Supermarket 3.3.20 was released today and is available for download at https://downloads.chef.io/supermarket. This release contains security updates and is a recommended upgrade.
Security Fixes
- update rubyzip to address CVE-2019-16892 #1825 (robbkidd)
- Bump loofah from 2.2.3 to 2.3.1 #1830 (dependabot[bot])
- update for CVE-2019-13117 & CVE-2019-16782 #1833 (robbkidd)
- Bump rack from 2.0.7 to 2.0.8 in /omnibus #1834 (dependabot[bot])
- include secrets found in secrets.json in runtime omnibus config #1832 (robbkidd)
- Bump nokogiri from 1.10.7 to 1.10.9 #1848 (dependabot-preview[bot])
- Bump rake from 12.3.2 to 13.0.1 #1844 (dependabot-preview[bot])
- Bump omniauth from 1.9.0 to 1.9.1 #1851 (dependabot-preview[bot])
- generate secrets.json with warning messages #1849 (robbkidd)
- Prevent unsafe links to cross-origin destinations #1846 (cattywampus)