From 2fb146bde5a0f203279af10574abcd607a70bca3 Mon Sep 17 00:00:00 2001 From: Craig Gumbley Date: Thu, 13 Oct 2022 12:31:17 +0100 Subject: [PATCH] (MAINT) Remove version constraint for rake Prior to this commit the version of rake installed with this project was vulnerable to an OS command injection attach. The CVE ID for this is: CVE-2020-8130 This commit fixes the above by removing the version constraint and ensuring that the latest version of rake is always pulled. --- Gemfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index c468631d..064d9e38 100644 --- a/Gemfile +++ b/Gemfile @@ -24,10 +24,10 @@ group :development do gem 'pry', require: false gem 'pry-byebug', require: false - gem 'pry-stack_explorer', require: false + gem 'pry-stack_explorer', require: false gem 'puppetlabs_spec_helper' - - gem 'rake', '~> 10.0' + + gem 'rake' gem 'rspec', '~> 3.1' gem 'rspec-its', '~> 1.0' gem 'rubocop', '~> 1.6.1', require: false