ekohl
commented
2 years ago https://github.com/voxpupuli/puppet-augeasproviders_pam/pull/30 would probably address this. I just pushed an update, let's see if CI turns green.
Closed golflimaechoecho closed 2 years ago
ekohl
commented
2 years ago https://github.com/voxpupuli/puppet-augeasproviders_pam/pull/30 would probably address this. I just pushed an update, let's see if CI turns green.
The redcarpet version specified in Gemfile (
gem 'redcarpet', '~> 2.0') is causing GitHub to flag https://rubysec.com/advisories/CVE-2020-26298/ (redcarpet downrev)redcarpet appears to be leftover from older testing syntax/framework - it does not appear in Gemfile modules that have been converted to PDK (eg: augeasproviders_core, augeasproviders_shellvar); whereas redcarpet is present (and GitHub warning also shows) for other modules not yet converted to PDK (eg: augeasproviders_grub, augeasproviders_sysctl)
note: Dependabot appears to have raised PR in the puppet-augeasproviders repo for same/similar issue: https://github.com/voxpupuli/puppet-augeasproviders/pull/167