Merge pull request #37 from github/jhongturney/gem-bumps-rexml-vuln

Gem bumps rexml vuln

Author: jhongturney

.github/workflows/integration-test.yml

@@ -0,0 +1,47 @@
+name: Integration Tests
+on: [pull_request, workflow_dispatch]
+permissions:
+  contents: read
+jobs:
+  integration-4_10_4:
+    name: Integration Tests (Puppet 4.10.4)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run Integration Tests
+        run: |
+          bundle exec rake octofacts:spec:octofacts_integration
+          local_integration_rspec=$?
+          if [ "$local_integration_rspec" -ne 0 ]; then
+            exit 1
+          else
+            exit 0
+          fi
+    environment:
+      RSPEC_PUPPET_VERSION="2.6.15"
+      PUPPET_VERSION="4.10.4"
+  integration-7_30_0:
+    name: Integration Tests (Puppet 7.30.0)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run Integration Tests
+        run: |
+          bundle exec rake octofacts:spec:octofacts_integration
+          local_integration_rspec=$?
+          if [ "$local_integration_rspec" -ne 0 ]; then
+            exit 1
+          else
+            exit 0
+          fi
+    environment:
+      RSPEC_PUPPET_VERSION="3.0.0"
+      PUPPET_VERSION="7.30.0"

.github/workflows/lint-and-test.yaml

@@ -0,0 +1,17 @@
+name: Lint (Rubocop)
+on: [pull_request, workflow_dispatch]
+permissions:
+  contents: read
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
+      - name: Install dependencies
+        run: |
+          bundle install --jobs 4 --retry 3
+      - name: Lint with Rubocop
+        run: |
+          bundle exec rubocop --parallel

.github/workflows/lint.yaml

@@ -0,0 +1,19 @@
+name: Spec Tests (Rspec)
+on: [pull_request, workflow_dispatch]
+permissions:
+  contents: read
+jobs:
+  octofacts-rspec:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
+      - name: Install dependencies
+        run: |
+          bundle install --jobs 4 --retry 3
+      - name: Test octofacts
+        run: |
+          bundle exec rake octofacts:spec:octofacts
+      - name: Test octofacts_updater
+        run: |
+          bundle exec rake octofacts:spec:octofacts_updater

.github/workflows/spec-tests.yml

@@ -1 +1 @@
-0.5.1
+0.6.0

.travis.yml

@@ -14,6 +14,6 @@ group :development do
   gem "simplecov-json", "~> 0.2"
 
   # Integration test
-  gem "puppet", "~> #{ENV['PUPPET_VERSION'] || '6.25.1'}"
-  gem "rspec-puppet", "~> #{ENV['RSPEC_PUPPET_VERSION'] || '2.6.2'}"
+  gem "puppet", "~> #{ENV['PUPPET_VERSION'] || '7.30.0'}"
+  gem "rspec-puppet", "~> #{ENV['RSPEC_PUPPET_VERSION'] || '3.0.0'}"
 end

