puppet 7.25.0-x86-mingw32 → 7.27.0-x86-mingw32

data/man/man8/puppet-describe.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DESCRIBE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DESCRIBE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-describe\fR \- Display help about resource types

data/man/man8/puppet-device.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DEVICE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DEVICE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-device\fR \- Manage remote network devices

data/man/man8/puppet-doc.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DOC" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DOC" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-doc\fR \- Generate Puppet references

data/man/man8/puppet-epp.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-EPP" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-EPP" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.

data/man/man8/puppet-facts.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FACTS" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FACTS" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-facts\fR \- Retrieve and store facts\.

data/man/man8/puppet-filebucket.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FILEBUCKET" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FILEBUCKET" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket

data/man/man8/puppet-generate.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-GENERATE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-GENERATE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.

data/man/man8/puppet-help.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-HELP" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-HELP" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-help\fR \- Display Puppet help\.

data/man/man8/puppet-lookup.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-LOOKUP" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-LOOKUP" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-lookup\fR \- Interactive Hiera lookup

data/man/man8/puppet-module.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MODULE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MODULE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.

data/man/man8/puppet-node.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-NODE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-NODE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-node\fR \- View and manage node definitions\.

data/man/man8/puppet-parser.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PARSER" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PARSER" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-parser\fR \- Interact directly with the parser\.

data/man/man8/puppet-plugin.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PLUGIN" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PLUGIN" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.

data/man/man8/puppet-report.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-REPORT" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-REPORT" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-report\fR \- Create, display, and submit reports\.

data/man/man8/puppet-resource.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-RESOURCE" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-RESOURCE" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-resource\fR \- The resource abstraction layer shell

data/man/man8/puppet-script.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SCRIPT" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SCRIPT" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients
@@ -42,6 +42,10 @@ submit_request
 Generate a certificate signing request (CSR) and submit it to the CA\. If a private and public key pair already exist, they will be used to generate the CSR\. Otherwise a new key pair will be generated\. If a CSR has already been submitted with the given \fBcertname\fR, then the operation will fail\.
 .
 .TP
+generate_request
+Generate a certificate signing request (CSR)\. If a private and public key pair already exist, they will be used to generate the CSR\. Otherwise a new key pair will be generated\.
+.
+.TP
 download_cert
 Download a certificate for this host\. If the current private key matches the downloaded certificate, then the certificate will be saved and used for subsequent requests\. If there is already an existing certificate, it will be overwritten\.
 .

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.25\.0
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.27\.0

data/spec/integration/application/apply_spec.rb

@@ -755,5 +755,19 @@ class amod::bad_type {
         .and output(/Notify\[runs before file\]/).to_stdout
         .and output(/Validation of File.* failed: You cannot specify more than one of content, source, target/).to_stderr
     end
+
+    it "applies deferred sensitive file content" do
+      manifest = <<~END
+      file { '#{deferred_file}':
+        ensure => file,
+        content => Deferred('new', [Sensitive, "hello\n"])
+      }
+      END
+      apply.command_line.args = ['-e', manifest]
+      expect {
+        apply.run
+      }.to exit_with(0)
+        .and output(/ensure: changed \[redacted\] to \[redacted\]/).to_stdout
+    end
   end
 end

data/spec/integration/http/client_spec.rb

@@ -175,6 +175,22 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
     end
   end
 
+  context 'ensure that retrying does not attempt to read the body after closing the connection' do
+    let(:client) { Puppet::HTTP::Client.new(retry_limit: 1) }
+    it 'raises a retry error instead' do
+      response_proc = -> (req, res) {
+        res['Retry-After'] = 1
+        res.status = 503
+      }
+
+      https_server.start_server(response_proc: response_proc) do |port|
+        uri = URI("https://127.0.0.1:#{port}")
+        kwargs = {headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: root_context}}
+        expect{client.post(uri, '', **kwargs)}.to raise_error(Puppet::HTTP::TooManyRetryAfters)
+      end
+    end
+  end
+
   context 'persistent connections' do
     it "detects when the server has closed the connection and reconnects" do
       Puppet[:http_debug] = true

data/spec/integration/type/exec_spec.rb

@@ -75,6 +75,19 @@ describe Puppet::Type.type(:exec), unless: Puppet::Util::Platform.jruby? do
     end
   end
 
+  context 'when an exec sends an EOF' do
+    let(:command) { ["/bin/bash", "-c", "exec /bin/sleep 1 >/dev/null 2>&1"] }
+
+    it 'should not take significant user time' do
+      exec = described_class.new :command => command, :path => ENV['PATH']
+      catalog.add_resource exec
+      timed_apply = Benchmark.measure { catalog.apply }
+      # In testing I found the user time before the patch in 4f35fd262e to be above
+      # 0.3, after the patch it was consistently below 0.1 seconds.
+      expect(timed_apply.utime).to be < 0.3
+    end
+  end
+
   context 'when command is a string' do
     let(:command) { "ruby -e 'File.open(\"#{path}\", \"w\") { |f| f.print \"foo\" }'" }
 

data/spec/unit/application/ssl_spec.rb

@@ -171,6 +171,50 @@ describe Puppet::Application::Ssl, unless: Puppet::Util::Platform.jruby? do
     end
   end
 
