From 57532d2764974d227f65624b31ebf16d420d7ff4 Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 10 Jun 2020 05:36:59 -0700 Subject: [PATCH] Removing prefixout updating gems * Removed prefixout dependency from covalence issue #90 * Updated all gems with bundle update which addressed a few security vulnerabilites. * Updated docs and covalence version to 0.9.8 --- .circleci/config.yml | 12 +- CHANGELOG.md | 11 ++ Gemfile.lock | 127 ++++++++++-------- README.md | 2 - .../core/cli_wrappers/popen_wrapper.rb | 4 +- lib/covalence/version.rb | 2 +- 6 files changed, 85 insertions(+), 73 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5b73517..8dc499c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,10 +8,10 @@ jobs: - image: circleci/ruby:2.5.5 environment: - COVALENCE_VERSION: 0.9.7 - TERRAFORM_VERSION: 0.12.6 + COVALENCE_VERSION: 0.9.8 + TERRAFORM_VERSION: 0.12.26 SOPS_VERSION: 3.3.1 - BUNDLER_VERSION: 1.17.2 + BUNDLER_VERSION: 1.17.3 steps: - checkout @@ -25,11 +25,7 @@ jobs: sudo chmod +x /usr/local/bin/terraform; # Install Sops sudo wget -q "https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux" -O /usr/local/bin/sops - sudo chmod +x /usr/local/bin/sops - # prefixout used in covaelnce for logging output of commands delivered - sudo wget -qO /tmp/prefixout_0.1.0_linux_amd64.zip "https://github.com/unifio/prefixout/releases/download/v0.1.0/prefixout_0.1.0_linux_amd64.zip" && \ - sudo unzip -d /usr/local/bin /tmp/prefixout_0.1.0_linux_amd64.zip && \ - sudo chmod +x /usr/local/bin/prefixout; + sudo chmod +x /usr/local/bin/sops; # Insstall bundler version in Gemlock before install gem install bundler:${BUNDLER_VERSION} # Install gem bundle diff --git a/CHANGELOG.md b/CHANGELOG.md index 6bf8e57..9825047 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.9.8 (Jun 10, 2020) +IMPROVEMENTS: +- Updated all gems to the latest in the Gemfile.lock. + +BACKWARDS INCOMPATIBILITIES: +- Issue [#90](https://github.com/unifio/covalence/issues/90) Removed prefixout dependency from covalence. Directory prefix will no longer be displayed in output. Directory is already output prior to execution. + +FIXES: +- [activesupport](https://github.com/advisories/GHSA-2p68-f74v-9wc6) upgraded activesupport to version 5.2.4.3 or later. +- [nokogiri](https://github.com/advisories/GHSA-7553-jr98-vx47) Upgrade nokogiri to version 1.10.8 or later. + ## 0.9.7 (Sep 14, 2019) IMPROVEMENTS: diff --git a/Gemfile.lock b/Gemfile.lock index 14236d0..660c91d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - covalence (0.9.7) + covalence (0.9.8) activemodel (~> 5.2.0) activesupport (~> 5.2.0) aws-sdk-s3 (~> 1) @@ -19,39 +19,40 @@ PATH GEM remote: https://rubygems.org/ specs: - activemodel (5.2.3) - activesupport (= 5.2.3) - activesupport (5.2.3) + activemodel (5.2.4.3) + activesupport (= 5.2.4.3) + activesupport (5.2.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.6.0) - public_suffix (>= 2.0.2, < 4.0) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) ast (2.4.0) awesome_print (1.8.0) - aws-eventstream (1.0.3) - aws-partitions (1.209.0) - aws-sdk-core (3.66.0) - aws-eventstream (~> 1.0, >= 1.0.2) - aws-partitions (~> 1.0) + aws-eventstream (1.1.0) + aws-partitions (1.327.0) + aws-sdk-core (3.98.0) + aws-eventstream (~> 1, >= 1.0.2) + aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-kms (1.24.0) - aws-sdk-core (~> 3, >= 3.61.1) + aws-sdk-kms (1.33.0) + aws-sdk-core (~> 3, >= 3.71.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.48.0) - aws-sdk-core (~> 3, >= 3.61.1) + aws-sdk-s3 (1.67.1) + aws-sdk-core (~> 3, >= 3.96.1) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) - aws-sigv4 (1.1.0) + aws-sigv4 (1.1.4) aws-eventstream (~> 1.0, >= 1.0.2) axiom-types (0.1.1) descendants_tracker (~> 0.0.4) ice_nine (~> 0.11.0) thread_safe (~> 0.3, >= 0.3.1) backport (1.1.2) - builder (3.2.3) + benchmark (0.1.0) + builder (3.2.4) byebug (10.0.2) ci_reporter (2.0.0) builder (>= 2.1.2) @@ -60,7 +61,7 @@ GEM rspec (>= 2.14, < 4) coercible (1.0.0) descendants_tracker (~> 0.0.1) - concurrent-ruby (1.1.5) + concurrent-ruby (1.1.6) consul_loader (1.0.0) rest-client crack (0.4.3) @@ -73,61 +74,67 @@ GEM domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) dotenv (2.4.0) + e2mmap (0.1.0) equalizer (0.0.11) fabrication (2.20.2) - hashdiff (1.0.0) + hashdiff (1.0.1) hiera (3.4.6) highline (1.7.10) - htmlentities (4.3.4) http-cookie (1.0.3) domain_name (~> 0.5) - i18n (1.6.0) + i18n (1.8.3) concurrent-ruby (~> 1.0) ice_nine (0.11.2) - jaro_winkler (1.5.3) + jaro_winkler (1.5.4) jmespath (1.4.0) json (2.1.0) - kramdown (1.17.0) - mime-types (3.3) + maruku (0.7.3) + mime-types (3.3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2019.0904) + mime-types-data (3.2020.0512) mini_portile2 (2.4.0) - minitest (5.11.3) + minitest (5.14.1) netrc (0.11.0) - nokogiri (1.10.4) + nokogiri (1.10.9) mini_portile2 (~> 2.4.0) - parallel (1.17.0) - parser (2.6.3.0) + parallel (1.19.1) + parser (2.7.1.3) ast (~> 2.4.0) - public_suffix (3.1.1) + public_suffix (4.0.5) rainbow (3.0.0) - rake (12.3.3) + rake (13.0.1) + regexp_parser (1.7.1) rest-client (2.0.2) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) - reverse_markdown (1.1.0) + reverse_markdown (2.0.0) nokogiri - rspec (3.8.0) - rspec-core (~> 3.8.0) - rspec-expectations (~> 3.8.0) - rspec-mocks (~> 3.8.0) - rspec-core (3.8.2) - rspec-support (~> 3.8.0) - rspec-expectations (3.8.4) + rexml (3.2.4) + rspec (3.9.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-core (3.9.2) + rspec-support (~> 3.9.3) + rspec-expectations (3.9.2) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-mocks (3.8.1) + rspec-support (~> 3.9.0) + rspec-mocks (3.9.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-support (3.8.2) - rubocop (0.74.0) - jaro_winkler (~> 1.5.1) + rspec-support (~> 3.9.0) + rspec-support (3.9.3) + rubocop (0.85.1) parallel (~> 1.10) - parser (>= 2.6) + parser (>= 2.7.0.1) rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 1.7) + rexml + rubocop-ast (>= 0.0.3) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 1.7) + unicode-display_width (>= 1.4.0, < 2.0) + rubocop-ast (0.0.3) + parser (>= 2.7.0.1) ruby-progressbar (1.10.1) safe_yaml (1.0.5) semantic (1.6.1) @@ -137,27 +144,29 @@ GEM simplecov-html (~> 0.10.0) simplecov-html (0.10.2) slop (4.6.2) - solargraph (0.35.2) + solargraph (0.39.8) backport (~> 1.1) + benchmark bundler (>= 1.17.2) - htmlentities (~> 4.3, >= 4.3.4) + e2mmap jaro_winkler (~> 1.5) - kramdown (~> 1.16) + maruku (~> 0.7, >= 0.7.3) + nokogiri (~> 1.9, >= 1.9.1) parser (~> 2.3) - reverse_markdown (~> 1.0, >= 1.0.5) + reverse_markdown (>= 1.0.5, < 3) rubocop (~> 0.52) - thor (~> 0.19, >= 0.19.4) + thor (~> 1.0) tilt (~> 2.0) - yard (~> 0.9) - thor (0.20.3) + yard (~> 0.9, >= 0.9.24) + thor (1.0.1) thread_safe (0.3.6) - tilt (2.0.9) - tzinfo (1.2.5) + tilt (2.0.10) + tzinfo (1.2.7) thread_safe (~> 0.1) unf (0.1.4) unf_ext - unf_ext (0.0.7.6) - unicode-display_width (1.6.0) + unf_ext (0.0.7.7) + unicode-display_width (1.7.0) virtus (1.0.5) axiom-types (~> 0.1) coercible (~> 1.0) @@ -167,7 +176,7 @@ GEM addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff - yard (0.9.20) + yard (0.9.25) PLATFORMS ruby diff --git a/README.md b/README.md index cd90cda..aab151a 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,6 @@ $ bin/covalence spec ``` To run the Rspec test locally without container, you will need to install the following: -* prefixout -- https://github.com/WhistleLabs/prefixout * sops -- https://github.com/mozilla/sops ### UAT @@ -502,7 +501,6 @@ You will probably need the following packages installed locally - Terraform - Packer - Sops -- [prefixout](https://github.com/unifio/prefixout/releases) Execute the following to build the gem: diff --git a/lib/covalence/core/cli_wrappers/popen_wrapper.rb b/lib/covalence/core/cli_wrappers/popen_wrapper.rb index d107753..6834470 100644 --- a/lib/covalence/core/cli_wrappers/popen_wrapper.rb +++ b/lib/covalence/core/cli_wrappers/popen_wrapper.rb @@ -77,9 +77,7 @@ def spawn_subprocess(env, run_cmd, # so when the parent dies, child will know to terminate itself. Signal.trap("INT") { logger.info "Trapped Ctrl-c. Disable parent process from exiting, orphaning the child fork below which may or may not work" } wait_thread = nil - prefix=path.gsub(/^\/workspace*/,'') - whole_cmd=['prefixout', '-p', "#{prefix} ", '--'].concat(run_cmd.split) - Open3.popen3(env, *whole_cmd, :chdir=>workdir) do |stdin, stdout, stderr, wait_thr| + Open3.popen3(env, *run_cmd, :chdir=>workdir) do |stdin, stdout, stderr, wait_thr| mappings = { stdin_io => stdin, stdout => stdout_io, stderr => stderr_io } wait_thread = wait_thr diff --git a/lib/covalence/version.rb b/lib/covalence/version.rb index 0253863..bd93a71 100644 --- a/lib/covalence/version.rb +++ b/lib/covalence/version.rb @@ -1,3 +1,3 @@ module Covalence - VERSION = "0.9.7" + VERSION = "0.9.8" end