inspec-core 5.22.80 → 5.23.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6b46f57de93a21fa00ddeb70944cc1bb3cf846c73d1b33c5460496472773b0fa
-  data.tar.gz: a1f020b14dc5f06c81f98d7fabaa593b5a0696b5cd4370625382b627c216493e
+  metadata.gz: c009226468213d8efc51bc54b6e315c0d3ac50d9039ee198bbb1b24330a2f2cc
+  data.tar.gz: '0568f87bfec4df5740aaa3de94c1d2bc91b5b9e3f7a59dff8446052a63e83f02'
 SHA512:
-  metadata.gz: f72371f72e1195698128502801aefea2e698bd2c705c00b849547c2f8b18881bb05964de87715cbea5301ee6284db60fba6a9f080915d3f672686174c0ec1e59
-  data.tar.gz: 56a96407e6c3dd29f7d33c0ee128cf419aac43e01c48c6c220c3041cf20aeee4478d9be1ec280f2732391ca9d7eef5db19371e69d6105036e13fbbca5a6c3e53
+  metadata.gz: 90b9f7f4196b68f8bf1b2e33e2c6e4ef1164ede223639115cb1edf04587b9e2b0173fe9bd5badfe84fab507a443844e90d85cd2369b9bd2c44c209c1d9832c4a
+  data.tar.gz: 62f1267747c3fa35f3c75750f9fde168ac4682862a21efd4156b795c56d2cdf5cca580648c3bba9e8d7152139e55a2ff52457d3756ef6dbfcbb3279a0610474b

data/Gemfile

@@ -40,12 +40,16 @@ group :test do
   # Pinning this version as it breaking for ruby 3.1.0
   gem "nokogiri", "< 1.17.2"
   # Pinning this version as it breaking for ruby 3.0.0
-  gem "pry-byebug", "< 3.11.0"
+  gem "pry-byebug", "< 3.12.0"
   gem "pry"
   gem "rake"
   gem "simplecov"
   gem "simplecov_json_formatter"
   gem "webmock"
+  gem "signet", "< 0.22.0" # 0.20.0+ requires min ruby 3.1
+  # Pinning to 1.15 as multi_json 1.16 require ruby 3.2 version
+  # Ref: https://buildkite.com/chef-oss/inspec-inspec-inspec-5-verify/builds/647#019808ca-087b-43bc-b1f9-40a36f59c5f4
+  gem "multi_json", "~> 1.15.0"
 end
 
 group :deploy do
@@ -53,12 +57,9 @@ group :deploy do
 end
 
 # Build is failing - see: https://buildkite.com/chef-oss/inspec-inspec-inspec-5-verify/builds/442
-# Error:
-# zeitwerk-2.7.1 requires Ruby >= 3.2, which is incompatible with the current version (Ruby 3.0.7p220)
-
+# Error: zeitwerk-2.7.1 requires Ruby >= 3.2, which is incompatible with the current version (Ruby 3.0.7p220)
 # Dependency chain:
 # zeitwerk → dry-configurable, dry-struct, dry-types → k8s-ruby → train-kubernetes
-
 # Pinning zeitwerk to ~> 2.6 to avoid Ruby >= 3.2 requirement.
 # Remove this pin when upgrading to Ruby 3.2 or higher.
 gem "zeitwerk", "~> 2.6.0", "< 2.7"

data/inspec-core.gemspec

@@ -13,9 +13,8 @@ Gem::Specification.new do |spec|
   spec.license       = "Apache-2.0"
   spec.require_paths = ["lib"]
 
-  # We want to support ruby 3.0 as Chef is using ruby to support AIX and we want to make sure InSpec works with it. (Ref: https://github.com/chef/chef/pull/13207)
-  # TODO: Once we have Chef working fully with ruby 3.1 we can drop ruby 3.0
-  spec.required_ruby_version = ">= 3.0.3"
+  # Chef will provide AIX support with ruby 3.0 in separate builds with older versions of InSpec 5, hence we can drop ruby 3.0 support
+  spec.required_ruby_version = ">= 3.1.0"
 