+  context 'when generating a CSR' do
+    let(:csr_path) { Puppet[:hostcsr] }
+    let(:requestdir) { Puppet[:requestdir] }
+
+    before do
+      ssl.command_line.args << 'generate_request'
+    end
+
+    it 'generates an RSA private key' do
+      File.unlink(Puppet[:hostprivkey])
+
+      expects_command_to_pass(%r{Generated certificate request in '#{csr_path}'})
+    end
+
+    it 'generates an EC private key' do
+      Puppet[:key_type] = 'ec'
+      File.unlink(Puppet[:hostprivkey])
+
+      expects_command_to_pass(%r{Generated certificate request in '#{csr_path}'})
+    end
+
+    it 'registers OIDs' do
+      expect(Puppet::SSL::Oids).to receive(:register_puppet_oids)
+
+      expects_command_to_pass(%r{Generated certificate request in '#{csr_path}'})
+    end
+
+    it 'saves the CSR locally' do
+      expects_command_to_pass(%r{Generated certificate request in '#{csr_path}'})
+
+      expect(Puppet::FileSystem).to be_exist(csr_path)
+    end
+
+    it 'accepts dns alt names' do
+      Puppet[:dns_alt_names] = 'majortom'
+
+      expects_command_to_pass
+
+      csr = Puppet::SSL::CertificateRequest.new(name)
+      csr.read(csr_path)
+      expect(csr.subject_alt_names).to include('DNS:majortom')
+    end
+  end
+
   context 'when downloading a certificate' do
     before do
       ssl.command_line.args << 'download_cert'
@@ -347,6 +391,11 @@ describe Puppet::Application::Ssl, unless: Puppet::Util::Platform.jruby? do
       expects_command_to_fail(%r{Failed to connect to the CA to determine if certificate #{name} has been cleaned})
     end
 
+    it 'raises if we have extra args' do
+      ssl.command_line.args << 'hostname.example.biz'
+      expects_command_to_fail(/Extra arguments detected: hostname.example.biz/)
+    end
+
     context 'when deleting local CA' do
       before do
         ssl.command_line.args << '--localca'

data/spec/unit/defaults_spec.rb

@@ -3,46 +3,8 @@ require 'puppet/settings'
 
 describe "Defaults" do
   describe ".default_diffargs" do
-    describe "on AIX" do
-      before(:each) do
-        allow(Facter).to receive(:value).with(:kernel).and_return("AIX")
-      end
-
-      describe "on 5.3" do
-        before(:each) do
-          allow(Facter).to receive(:value).with(:kernelmajversion).and_return("5300")
-        end
-
-        it "should be empty" do
-          expect(Puppet.default_diffargs).to eq("")
-        end
-      end
-
-      [ "",
-        nil,
-        "6300",
-        "7300",
-      ].each do |kernel_version|
-        describe "on kernel version #{kernel_version.inspect}" do
-          before(:each) do
-            allow(Facter).to receive(:value).with(:kernelmajversion).and_return(kernel_version)
-          end
-
-          it "should be '-u'" do
-            expect(Puppet.default_diffargs).to eq("-u")
-          end
-        end
-      end
-    end
-
-    describe "on everything else" do
-      before(:each) do
-        allow(Facter).to receive(:value).with(:kernel).and_return("NOT_AIX")
-      end
-
-      it "should be '-u'" do
-        expect(Puppet.default_diffargs).to eq("-u")
-      end
+    it "should be '-u'" do
+      expect(Puppet.default_diffargs).to eq("-u")
     end
   end
 

data/spec/unit/file_system/path_pattern_spec.rb

@@ -1,6 +1,7 @@
 require 'spec_helper'
 require 'puppet_spec/files'
 require 'puppet/file_system'
+require 'puppet/util'
 
 describe Puppet::FileSystem::PathPattern do
   include PuppetSpec::Files
@@ -132,6 +133,20 @@ describe Puppet::FileSystem::PathPattern do
                                          File.join(dir, "found_two")])
   end
 
