 2023-07-12 +### Security +- Update bundler to 2.2.33 to remove CVE-2021-43809 + [cyberark/conjur#2804](https://github.com/cyberark/conjur/pull/2804/files) + ## [1.19.3] - 2023-04-17 ### Added diff --git a/Dockerfile.fpm b/Dockerfile.fpm index c0a3c6cb9e..ca25aa6995 100644 --- a/Dockerfile.fpm +++ b/Dockerfile.fpm @@ -5,7 +5,7 @@ RUN apt-get update -y && \ apt-get install -y zlib1g-dev \ liblzma-dev -ENV BUNDLER_VERSION 2.2.30 +ENV BUNDLER_VERSION 2.2.33 RUN gem install --no-document bundler:$BUNDLER_VERSION fpm RUN mkdir -p /src/opt/conjur/project diff --git a/ci/coverage-report-generator/Gemfile.lock b/ci/coverage-report-generator/Gemfile.lock index 46c55ec7fd..73a8ef94c8 100644 --- a/ci/coverage-report-generator/Gemfile.lock +++ b/ci/coverage-report-generator/Gemfile.lock @@ -17,4 +17,4 @@ DEPENDENCIES simplecov_json_formatter (= 0.1.4) BUNDLED WITH - 2.2.30 + 2.2.33 diff --git a/ci/coverage-report-generator/run.sh b/ci/coverage-report-generator/run.sh index 93abbd17ea..81793ed096 100755 --- a/ci/coverage-report-generator/run.sh +++ b/ci/coverage-report-generator/run.sh @@ -7,7 +7,7 @@ set -xeu IMAGE="ruby:3.0" -BUNDLER_VERSION="2.2.30" +BUNDLER_VERSION="2.2.33" REPO_ROOT=$(git rev-parse --show-toplevel) diff --git a/docs/Dockerfile b/docs/Dockerfile index 5eef693a5d..fa474d1f2f 100644 --- a/docs/Dockerfile +++ b/docs/Dockerfile @@ -2,7 +2,7 @@ FROM jekyll/jekyll:4.0 ADD Gemfile Gemfile.lock /srv/jekyll/ -ENV BUNDLER_VERSION 2.2.30 +ENV BUNDLER_VERSION 2.2.33 RUN gem install bundler -v $BUNDLER_VERSION RUN bundle --without development diff --git a/gems/policy-parser/Dockerfile.test b/gems/policy-parser/Dockerfile.test index 9b7d802e50..c5ac281ed0 100644 --- a/gems/policy-parser/Dockerfile.test +++ b/gems/policy-parser/Dockerfile.test @@ -8,6 +8,6 @@ COPY conjur-policy-parser.gemspec conjur-policy-parser.gemspec COPY lib/conjur-policy-parser-version.rb lib/conjur-policy-parser-version.rb # Make sure the expected version of Bundler is available -ENV BUNDLER_VERSION=2.2.30 +ENV BUNDLER_VERSION=2.2.33 RUN gem install bundler -v ${BUNDLER_VERSION} && \ bundle install diff --git a/gems/policy-parser/conjur-policy-parser.gemspec b/gems/policy-parser/conjur-policy-parser.gemspec index 2e8c5d09cd..f727996d7b 100644 --- a/gems/policy-parser/conjur-policy-parser.gemspec +++ b/gems/policy-parser/conjur-policy-parser.gemspec @@ -14,7 +14,7 @@ Gem::Specification.new do |spec| spec.add_dependency("activesupport", ">= 4.2") spec.add_dependency("safe_yaml") - spec.add_development_dependency("bundler", "~> 2.2.30") + spec.add_development_dependency("bundler", "~> 2.2.33") spec.add_development_dependency("ci_reporter_rspec") spec.add_development_dependency("deepsort") spec.add_development_dependency("pry")