   # the gemfile and gemspec are necessary for appbundler so don't remove it
   spec.files =
@@ -29,11 +28,11 @@ Gem::Specification.new do |spec|
   spec.add_dependency "license-acceptance",       ">= 0.2.13", "< 3.0"
   # TODO: We should remove the thor pinning in next upcoming releases currently it's breaking our unit test in cli_args_test for aliases due to
   # recent changes made in thor library REF: https://github.com/rails/thor/releases/tag/v1.3.0 & https://github.com/rails/thor/pull/800
-  spec.add_dependency "thor",                     ">= 0.20", "< 1.3.0"
+  spec.add_dependency "thor",                     ">= 0.20", "< 1.5.0"
   spec.add_dependency "method_source",            ">= 0.8", "< 2.0"
-  spec.add_dependency "rubyzip",                  ">= 1.2.2", "< 3.0"
-  spec.add_dependency "rspec",                    ">= 3.9", "<= 3.12"
-  spec.add_dependency "rspec-its",                "~> 1.2"
+  spec.add_dependency "rubyzip",                  ">= 1.2.2", "< 4.0"
+  spec.add_dependency "rspec",                    ">= 3.9", "<= 3.14"
+  spec.add_dependency "rspec-its",                ">= 1.2", "< 3.0"
   spec.add_dependency "pry",                      "~> 0.13"
   spec.add_dependency "hashie",                   ">= 3.4", "< 6.0"
   spec.add_dependency "mixlib-log",               "~> 3.0", "< 3.2"
@@ -55,5 +54,5 @@ Gem::Specification.new do |spec|
   # which was causing a LoadError ('cannot load such file -- ast') for users/applications using 'inspec-core'.
   spec.add_dependency "cookstyle"
 
-  spec.add_dependency "train-core", "~> 3.12.13"
+  spec.add_dependency "train-core", "~> 3.13", ">= 3.13.4"
 end

data/lib/inspec/base_cli.rb

@@ -140,6 +140,16 @@ module Inspec
         desc: "A list of paths to the ssh config file, e.g ~/.ssh/config or /etc/ssh/ssh_config."
       option :podman_url, type: :string,
         desc: "Provides the path to the Podman API endpoint. Defaults to unix:///run/user/$UID/podman/podman.sock for rootless container, unix:///run/podman/podman.sock for rootful container (for this you need to execute inspec as root user)."
+      option :socks_proxy, type: :string,
+         desc: "SOCKS5H proxy URL to tunnel the WinRM connection (e.g., socks5h://proxy-host:1080)."
+      option :socks_user, type: :string,
+         desc: "Username for authenticating with the SOCKS5 proxy."
+      option :socks_password, type: :string, lazy_default: -1,
+         desc: "Password for authenticating with the SOCKS5 proxy."
+      option :kerberos_realm, type: :string,
+         desc: "Kerberos realm used for authentication."
+      option :kerberos_service, type: :string,
+         desc: "Kerberos service principal name (e.g., HTTP, HOST)."
     end
 
     def self.profile_options

data/lib/inspec/fetcher/git.rb

@@ -68,11 +68,21 @@ module Inspec::Fetcher
       else
         Dir.mktmpdir do |working_dir|
           checkout(working_dir)
+          if git_only_or_empty?(working_dir)
+            # If the temporary working directory is empty after checkout,
+            # this means the git repository did not contain any files (or the checkout failed).
+            # In this case, remove the destination directory to avoid
+            # leaving an empty or invalid profile directory.
+            if Dir.exist?(destination_path)
+              FileUtils.rm_rf(destination_path)
+            end
+            raise Inspec::FetcherFailure, "Profile git dependency failed for #{@remote_url} - no files found in the repository."
+          end
           if @relative_path
             perform_relative_path_fetch(destination_path, working_dir)
           else
             Inspec::Log.debug("Checkout of #{resolved_ref.nil? ? @remote_url : resolved_ref} successful. " \
-                              "Moving checkout to #{destination_path}")
+                                "Moving checkout to #{destination_path}")
             FileUtils.cp_r(working_dir + "/.", destination_path)
           end
         end
@@ -80,6 +90,16 @@ module Inspec::Fetcher
       @repo_directory
     end
 
