Supermarket 3.3.20 released!

Supermarket 3.3.20 was released today and is available for download at https://downloads.chef.io/supermarket. This release contains security updates and is a recommended upgrade.

Security Fixes

• update rubyzip to address CVE-2019-16892 #1825 (robbkidd)
• Bump loofah from 2.2.3 to 2.3.1 #1830 (dependabot[bot])
• update for CVE-2019-13117 & CVE-2019-16782 #1833 (robbkidd)
• Bump rack from 2.0.7 to 2.0.8 in /omnibus #1834 (dependabot[bot])
• include secrets found in secrets.json in runtime omnibus config #1832 (robbkidd)
• Bump nokogiri from 1.10.7 to 1.10.9 #1848 (dependabot-preview[bot])
• Bump rake from 12.3.2 to 13.0.1 #1844 (dependabot-preview[bot])
• Bump omniauth from 1.9.0 to 1.9.1 #1851 (dependabot-preview[bot])
• generate secrets.json with warning messages #1849 (robbkidd)
• Prevent unsafe links to cross-origin destinations #1846 (cattywampus)

Merged Pull Requests

• add a version command to supermarket-ctl #1811 (robbkidd)
• avoid Double Bundler by pinning rubygems version #1835 (robbkidd)
• upgrade Ruby to 2.6.5 #1852 (robbkidd)