You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/steep/Gemfile.lock
Active Support version is listed as vulnerable to CVE-2023-22796
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/package-lock.json
semver version is listed as vulnerable to CVE-2022-25883
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/package-lock.json
minimatch version is listed as vulnerable to CVE-2022-3517
can you upgrade these libraries?
The text was updated successfully, but these errors were encountered:
@simonsteiner1984 I believe these may be part of the Ruby install itself, and not directly included in Chef or related/dependent projects. Looking at an upgrade to Ruby 3.1.4 for an upcoming release for other CVEs and these should also be included in that upgrade if the 3.1.4 install I have is any indication.
Install chef-18.4.12-1.el9.x86_64.rpm
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/rbs-2.1.0/steep/Gemfile.lock
Active Support version is listed as vulnerable to CVE-2023-22796
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/package-lock.json
semver version is listed as vulnerable to CVE-2022-25883
view file /opt/chef/embedded/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/package-lock.json
minimatch version is listed as vulnerable to CVE-2022-3517
can you upgrade these libraries?
The text was updated successfully, but these errors were encountered: