From 9078b5800962fb2369f4b1b38e42dd407faefc7a Mon Sep 17 00:00:00 2001 From: Matthew Felgate Date: Mon, 28 Aug 2023 10:42:50 -0400 Subject: [PATCH] jwt downgrade --- Gemfile | 11 +- Gemfile.lock | 338 +++++++++--------- NOTICES.txt | 78 ++-- ci/shared.sh | 2 +- .../authenticators_k8s/test_gke_entrypoint.sh | 2 +- config/puma.rb | 1 - .../authn_jwt_check_standard_claims.feature | 6 +- .../authn_jwt_fetch_signing_key.feature | 4 +- .../authn_jwt_validate_and_decode.feature | 4 +- dev/cli | 2 +- dev/start | 2 +- 11 files changed, 225 insertions(+), 225 deletions(-) diff --git a/Gemfile b/Gemfile index 9b1494575c..07609d142e 100644 --- a/Gemfile +++ b/Gemfile @@ -19,7 +19,7 @@ gem 'http', '~> 4.2.0' gem 'iso8601' gem 'jbuilder', '~> 2.7.0' gem 'nokogiri', '>= 1.8.2' -gem 'puma', '~> 5.6' +gem 'puma', '~> 6' gem 'rack', '~> 2.2' gem 'rails', '~> 6.1', '>= 6.1.4.6' gem 'rake' @@ -60,6 +60,9 @@ gem 'net-ldap' # for AWS rotator gem 'aws-sdk-iam', require: false +# we need this version since any newer introduces braking change that causes issues with safe_yaml: https://github.com/ruby/psych/discussions/571 +gem 'psych', '=3.3.2' + group :production do gem 'rails_12factor' end @@ -70,7 +73,8 @@ gem 'kubeclient' gem 'websocket' # authn-oidc, gcp, azure, jwt -gem 'jwt', '2.2.2' # version frozen due to authn-jwt requirements +# gem 'jwt', '2.2.2' # version frozen due to authn-jwt requirements +gem 'jwt', '2.2.2' # authn-oidc gem 'openid_connect', '~> 2.0' @@ -88,6 +92,7 @@ group :development, :test do gem 'cucumber', '~> 7.1' gem 'database_cleaner', '~> 1.8' gem 'debase', '~> 0.2.5.beta2' + gem 'debase-ruby_core_source', '~> 3.2.1' gem 'json_spec', '~> 1.1' gem 'faye-websocket' gem 'net-ssh' @@ -101,7 +106,7 @@ group :development, :test do gem 'rspec' gem 'rspec-core' gem 'rspec-rails' - gem 'ruby-debug-ide' +# gem 'ruby-debug-ide' # We use a post-coverage hook to sleep covered processes until we're ready to # collect the coverage reports in CI. Because of this, we don't want bundler diff --git a/Gemfile.lock b/Gemfile.lock index 3a5cc1c1b3..dbbaf1b16a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -16,107 +16,108 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.4) - actionpack (= 6.1.7.4) - activesupport (= 6.1.7.4) + actioncable (6.1.7.6) + actionpack (= 6.1.7.6) + activesupport (= 6.1.7.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.4) - actionpack (= 6.1.7.4) - activejob (= 6.1.7.4) - activerecord (= 6.1.7.4) - activestorage (= 6.1.7.4) - activesupport (= 6.1.7.4) + actionmailbox (6.1.7.6) + actionpack (= 6.1.7.6) + activejob (= 6.1.7.6) + activerecord (= 6.1.7.6) + activestorage (= 6.1.7.6) + activesupport (= 6.1.7.6) mail (>= 2.7.1) - actionmailer (6.1.7.4) - actionpack (= 6.1.7.4) - actionview (= 6.1.7.4) - activejob (= 6.1.7.4) - activesupport (= 6.1.7.4) + actionmailer (6.1.7.6) + actionpack (= 6.1.7.6) + actionview (= 6.1.7.6) + activejob (= 6.1.7.6) + activesupport (= 6.1.7.