Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2017-8418] - updating rubocop dependency. #7

Merged
merged 2 commits into from
Dec 21, 2017
Merged

[CVE-2017-8418] - updating rubocop dependency. #7

merged 2 commits into from
Dec 21, 2017

Conversation

majormoses
Copy link
Member

Close security vulnerability by updating rubocop dependency.

removed ruby < 2.1 support and testing:

Bundler could not find compatible versions for gem "ruby":
  In Gemfile:
    ruby
    bundler (~> 1.7) was resolved to 1.16.0, which depends on
      ruby (>= 1.8.7)
    pry (~> 0.10) was resolved to 0.11.3, which depends on
      ruby (>= 1.9.3)
    rubocop (~> 0.51.0) was resolved to 0.51.0, which depends on
      ruby (>= 2.1.0)
    sensu-plugins-ansible was resolved to 1.0.0, which depends on
      ruby (>= 2.0.0)

changelog location updates

Signed-off-by: Ben Abrams [email protected]

Pull Request Checklist

sensu-plugins/community#77

General

  • Update Changelog following the conventions laid out on Keep A Changelog

  • Update README with any necessary configuration snippets

  • Binstubs are created if needed

  • RuboCop passes

  • Existing tests pass

Purpose

Resolve CVE (see parent issue for details)

Known Compatibility Issues

Requires ruby 2.1 or greater

@majormoses majormoses self-assigned this Nov 20, 2017
@majormoses majormoses requested a review from eheydrick November 20, 2017 21:36
@majormoses
[CVE-2017-8418] - updating rubocop dependency.
3d7ac69 
Close security vulnerability by updating rubocop dependency.

removed ruby < 2.1 support and testing:
```
Bundler could not find compatible versions for gem "ruby":
  In Gemfile:
    ruby
    bundler (~> 1.7) was resolved to 1.16.0, which depends on
      ruby (>= 1.8.7)
    pry (~> 0.10) was resolved to 0.11.3, which depends on
      ruby (>= 1.9.3)
    rubocop (~> 0.51.0) was resolved to 0.51.0, which depends on
      ruby (>= 2.1.0)
    sensu-plugins-ansible was resolved to 1.0.0, which depends on
      ruby (>= 2.0.0)
```

changelog location updates

Signed-off-by: Ben Abrams <[email protected]>
@eheydrick
Copy link
Contributor

We should update the version in the skel so that new plugins get the newer rubocop out of the gate.

@majormoses
Copy link
Member Author

Double checked and it is locked at ~> 0.49.0 so it is not vulnerable but we should update anyways: https://github.com/sensu-plugins/sensu-plugins-skel/blob/master/sensu-plugins-skel.gemspec#L37

@majormoses majormoses merged commit ad6677b into master Dec 21, 2017
@majormoses
Copy link
Member Author

released: https://rubygems.org/gems/sensu-plugins-apache/versions/2.0.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eheydrick eheydrick eheydrick approved these changes

Assignees

@majormoses majormoses

Labels
Status: Needs Review Type: Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@majormoses @eheydrick