Supermarket 3.3.35 was released today and is available for download at downloads.chef.io/supermarket. This release contains security updates for dependencies. Though there are no known vulnerabilities in Supermarket prior to these updates, this is a recommended upgrade.
These updates resolve CVE scanner audits. No vulnerabilities were found in Supermarket's use of these components.
- update deps: includes nginx 1.18.0 #1874 (tas50)
- update Ruby to 2.6.6 to resolve 2 CVEs #1877 (tas50)
- update actionview from 184.108.40.206 to 220.127.116.11 #1887 (dependabot-preview[bot])
- add support for enabling Server Side Encryption when storing cookbooks in AWS S3 #1888 (bdwyertech)
- add packages for Amazon Linux 2 to the pipeline #1875 (tas50)