[CVE-2017-17042] update vulnerable yard dependency

majormoses · majormoses · commit 2c69ce33c0a3 · 2018-03-27T12:21:13.000-07:00
Signed-off-by: Ben Abrams &lt;me@benabrams.it&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,9 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins
 
 ## [Unreleased]
 
+### Security
+- updated yard dependency to `~> 0.9.11` per: https://nvd.nist.gov/vuln/detail/CVE-2017-17042 (@majormoses)
+
 ## [2.8.3] - 2018-03-14
 ### Fixed
 - `metrics-curl.rb`: fix shell quoting problem at execution and parse correctly curl metrics on non-C locale. (@multani)
diff --git a/sensu-plugins-http.gemspec b/sensu-plugins-http.gemspec
@@ -53,5 +53,5 @@ Gem::Specification.new do |s| # rubocop:disable Metrics/BlockLength
   s.add_development_dependency 'rubocop',                   '~> 0.51.0'
   # intentionally locked as 1.17 requires ruby 2.3+
   s.add_development_dependency 'test-kitchen',              '~> 1.16.0'
-  s.add_development_dependency 'yard',                      '~> 0.8'
+  s.add_development_dependency 'yard',                      '~> 0.9.11'
 end
