From 3f3d4039111cbc73cacb2426748825ef1bbc38fa Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 13 Feb 2026 15:20:24 +0000 Subject: [PATCH] fix: pkgs/tools/misc/fluentd/Gemfile & pkgs/tools/misc/fluentd/Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-FARADAY-15253521 --- pkgs/tools/misc/fluentd/Gemfile | 2 +- pkgs/tools/misc/fluentd/Gemfile.lock | 101 +++++++++++++++++---------- 2 files changed, 67 insertions(+), 36 deletions(-) diff --git a/pkgs/tools/misc/fluentd/Gemfile b/pkgs/tools/misc/fluentd/Gemfile index 8c9dd3aa0a021..fa653ba5dcd1c 100644 --- a/pkgs/tools/misc/fluentd/Gemfile +++ b/pkgs/tools/misc/fluentd/Gemfile @@ -1,5 +1,5 @@ source "https://rubygems.org" gem 'fluentd' -gem 'fluent-plugin-elasticsearch' +gem 'fluent-plugin-elasticsearch', '>= 0.8.0' gem 'fluent-plugin-record-reformer' diff --git a/pkgs/tools/misc/fluentd/Gemfile.lock b/pkgs/tools/misc/fluentd/Gemfile.lock index 4f51d365513a8..03f58b41b7d4c 100644 --- a/pkgs/tools/misc/fluentd/Gemfile.lock +++ b/pkgs/tools/misc/fluentd/Gemfile.lock @@ -1,52 +1,83 @@ GEM remote: https://rubygems.org/ specs: - cool.io (1.3.0) - elasticsearch (1.0.8) - elasticsearch-api (= 1.0.7) - elasticsearch-transport (= 1.0.7) - elasticsearch-api (1.0.7) + base64 (0.3.0) + concurrent-ruby (1.3.6) + cool.io (1.9.3) + csv (3.3.5) + drb (2.2.3) + elastic-transport (8.4.1) + faraday (< 3) multi_json - elasticsearch-transport (1.0.7) - faraday + elasticsearch (9.3.0) + elastic-transport (~> 8.3) + elasticsearch-api (= 9.3.0) + elasticsearch-api (9.3.0) + base64 multi_json - faraday (0.9.1) - multipart-post (>= 1.2, < 3) - fluent-plugin-elasticsearch (0.7.0) + excon (1.3.2) + logger + faraday (2.14.1) + faraday-net_http (>= 2.0, < 3.5) + json + logger + faraday-excon (2.4.0) + excon (>= 1.0.0) + faraday (>= 2.11.0, < 3) + faraday-net_http (3.4.2) + net-http (~> 0.5) + fluent-plugin-elasticsearch (6.0.0) elasticsearch - fluentd (>= 0.10.43) - patron (~> 0) + excon + faraday (>= 2.0.0) + faraday-excon (>= 2.0.0) + fluentd (>= 0.14.22) fluent-plugin-record-reformer (0.6.0) fluentd - fluentd (0.12.6) - cool.io (>= 1.2.2, < 2.0.0) - http_parser.rb (>= 0.5.1, < 0.7.0) - json (>= 1.4.3) - msgpack (>= 0.5.11, < 0.6.0) - sigdump (~> 0.2.2) - string-scrub (>= 0.0.3) - tzinfo (>= 1.0.0) - tzinfo-data (>= 1.0.0) + fluentd (1.18.0) + base64 (~> 0.2) + bundler + cool.io (>= 1.4.5, < 2.0.0) + csv (~> 3.2) + drb (~> 2.2) + http_parser.rb (>= 0.5.1, < 0.9.0) + logger (~> 1.6) + msgpack (>= 1.3.1, < 2.0.0) + serverengine (>= 2.3.2, < 3.0.0) + sigdump (~> 0.2.5) + strptime (>= 0.2.4, < 1.0.0) + tzinfo (>= 1.0, < 3.0) + tzinfo-data (~> 1.0) + webrick (~> 1.4) yajl-ruby (~> 1.0) - http_parser.rb (0.6.0) - json (1.8.2) - msgpack (0.5.11) - multi_json (1.11.0) - multipart-post (2.0.0) - patron (0.4.20) - sigdump (0.2.2) - string-scrub (0.0.5) - thread_safe (0.3.5) - tzinfo (1.2.2) - thread_safe (~> 0.1) - tzinfo-data (1.2015.1) + http_parser.rb (0.8.1) + json (2.18.1) + logger (1.7.0) + msgpack (1.8.0) + multi_json (1.19.1) + net-http (0.9.1) + uri (>= 0.11.1) + serverengine (2.4.0) + base64 (~> 0.1) + logger (~> 1.4) + sigdump (~> 0.2.2) + sigdump (0.2.5) + strptime (0.2.5) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + tzinfo-data (1.2025.3) tzinfo (>= 1.0.0) - yajl-ruby (1.2.1) + uri (1.1.1) + webrick (1.9.2) + yajl-ruby (1.4.3) PLATFORMS ruby DEPENDENCIES - fluent-plugin-elasticsearch + fluent-plugin-elasticsearch (>= 0.8.0) fluent-plugin-record-reformer fluentd + +BUNDLED WITH + 2.3.27