+    def git_only_or_empty?(dir)
+      return false unless Dir.exist?(dir)
+
+      children = Dir.children(dir)
+      # Return true if:
+      # - directory is completely empty
+      # - or it contains only one entry: '.git'
+      children.empty? || (children - [".git"]).empty?
+    end
+
     def perform_relative_path_fetch(destination_path, working_dir)
       Inspec::Log.debug("Checkout of #{resolved_ref.nil? ? @remote_url : resolved_ref} successful. " \
                         "Moving #{@relative_path} to #{destination_path}")

data/lib/inspec/profile.rb

@@ -256,7 +256,14 @@ module Inspec
       # # Pull together waiver
       waived_control_ids = []
       waiver_paths.each do |waiver_path|
-        waiver_content = YAML.load_file(waiver_path)
+        # Ruby 3.1 treats YAML load as a dangerous operation by default, requiring us to declare date and time classes as permitted
+        # It's not a valid option in 3.0.x
+        if Gem.ruby_version >= Gem::Version.new("3.1.0")
+          waiver_content = ::YAML.load_file(waiver_path, permitted_classes: [Date, Time])
+        else
+          waiver_content = YAML.load_file(waiver_path)
+        end
+
         unless waiver_content
           # Note that we will have already issued a detailed warning
           Inspec::Log.error "YAML parsing error in #{waiver_path}"

data/lib/inspec/secrets/yaml.rb

@@ -18,11 +18,7 @@ module Secrets
     def initialize(target)
       # Ruby 3.1 treats YAML load as a dangerous operation by default, requiring us to declare date and time classes as permitted
       # It's not a valid option in 3.0.x
-      if Gem.ruby_version >= Gem::Version.new("3.1.0")
-        @inputs = ::YAML.load_file(target, permitted_classes: [Date, Time])
-      else
-        @inputs = ::YAML.load_file(target)
-      end
+      @inputs = ::YAML.load_file(target, permitted_classes: [Date, Time])
 
       # In case of empty yaml file raise the warning else raise the parsing error.
       if !@inputs || @inputs.empty?

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "5.22.80".freeze
+  VERSION = "5.23.6".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 5.22.80
+  version: 5.23.6
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-04-30 00:00:00.000000000 Z
+date: 2025-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -59,7 +59,7 @@ dependencies:
         version: '0.20'
     - - "<"
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -69,7 +69,7 @@ dependencies:
         version: '0.20'
     - - "<"
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: method_source
   requirement: !ruby/object:Gem::Requirement
@@ -99,7 +99,7 @@ dependencies:
         version: 1.2.2
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -109,7 +109,7 @@ dependencies:
         version: 1.2.2
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -119,7 +119,7 @@ dependencies:
         version: '3.9'
     - - "<="
       - !ruby/object:Gem::Version
-        version: '3.12'
+        version: '3.14'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -129,21 +129,27 @@ dependencies:
         version: '3.9'
     - - "<="
       - !ruby/object:Gem::Version
-        version: '3.12'
+        version: '3.14'
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -390,14 +396,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.12.13
+        version: '3.13'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.13.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.12.13
+        version: '3.13'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.13.4
 description: InSpec provides a framework for creating end-to-end infrastructure tests.
   You can use it for integration or even compliance testing. Create fully portable
   test profiles and use them in your workflow to ensure stability and security. Integrate
@@ -867,7 +879,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.0.3
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="