CHEF-15132-Updated Libraries having CVEs for upcoming WS release

nikhil2611 commented 1 month ago

Description

Updated the openSSL v3.0.15 as v3.0.12 have high/critical CVEs - https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/version_id-1775730/Openssl-Openssl-3.0.12.html
Updated the libxml2 v2.12.7 as v2.12.5 have high CVE - https://www.cvedetails.com/vulnerability-list/vendor_id-1962/product_id-3311/version_id-1777449/Xmlsoft-Libxml2-2.12.5.html
Updated the libarchive v3.7.5 as v3.7.4 have high and critical CVEs - https://www.cvedetails.com/vulnerability-list/vendor_id-12872/product_id-26168/version_id-1807154/Libarchive-Libarchive-3.7.4.html
Adding the git-windows v2.47.0 as v2.41.0 is bundled with curl v8.1 which is having high/critical culnerability
The RDoc gem, as installed by base Ruby and not chef-workstation, has a CVE. Here we explicitly add/update the rdoc version to overcome that CVE. Notes here: https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/

[ ] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
[ ] Chore (non-breaking change that does not add functionality or fix an issue)

[ ] I have read the CONTRIBUTING document.
[ ] I have run the pre-merge tests locally and they pass.
[ ] I have updated the documentation accordingly.
[ ] I have added tests to cover my changes.
[ ] If Gemfile.lock has changed, I have used --conservative to do it and included the full output in the Description above.
[ ] All new and existing tests passed.
[ ] All commits have been signed-off for the Developer Certificate of Origin.