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.7.4) - actionview (= 6.1.7.4) - activesupport (= 6.1.7.4) + actionpack (6.1.7.6) + actionview (= 6.1.7.6) + activesupport (= 6.1.7.6) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.4) - actionpack (= 6.1.7.4) - activerecord (= 6.1.7.4) - activestorage (= 6.1.7.4) - activesupport (= 6.1.7.4) + actiontext (6.1.7.6) + actionpack (= 6.1.7.6) + activerecord (= 6.1.7.6) + activestorage (= 6.1.7.6) + activesupport (= 6.1.7.6) nokogiri (>= 1.8.5) - actionview (6.1.7.4) - activesupport (= 6.1.7.4) + actionview (6.1.7.6) + activesupport (= 6.1.7.6) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.4) - activesupport (= 6.1.7.4) + activejob (6.1.7.6) + activesupport (= 6.1.7.6) globalid (>= 0.3.6) - activemodel (6.1.7.4) - activesupport (= 6.1.7.4) - activerecord (6.1.7.4) - activemodel (= 6.1.7.4) - activesupport (= 6.1.7.4) - activestorage (6.1.7.4) - actionpack (= 6.1.7.4) - activejob (= 6.1.7.4) - activerecord (= 6.1.7.4) - activesupport (= 6.1.7.4) + activemodel (6.1.7.6) + activesupport (= 6.1.7.6) + activerecord (6.1.7.6) + activemodel (= 6.1.7.6) + activesupport (= 6.1.7.6) + activestorage (6.1.7.6) + actionpack (= 6.1.7.6) + activejob (= 6.1.7.6) + activerecord (= 6.1.7.6) + activesupport (= 6.1.7.6) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.4) + activesupport (6.1.7.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) - addressable (2.8.1) + addressable (2.8.5) public_suffix (>= 2.0.2, < 6.0) aes_key_wrap (1.1.0) - anyway_config (2.2.3) + anyway_config (2.5.2) ruby-next-core (>= 0.14.0) - aruba (2.0.0) + aruba (2.1.0) bundler (>= 1.17, < 3.0) childprocess (>= 2.0, < 5.0) contracts (>= 0.16.0, < 0.18.0) - cucumber (>= 4.0, < 8.0) + cucumber (>= 4.0, < 9.0) rspec-expectations (~> 3.4) thor (~> 1.0) ast (2.4.2) attr_required (1.0.1) aws-eventstream (1.2.0) - aws-partitions (1.553.0) - aws-sdk-core (3.126.0) + aws-partitions (1.812.0) + aws-sdk-core (3.181.0) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.525.0) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.5) + jmespath (~> 1, >= 1.6.1) + aws-sdk-iam (1.86.0) + aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) - jmespath (~> 1.0) - aws-sdk-iam (1.66.0) - aws-sdk-core (~> 3, >= 3.126.0) - aws-sigv4 (~> 1.1) - aws-sigv4 (1.4.0) + aws-sigv4 (1.6.0) aws-eventstream (~> 1, >= 1.0.2) base32-crockford (0.1.0) base58 (0.2.3) - bcrypt (3.1.16) + bcrypt (3.1.19) bindata (2.4.15) builder (3.2.4) byebug (11.1.3) childprocess (4.1.0) - ci_reporter (2.0.0) + ci_reporter (2.1.0) builder (>= 2.1.2) + rexml ci_reporter_rspec (1.0.0) ci_reporter (~> 2.0) rspec (>= 2.14, < 4) coderay (1.1.3) command_class (0.0.2) concurrent-ruby (1.2.2) - conjur-api (5.4.0) + conjur-api (5.4.1) activesupport (>= 4.2) addressable (~> 2.0) rest-client @@ -129,7 +130,7 @@ GEM netrc (~> 0.10) table_print (~> 1.5) xdg (= 2.2.3) - conjur-debify (0.0.1.pre.47) + conjur-debify (3.0.2) conjur-api (~> 5.3) conjur-cli (~> 6) docker-api (~> 2.0) @@ -154,10 +155,10 @@ GEM mime-types (~> 3.3, >= 3.3.1) multi_test (~> 0.1, >= 0.1.2) sys-uname (~> 1.2, >= 1.2.2) - cucumber-core (10.1.0) + cucumber-core (10.1.1) cucumber-gherkin (~> 22.0, >= 22.0.0) cucumber-messages (~> 17.1, >= 17.1.1) - cucumber-tag-expressions (~> 4.0, >= 4.0.2) + cucumber-tag-expressions (~> 4.1, >= 4.1.0) cucumber-create-meta (6.0.4) cucumber-messages (~> 17.1, >= 17.1.1) sys-uname (~> 1.2, >= 1.2.2) @@ -168,71 +169,65 @@ GEM cucumber-messages (~> 17.1, >= 17.1.0) cucumber-messages (17.1.1) cucumber-tag-expressions (4.1.0) - cucumber-wire (6.2.0) + cucumber-wire (6.2.1) cucumber-core (~> 10.1, >= 10.1.0) cucumber-cucumber-expressions (~> 14.0, >= 14.0.0) - cucumber-messages (~> 17.1, >= 17.1.1) - database_cleaner (1.8.5) + database_cleaner (1.99.0) date (3.3.3) debase (0.2.5.beta2) debase-ruby_core_source (>= 0.10.12) - debase-ruby_core_source (0.10.13) + debase-ruby_core_source (3.2.1) deep_merge (1.2.2) - diff-lcs (1.4.4) + diff-lcs (1.5.0) docile (1.4.0) docker-api (2.2.0) excon (>= 0.47.0) multi_json domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - dry-configurable (0.13.0) - concurrent-ruby (~> 1.0) - dry-core (~> 0.6) - dry-container (0.9.0) + dry-core (1.0.1) concurrent-ruby (~> 1.0) - dry-configurable (~> 0.13, >= 0.13.0) - dry-core (0.7.1) + zeitwerk (~> 2.6) + dry-inflector (1.0.0) + dry-logic (1.5.0) concurrent-ruby (~> 1.0) - dry-inflector (0.2.1) - dry-logic (1.2.0) - concurrent-ruby (~> 1.0) - dry-core (~> 0.5, >= 0.5) - dry-struct (1.4.0) - dry-core (~> 0.5, >= 0.5) - dry-types (~> 1.5) + dry-core (~> 1.0, < 2) + zeitwerk (~> 2.6) + dry-struct (1.6.0) + dry-core (~> 1.0, < 2) + dry-types (>= 1.7, < 2) ice_nine (~> 0.11) - dry-types (1.5.1) + zeitwerk (~> 2.6) + dry-types (1.7.1) concurrent-ruby (~> 1.0) - dry-container (~> 0.3) - dry-core (~> 0.5, >= 0.5) - dry-inflector (~> 0.1, >= 0.1.2) - dry-logic (~> 1.0, >= 1.0.2) - ecma-re-validator (0.4.0) - regexp_parser (~> 2.2) + dry-core (~> 1.0) + dry-inflector (~> 1.0) + dry-logic (~> 1.4) + zeitwerk (~> 2.6) erubi (1.12.0) event_emitter (0.2.6) eventmachine (1.2.7) - excon (0.91.0) + excon (0.102.0) faraday (2.7.10) faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-follow_redirects (0.3.0) faraday (>= 1, < 3) faraday-net_http (3.0.2) - faye-websocket (0.11.1) + faye-websocket (0.11.3) eventmachine (>= 0.12.0) websocket-driver (>= 0.5.1) - ffi (1.15.4) + ffi (1.15.5) ffi-compiler (1.0.1) ffi (>= 1.0.0) rake - gli (2.21.0) + gli (2.21.1) globalid (1.1.0) activesupport (>= 5.0) haikunator (1.1.1) hana (1.3.7) hashdiff (1.0.1) - highline (2.0.3) + highline (2.1.0) http (4.2.0) addressable (~> 2.3) http-cookie (~> 1.0) @@ -248,35 +243,34 @@ GEM concurrent-ruby (~> 1.0) ice_nine (0.11.2) iso8601 (0.13.0) - jaro_winkler (1.5.4) + jaro_winkler (1.5.6) jbuilder (2.7.0) activesupport (>= 4.2.0) multi_json (>= 1.2) - jmespath (1.6.1) + jmespath (1.6.2) json-jwt (1.16.3) activesupport (>= 4.2) aes_key_wrap bindata faraday (~> 2.0) faraday-follow_redirects - json_schemer (0.2.24) - ecma-re-validator (~> 0.3) + json_schemer (2.0.0) hana (~> 1.3) regexp_parser (~> 2.0) - uri_template (~> 0.7) + simpleidn (~> 0.2) json_spec (1.1.5) multi_json (~> 1.0) rspec (>= 2.0, < 4.0) - jsonpath (1.1.0) + jsonpath (1.1.3) multi_json jwt (2.2.2) - kubeclient (4.9.3) - http (>= 3.0, < 5.0) + kubeclient (4.11.0) + http (>= 3.0, < 6.0) jsonpath (~> 1.0) recursive-open-struct (~> 1.1, >= 1.1.1) rest-client (~> 2.0) kwalify (0.7.2) - listen (3.7.0) + listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) loofah (2.21.3) @@ -289,29 +283,29 @@ GEM net-smtp marcel (1.0.2) method_source (1.0.0) - mime-types (3.4.1) + mime-types (3.5.1) mime-types-data (~> 3.2015) - mime-types-data (3.2022.0105) - mini_mime (1.1.2) + mime-types-data (3.2023.0808) + mini_mime (1.1.5) minitest (5.19.0) multi_json (1.15.0) multi_test (0.1.2) net-imap (0.3.7) date net-protocol - net-ldap (0.17.0) + net-ldap (0.18.0) net-pop (0.1.2) net-protocol net-protocol (0.2.1) timeout net-smtp (0.3.3) net-protocol - net-ssh (6.1.0) + net-ssh (7.2.0) netrc (0.11.0) nio4r (2.5.9) - nokogiri (1.15.3-x86_64-darwin) + nokogiri (1.15.4-x86_64-darwin) racc (~> 1.4) - nokogiri (1.15.3-x86_64-linux) + nokogiri (1.15.4-x86_64-linux) racc (~> 1.4) openid_connect (2.2.0) activemodel @@ -326,27 +320,29 @@ GEM validate_email validate_url webfinger (~> 2.0) - parallel (1.21.0) - parallel_tests (4.2.0) + parallel (1.23.0) + parallel_tests (4.2.1) parallel - parser (3.0.3.2) + parser (3.2.2.3) ast (~> 2.4.1) - pg (1.2.3) + racc + pg (1.5.3) powerpack (0.1.3) - prometheus-client (3.0.0) - pry (0.13.1) + prometheus-client (4.2.1) + pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) - pry-byebug (3.9.0) + pry-byebug (3.10.1) byebug (~> 11.0) - pry (~> 0.13.0) + pry (>= 0.13, < 0.15) pry-rails (0.3.9) pry (>= 0.10.4) - public_suffix (5.0.1) - puma (5.6.4) + psych (3.3.2) + public_suffix (5.0.3) + puma (6.3.1) nio4r (~> 2.0) racc (1.7.1) - rack (2.2.7) + rack (2.2.8) rack-oauth2 (2.2.0) activesupport attr_required @@ -357,26 +353,26 @@ GEM rack-rewrite (1.5.1) rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.4) - actioncable (= 6.1.7.4) - actionmailbox (= 6.1.7.4) - actionmailer (= 6.1.7.4) - actionpack (= 6.1.7.4) - actiontext (= 6.1.7.4) - actionview (= 6.1.7.4) - activejob (= 6.1.7.4) - activemodel (= 6.1.7.4) - activerecord (= 6.1.7.4) - activestorage (= 6.1.7.4) - activesupport (= 6.1.7.4) + rails (6.1.7.6) + actioncable (= 6.1.7.6) + actionmailbox (= 6.1.7.6) + actionmailer (= 6.1.7.6) + actionpack (= 6.1.7.6) + actiontext (= 6.1.7.6) + actionview (= 6.1.7.6) + activejob (= 6.1.7.6) + activemodel (= 6.1.7.6) + activerecord (= 6.1.7.6) + activestorage (= 6.1.7.6) + activesupport (= 6.1.7.6) bundler (>= 1.15.0) - railties (= 6.1.7.4) + railties (= 6.1.7.6) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) - rails-dom-testing (2.1.1) + rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) @@ -389,51 +385,51 @@ GEM rails_layout (1.0.42) rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (6.1.7.4) - actionpack (= 6.1.7.4) - activesupport (= 6.1.7.4) + railties (6.1.7.6) + actionpack (= 6.1.7.6) + activesupport (= 6.1.7.6) method_source rake (>= 12.2) thor (~> 1.0) - rainbow (3.0.0) + rainbow (3.1.1) rake (13.0.6) rake_shared_context (0.3.0) - rb-fsevent (0.11.0) + rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) recursive-open-struct (1.1.3) - reek (6.0.6) + reek (6.1.4) kwalify (~> 0.7.0) - parser (~> 3.0.0) + parser (~> 3.2.0) rainbow (>= 2.0, < 4.0) - regexp_parser (2.7.0) + regexp_parser (2.8.1) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) - rexml (3.2.5) - rspec (3.10.0) - rspec-core (~> 3.10.0) - rspec-expectations (~> 3.10.0) - rspec-mocks (~> 3.10.0) - rspec-core (3.10.1) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) + rexml (3.2.6) + rspec (3.12.0) + rspec-core (~> 3.12.0) + rspec-expectations (~> 3.12.0) + rspec-mocks (~> 3.12.0) + rspec-core (3.12.2) + rspec-support (~> 3.12.0) + rspec-expectations (3.12.3) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.2) + rspec-support (~> 3.12.0) + rspec-mocks (3.12.6) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-rails (5.0.2) - actionpack (>= 5.2) - activesupport (>= 5.2) - railties (>= 5.2) - rspec-core (~> 3.10) - rspec-expectations (~> 3.10) - rspec-mocks (~> 3.10) - rspec-support (~> 3.10) - rspec-support (3.10.3) + rspec-support (~> 3.12.0) + rspec-rails (6.0.3) + actionpack (>= 6.1) + activesupport (>= 6.1) + railties (>= 6.1) + rspec-core (~> 3.12) + rspec-expectations (~> 3.12) + rspec-mocks (~> 3.12) + rspec-support (~> 3.12) + rspec-support (3.12.1) rubocop (0.58.2) jaro_winkler (~> 1.5.1) parallel (~> 1.10) @@ -444,30 +440,30 @@ GEM unicode-display_width (~> 1.0, >= 1.0.1) rubocop-checkstyle_formatter (0.4.0) rubocop (>= 0.35.1) - ruby-debug-ide (0.7.3) - rake (>= 0.8.1) - ruby-next-core (0.14.0) - ruby-progressbar (1.11.0) + ruby-next-core (0.15.3) + ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) safe_yaml (1.0.5) - sequel (5.51.0) + sequel (5.71.0) sequel-pg_advisory_locking (1.0.1) sequel sequel-postgres-schemata (0.1.3) sequel (>= 4.3, < 6) - sequel-rails (1.1.1) + sequel-rails (1.2.0) actionpack (>= 4.0.0) activemodel (>= 4.0.0) railties (>= 4.0.0) sequel (>= 3.28, < 6.0) - simplecov (0.21.2) + simplecov (0.22.0) docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) + simpleidn (0.2.1) + unf (~> 0.1.4) slosilo (3.0.1) - spring (2.1.0) + spring (4.1.1) spring-commands-cucumber (1.0.1) spring (>= 0.9.1) spring-commands-rspec (1.0.4) @@ -484,7 +480,7 @@ GEM attr_required (>= 0.0.5) faraday (~> 2.0) faraday-follow_redirects - sys-uname (1.2.2) + sys-uname (1.2.3) ffi (~> 1.1) table_print (1.5.7) thor (1.2.2) @@ -495,19 +491,18 @@ GEM unf_ext unf_ext (0.0.8.2) unicode-display_width (1.8.0) - uri_template (0.7.0) validate_email (0.1.6) activemodel (>= 3.0) mail (>= 2.2.5) validate_url (1.0.15) activemodel (>= 3.0.0) public_suffix - vcr (6.1.0) + vcr (6.2.0) webfinger (2.1.2) activesupport faraday (~> 2.0) faraday-follow_redirects - webmock (3.14.0) + webmock (3.19.0) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -517,7 +512,7 @@ GEM websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xdg (2.2.3) - zeitwerk (2.6.9) + zeitwerk (2.6.11) PLATFORMS x86_64-darwin-20 @@ -544,6 +539,7 @@ DEPENDENCIES cucumber (~> 7.1) database_cleaner (~> 1.8) debase (~> 0.2.5.beta2) + debase-ruby_core_source (~> 3.2.1) dry-struct dry-types event_emitter @@ -564,14 +560,15 @@ DEPENDENCIES net-ldap net-ssh nokogiri (>= 1.8.2) - openid_connect (= 2.2.0) + openid_connect (~> 2.0) parallel parallel_tests pg prometheus-client pry-byebug pry-rails - puma (~> 5.6) + psych (= 3.3.2) + puma (~> 6) rack (~> 2.2) rack-rewrite rails (~> 6.1, >= 6.1.4.6) @@ -587,7 +584,6 @@ DEPENDENCIES rspec-rails rubocop (~> 0.58.0) rubocop-checkstyle_formatter - ruby-debug-ide sequel sequel-pg_advisory_locking sequel-postgres-schemata @@ -604,4 +600,4 @@ DEPENDENCIES websocket BUNDLED WITH - 2.2.33 + 2.3.9 diff --git a/NOTICES.txt b/NOTICES.txt index 9f776f0a92..db1d914ffb 100644 --- a/NOTICES.txt +++ b/NOTICES.txt @@ -8,50 +8,50 @@ of the license associated with each component. Section 1: Apache-2.0 ->>> https://rubygems.org/gems/aws-sdk-iam/versions/1.66.0 +>>> https://rubygems.org/gems/aws-sdk-iam/versions/1.81.0 >>> https://rubygems.org/gems/gli/versions/2.21.0 Section 2: BSD-2-Clause ->>> https://rubygems.org/gems/pg/versions/1.2.3 +>>> https://rubygems.org/gems/pg/versions/1.5.3 >>> https://rubygems.org/gems/websocket/versions/1.2.9 Section 3: BSD-3-Clause >>> https://rubygems.org/gems/base32-crockford/versions/0.1.0 ->>> https://rubygems.org/gems/ffi/versions/1.15.4 ->>> https://rubygems.org/gems/puma/versions/5.6.4 +>>> https://rubygems.org/gems/ffi/versions/1.15.5 +>>> https://rubygems.org/gems/puma/versions/6.3.0 Section 4: MIT ->>> https://rubygems.org/gems/activesupport/versions/6.1.7.3 ->>> https://rubygems.org/gems/anyway_config/versions/2.2.3 +>>> https://rubygems.org/gems/activesupport/versions/6.1.7.4 +>>> https://rubygems.org/gems/anyway_config/versions/2.4.2 >>> https://rubygems.org/gems/base58/versions/0.2.3 ->>> https://rubygems.org/gems/bcrypt/versions/3.1.16 +>>> https://rubygems.org/gems/bcrypt/versions/3.1.19 >>> https://rubygems.org/gems/command_class/versions/0.0.2 >>> https://rubygems.org/gems/conjur-policy-parser/versions/3.0.4 >>> https://rubygems.org/gems/conjur-rack/versions/5.0.0 >>> https://rubygems.org/gems/conjur-rack-heartbeat/versions/2.2.0 ->>> https://rubygems.org/gems/dry-struct/versions/1.4.0 ->>> https://rubygems.org/gems/dry-types/versions/1.5.1 +>>> https://rubygems.org/gems/dry-struct/versions/1.6.0 +>>> https://rubygems.org/gems/dry-types/versions/1.7.1 >>> https://rubygems.org/gems/http/versions/4.2.0 >>> https://rubygems.org/gems/iso8601/versions/0.13.0 >>> https://rubygems.org/gems/jbuilder/versions/2.7.0 ->>> https://rubygems.org/gems/jwt/versions/2.2.2 ->>> https://rubygems.org/gems/kubeclient/versions/4.9.3 ->>> https://rubygems.org/gems/listen/versions/3.7.0 ->>> https://rubygems.org/gems/loofah/versions/2.20.0 ->>> https://rubygems.org/gems/net-ldap/versions/0.17.0 ->>> https://rubygems.org/gems/nokogiri/versions/1.14.3 +>>> https://rubygems.org/gems/jwt/versions/2.7.1 +>>> https://rubygems.org/gems/kubeclient/versions/4.11.0 +>>> https://rubygems.org/gems/listen/versions/3.8.0 +>>> https://rubygems.org/gems/loofah/versions/2.21.3 +>>> https://rubygems.org/gems/net-ldap/versions/0.18.0 +>>> https://rubygems.org/gems/nokogiri/versions/1.15.3-x86_64-darwin >>> https://rubygems.org/gems/openid_connect/versions/1.3.0 >>> https://rubygems.org/gems/rack-rewrite/versions/1.5.1 ->>> https://rubygems.org/gems/rails/versions/6.1.7.3 +>>> https://rubygems.org/gems/rails/versions/6.1.7.4 >>> https://rubygems.org/gems/rake/versions/13.0.6 ->>> https://rubygems.org/gems/sequel/versions/5.51.0 +>>> https://rubygems.org/gems/sequel/versions/5.69.0 >>> https://rubygems.org/gems/sequel-pg_advisory_locking/versions/1.0.1 >>> https://rubygems.org/gems/sequel-postgres-schemata/versions/0.1.3 ->>> https://rubygems.org/gems/sequel-rails/versions/1.1.1 ->>> https://rubygems.org/gems/simplecov/versions/0.21.2 +>>> https://rubygems.org/gems/sequel-rails/versions/1.2.0 +>>> https://rubygems.org/gems/simplecov/versions/0.22.0 >>> https://rubygems.org/gems/slosilo/versions/3.0.1 >>> https://rubygems.org/gems/event_emitter/versions/0.2.6 @@ -66,7 +66,7 @@ APPENDIX: Standard License Files and Templates Apache-2.0 License is applicable to the following component(s). ->>> https://rubygems.org/gems/aws-sdk-iam/versions/1.66.0 +>>> https://rubygems.org/gems/aws-sdk-iam/versions/1.81.0 Copyright 2011-2014 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -102,7 +102,7 @@ limitations under the License. BSD-2-Clause License is applicable to the following component(s). ->>> https://rubygems.org/gems/pg/versions/1.2.3 +>>> https://rubygems.org/gems/pg/versions/1.5.3 Copyright © 1997-2019 by the authors. @@ -185,7 +185,7 @@ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ->>> https://rubygems.org/gems/ffi/versions/1.15.4 +>>> https://rubygems.org/gems/ffi/versions/1.15.5 Copyright (c) 2008-2016, Ruby FFI project contributors @@ -214,7 +214,7 @@ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ->>> https://rubygems.org/gems/puma/versions/5.6.4 +>>> https://rubygems.org/gems/puma/versions/6.3.0 Some code copyright (c) 2005, Zed Shaw Copyright (c) 2011, Evan Phoenix @@ -247,7 +247,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. MIT License is applicable to the following component(s). ->>> https://rubygems.org/gems/activesupport/versions/6.1.7.3 +>>> https://rubygems.org/gems/activesupport/versions/6.1.7.4 Copyright (c) 2005-2018 David Heinemeier Hansson @@ -269,7 +269,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/anyway_config/versions/2.2.3 +>>> https://rubygems.org/gems/anyway_config/versions/2.4.2 Copyright (c) 2015-2020 Vladimir Dementyev @@ -316,7 +316,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/bcrypt/versions/3.1.16 +>>> https://rubygems.org/gems/bcrypt/versions/3.1.19 Copyright 2007-2011: @@ -436,7 +436,7 @@ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/dry-struct/versions/1.4.0 +>>> https://rubygems.org/gems/dry-struct/versions/1.6.0 Copyright (c) 2013-2016 Piotr Solnica @@ -458,7 +458,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/dry-types/versions/1.5.1 +>>> https://rubygems.org/gems/dry-types/versions/1.7.1 Copyright (c) 2013-2014 Piotr Solnica @@ -546,7 +546,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/jwt/versions/2.2.2 +>>> https://rubygems.org/gems/jwt/versions/2.7.1 Copyright (c) 2011 Jeff Lindsay @@ -567,7 +567,7 @@ HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTIO OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/kubeclient/versions/4.9.3 +>>> https://rubygems.org/gems/kubeclient/versions/4.11.0 Copyright (c) 2014 Alissa Bonas @@ -592,7 +592,7 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/listen/versions/3.7.0 +>>> https://rubygems.org/gems/listen/versions/3.8.0 Copyright (c) 2013 Thibaud Guillaume-Gentil @@ -614,7 +614,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/loofah/versions/2.20.0 +>>> https://rubygems.org/gems/loofah/versions/2.21.3 Copyright (c) 2009 -- 2018 by Mike Dalessio, Bryan Helmkamp @@ -636,7 +636,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/net-ldap/versions/0.17.0 +>>> https://rubygems.org/gems/net-ldap/versions/0.18.0 Copyright 2006–2011 by Francis Cianfrocca and other contributors. @@ -658,7 +658,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/nokogiri/versions/1.14.3 +>>> https://rubygems.org/gems/nokogiri/versions/1.15.3-x86_64-darwin Copyright 2008 -- 2018 by Aaron Patterson, Mike Dalessio, Charles Nutter, Sergio Arbeo, Patrick Mahoney, Yoko Harada, Akinori MUSHA, John Shahid, Lars Kanis @@ -726,7 +726,7 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/rails/versions/6.1.7.3 +>>> https://rubygems.org/gems/rails/versions/6.1.7.4 Copyright (c) 2005-2018 David Heinemeier Hansson @@ -770,7 +770,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> >>> https://rubygems.org/gems/sequel/versions/5.51.0 +>>> >>> https://rubygems.org/gems/sequel/versions/5.69.0 Copyright (c) 2007-2008 Sharon Rosner Copyright (c) 2008-2023 Jeremy Evans @@ -836,7 +836,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/sequel-rails/versions/1.1.1 +>>> https://rubygems.org/gems/sequel-rails/versions/1.2.0 Copyright (c) 2009-2013 The sequel-rails team @@ -858,7 +858,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/simplecov/versions/0.21.2 +>>> https://rubygems.org/gems/simplecov/versions/0.22.0 Copyright (c) 2010-2015 Christoph Olszowka @@ -1212,4 +1212,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. +SOFTWARE. \ No newline at end of file diff --git a/ci/shared.sh b/ci/shared.sh index 74aaf08f10..081fb0b4f6 100644 --- a/ci/shared.sh +++ b/ci/shared.sh @@ -185,7 +185,7 @@ _run_cucumber_tests() { # process to write the report. The container is kept alive using an infinite # sleep in the at_exit hook (see .simplecov). for parallel_service in "${parallel_services[@]}"; do - $COMPOSE exec -T "$parallel_service" bash -c "pkill -f 'puma 5'" + $COMPOSE exec -T "$parallel_service" bash -c "pkill -f 'puma 6'" done } diff --git a/ci/test_suites/authenticators_k8s/test_gke_entrypoint.sh b/ci/test_suites/authenticators_k8s/test_gke_entrypoint.sh index d01e8f1d52..207fad3997 100755 --- a/ci/test_suites/authenticators_k8s/test_gke_entrypoint.sh +++ b/ci/test_suites/authenticators_k8s/test_gke_entrypoint.sh @@ -57,7 +57,7 @@ function finish { echo "Killing conjur so that coverage report is written" # The container is kept alive using an infinite sleep in the at_exit hook # (see .simplecov) so that the kubectl cp below works. - kubectl exec "${conjur_pod_name}" -- bash -c "pkill -f 'puma 5'" + kubectl exec "${conjur_pod_name}" -- bash -c "pkill -f 'puma 6'" echo "Retrieving coverage report" kubectl cp \ diff --git a/config/puma.rb b/config/puma.rb index f8b8c5579e..d996f7f5b2 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -65,7 +65,6 @@ # available in this config file. preload_app! -rackup DefaultRackup port ENV['PORT'] || 3000 environment ENV['RACK_ENV'] || 'development' diff --git a/cucumber/authenticators_jwt/features/authn_jwt_check_standard_claims.feature b/cucumber/authenticators_jwt/features/authn_jwt_check_standard_claims.feature index 28fb3af4dc..2d8f6d999b 100644 --- a/cucumber/authenticators_jwt/features/authn_jwt_check_standard_claims.feature +++ b/cucumber/authenticators_jwt/features/authn_jwt_check_standard_claims.feature @@ -365,7 +365,7 @@ Feature: JWT Authenticator - Check registered claim Then the HTTP response status code is 401 And The following appears in the log after my savepoint: """ - CONJ00035E Failed to decode token (3rdPartyError ='#')> + CONJ00035E Failed to decode token (3rdPartyError ='#')> """ @negative @acceptance @@ -454,7 +454,7 @@ Feature: JWT Authenticator - Check registered claim Then the HTTP response status code is 401 And The following appears in the log after my savepoint: """ - CONJ00035E Failed to decode token (3rdPartyError ='#')> + CONJ00035E Failed to decode token (3rdPartyError ='#')> """ @sanity @@ -498,4 +498,4 @@ Feature: JWT Authenticator - Check registered claim | Test | audience | aud | http_code | log | | ONYX-11154 | valid-audience | "other":"claim" | 401 | CONJ00091E Failed to validate token: mandatory claim 'aud' is missing. | | ONYX-11156 | valid-audience | "aud":"invalid" | 401 | CONJ00018D Failed to decode the token with the error '# + CONJ00035E Failed to decode token (3rdPartyError ='#')> """ @negative @acceptance @@ -102,5 +102,5 @@ Feature: JWT Authenticator - Validate And Decode Then the HTTP response status code is 401 And The following appears in the log after my savepoint: """ - CONJ00035E Failed to decode token (3rdPartyError ='#')> + CONJ00035E Failed to decode token (3rdPartyError ='#')> """ diff --git a/dev/cli b/dev/cli index 0b19ef34a2..32b91363cc 100755 --- a/dev/cli +++ b/dev/cli @@ -211,7 +211,7 @@ function enable_jwt() { function enable_azure() { - ../ci/authn-azure/check_dependencies.sh + ../dev/ci/test_suites/authenticators_azure/check_dependencies.sh echo "Setting Azure details as env variables" diff --git a/dev/start b/dev/start index a18f9b120b..0541f21b14 100755 --- a/dev/start +++ b/dev/start @@ -403,7 +403,7 @@ init_azure() { enabled_authenticators="$enabled_authenticators,authn-azure/prod" - ../ci/authn-azure/check_dependencies.sh + ../ci/test_suites/authenticators_azure/check_dependencies.sh client_load_policy \ "/src/conjur-server/ci/test_suites/authenticators_azure/policies/policy.yml"