.version

@@ -1,8 +1,8 @@
 PATH
   remote: .
   specs:
-    octofacts (0.5.1)
-    octofacts-updater (0.5.1)
+    octofacts (0.6.0)
+    octofacts-updater (0.6.0)
       diffy (>= 3.1.0)
       net-ssh (>= 2.9)
       octocatalog-diff (>= 2.1.0)
@@ -11,141 +11,151 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.1.3.2)
+    activesupport (7.2.0)
       base64
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      tzinfo (~> 2.0)
-    addressable (2.8.6)
-      public_suffix (>= 2.0.2, < 6.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.2)
     base64 (0.2.0)
-    bigdecimal (3.1.7)
+    bigdecimal (3.1.8)
     coderay (1.1.3)
-    concurrent-ruby (1.2.3)
+    concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
+    csv (3.3.0)
     deep_merge (1.2.2)
     diff-lcs (1.5.1)
     diffy (3.4.2)
-    docile (1.4.0)
+    docile (1.4.1)
     drb (2.2.1)
     facter (4.6.1)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
-    faraday (2.8.1)
-      base64
-      faraday-net_http (>= 2.0, < 3.1)
-      ruby2_keywords (>= 0.0.4)
-    faraday-net_http (3.0.2)
-    fast_gettext (1.8.0)
-    hashdiff (1.1.0)
+    faraday (2.10.1)
+      faraday-net_http (>= 2.0, < 3.2)
+      logger
+    faraday-net_http (3.1.1)
+      net-http
+    fast_gettext (2.4.0)
+      prime
+    forwardable (1.3.3)
+    hashdiff (1.1.1)
     hiera (3.12.0)
     hocon (1.4.0)
-    httparty (0.21.0)
+    httparty (0.22.0)
+      csv
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    httpclient (2.8.3)
-    i18n (1.14.4)
+    i18n (1.14.5)
       concurrent-ruby (~> 1.0)
-    json (2.7.1)
+    json (2.7.2)
     language_server-protocol (3.17.0.3)
     locale (2.1.4)
-    method_source (1.0.0)
+    logger (1.6.0)
+    method_source (1.1.0)
     mini_mime (1.1.5)
-    minitest (5.22.3)
+    minitest (5.24.1)
     multi_json (1.15.0)
-    multi_xml (0.6.0)
-    mutex_m (0.2.0)
-    net-ssh (7.2.1)
+    multi_xml (0.7.1)
+      bigdecimal (~> 3.1)
+    net-http (0.4.1)
+      uri
+    net-ssh (7.2.3)
     octocatalog-diff (2.1.0)
       diffy (>= 3.1.0)
       hashdiff (>= 0.3.0)
       httparty (>= 0.11.0)
       parallel (>= 1.12.0)
       rugged (>= 0.25.0b2)
-    octokit (8.1.0)
-      base64
+    octokit (9.1.0)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
     parallel (1.12.0)
-    parser (3.3.0.5)
+    parser (3.3.4.2)
       ast (~> 2.4.1)
       racc
+    prime (0.1.2)
+      forwardable
+      singleton
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (5.0.4)
-    puppet (6.25.1)
+    public_suffix (6.0.1)
+    puppet (7.30.0)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
       facter (> 2.0.1, < 5)
-      fast_gettext (~> 1.1)
+      fast_gettext (>= 1.1, < 3)
       hiera (>= 3.2.1, < 4)
-      httpclient (~> 2.8)
       locale (~> 2.1)
       multi_json (~> 1.10)
       puppet-resource_api (~> 1.5)
+      scanf (~> 1.0)
       semantic_puppet (~> 1.0)
     puppet-resource_api (1.9.0)
       hocon (>= 1.0)
-    racc (1.7.3)
-    rack (3.0.10)
+    racc (1.8.1)
+    rack (3.1.7)
     rainbow (3.1.1)
     rake (12.3.3)
-    regexp_parser (2.9.0)
-    rexml (3.3.0)
+    regexp_parser (2.9.2)
+    rexml (3.3.5)
       strscan
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
     rspec-core (3.13.0)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.0)
+    rspec-expectations (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.0)
+    rspec-mocks (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-puppet (2.6.15)
+    rspec-puppet (3.0.0)
       rspec
     rspec-support (3.13.1)
-    rubocop (1.62.1)
+    rubocop (1.65.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
+      regexp_parser (>= 2.4, < 3.0)
       rexml (>= 3.2.5, < 4.0)
       rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.31.2)
-      parser (>= 3.3.0.4)
+    rubocop-ast (1.32.0)
+      parser (>= 3.3.1.0)
     rubocop-github (0.20.0)
       rubocop (>= 1.37)
       rubocop-performance (>= 1.15)
       rubocop-rails (>= 2.17)
-    rubocop-performance (1.20.2)
+    rubocop-performance (1.21.1)
       rubocop (>= 1.48.1, < 2.0)
-      rubocop-ast (>= 1.30.0, < 2.0)
-    rubocop-rails (2.24.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rails (2.25.1)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
     ruby-progressbar (1.13.0)
-    ruby2_keywords (0.0.5)
     rugged (1.7.2)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
+    scanf (1.0.0)
+    securerandom (0.3.1)
     semantic_puppet (1.1.0)
     simplecov (0.22.0)
       docile (~> 1.1)
@@ -156,11 +166,13 @@ GEM
       json
       simplecov
     simplecov_json_formatter (0.1.4)
+    singleton (0.2.0)
     strscan (3.1.0)
     thor (1.3.1)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.5.0)
+    uri (0.13.0)
 
 PLATFORMS
   ruby
@@ -170,9 +182,9 @@ DEPENDENCIES
   octofacts-updater!
   parallel (= 1.12.0)
   pry (~> 0.14)
-  puppet (~> 6.25.1)
+  puppet (~> 7.30.0)
   rake (~> 12.3)
-  rspec-puppet (~> 2.6.2)
+  rspec-puppet (~> 3.0.0)
   rubocop-github (~> 0.20.0)
   simplecov (>= 0.14.1)
   simplecov-json (~> 0.2)

Gemfile

@@ -22,7 +22,7 @@ EOS
   ].flatten
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = ">= 2.5.0"
+  spec.required_ruby_version = ">= 2.7.0"
   spec.add_dependency "diffy", ">= 3.1.0"
   spec.add_dependency "octocatalog-diff", ">= 2.1.0"
   spec.add_dependency "octokit", ">= 4.2.0"

Gemfile.lock

@@ -17,5 +17,5 @@ EOS
   spec.files         = [Dir.glob("lib/octofacts/**/*.rb"), "lib/octofacts.rb", ".version"].flatten
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = ">= 2.5.0"
+  spec.required_ruby_version = ">= 2.7.0"
 end