+  it 'globs wildcard patterns properly' do
+    # See PUP-11788 and https://github.com/jruby/jruby/issues/7836.
+    pending 'JRuby does not properly handle Dir.glob' if Puppet::Util::Platform.jruby?
+
+    dir = tmpdir('globtest')
+    create_file_in(dir, 'foo.pp')
+    create_file_in(dir, 'foo.pp.pp')
+
+    pattern = Puppet::FileSystem::PathPattern.absolute(File.join(dir, '**/*.pp'))
+
+    expect(pattern.glob).to match_array([File.join(dir, 'foo.pp'),
+                                         File.join(dir, 'foo.pp.pp')])
+  end
+
   def create_file_in(dir, name)
     File.open(File.join(dir, name), "w") { |f| f.puts "data" }
   end

data/spec/unit/functions/split_spec.rb

@@ -50,4 +50,10 @@ describe 'the split function' do
   it 'should handle pattern in Regexp Type form with missing regular expression' do
     expect(split('ab',type_parser.parse('Regexp'))).to eql(['a', 'b'])
   end
+
+  it 'should handle sensitive String' do
+    expect(split(Puppet::Pops::Types::PSensitiveType::Sensitive.new('a,b'), ',')).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
+    expect(split(Puppet::Pops::Types::PSensitiveType::Sensitive.new('a,b'), /,/)).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
+    expect(split(Puppet::Pops::Types::PSensitiveType::Sensitive.new('a,b'), type_parser.parse('Regexp[/,/]'))).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
+  end
 end

data/spec/unit/ssl/certificate_signer_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe Puppet::SSL::CertificateSigner do
+  include PuppetSpec::Files
+
+  let(:wrong_key) { OpenSSL::PKey::RSA.new(512) }
+  let(:client_cert) { cert_fixture('signed.pem') }
+
+  # jruby-openssl >= 0.13.0 (JRuby >= 9.3.5.0) raises an error when signing a
+  # certificate when there is a discrepancy between the certificate and key.
+  it 'raises if client cert signature is invalid', if: Puppet::Util::Platform.jruby? && RUBY_VERSION.to_f >= 2.6 do
+    expect {
+      client_cert.sign(wrong_key, OpenSSL::Digest::SHA256.new)
+    }.to raise_error(OpenSSL::X509::CertificateError,
+                     'invalid public key data')
+  end
+end

data/spec/unit/ssl/ssl_provider_spec.rb

@@ -298,7 +298,7 @@ describe Puppet::SSL::SSLProvider do
       ).to eq(['CN=signed', 'CN=Test CA Subauthority', 'CN=Test CA'])
     end
 
-    it 'raises if client cert signature is invalid' do
+    it 'raises if client cert signature is invalid', unless: Puppet::Util::Platform.jruby? && RUBY_VERSION.to_f >= 2.6 do
       client_cert.sign(wrong_key, OpenSSL::Digest::SHA256.new)
       expect {
         subject.create_context(**config.merge(client_cert: client_cert))
@@ -337,7 +337,7 @@ describe Puppet::SSL::SSLProvider do
       end
     end
 
-    it 'raises if intermediate CA signature is invalid' do
+    it 'raises if intermediate CA signature is invalid', unless: Puppet::Util::Platform.jruby? && RUBY_VERSION.to_f >= 2.6 do
       int = global_cacerts.last
       int.sign(wrong_key, OpenSSL::Digest::SHA256.new)
 

data/spec/unit/util/execution_spec.rb

@@ -29,6 +29,7 @@ describe Puppet::Util::Execution, if: !Puppet::Util::Platform.jruby? do
         allow(FFI::WIN32).to receive(:CloseHandle).with(thread_handle)
       else
         allow(Process).to receive(:waitpid2).with(pid, Process::WNOHANG).and_return(nil, [pid, double('child_status', :exitstatus => exitstatus)])
+        allow(Process).to receive(:waitpid2).with(pid, 0).and_return(nil, [pid, double('child_status', :exitstatus => exitstatus)])
         allow(Process).to receive(:waitpid2).with(pid).and_return([pid, double('child_status', :exitstatus => exitstatus)])
       end
     end

data/spec/unit/util/windows/adsi_spec.rb

@@ -95,6 +95,31 @@ describe Puppet::Util::Windows::ADSI, :if => Puppet::Util::Platform.windows? do
     end
   end
 
+  describe '.get_sids' do
+    it 'returns an array of SIDs given two an array of ADSI children' do
+      child1 = double('child1', name: 'Administrator', sid: 'S-1-5-21-3882680660-671291151-3888264257-500')
+      child2 = double('child2', name: 'Guest', sid: 'S-1-5-21-3882680660-671291151-3888264257-501')
+      allow(Puppet::Util::Windows::SID).to receive(:ads_to_principal).with(child1).and_return('Administrator')
+      allow(Puppet::Util::Windows::SID).to receive(:ads_to_principal).with(child2).and_return('Guest')
+      sids = Puppet::Util::Windows::ADSI::ADSIObject.get_sids([child1, child2])
+      expect(sids).to eq(['Administrator', 'Guest'])
+    end
+
+    it 'returns an array of SIDs given an ADSI child and ads_to_principal returning domain failure' do
+      child = double('child1', name: 'Administrator', sid: 'S-1-5-21-3882680660-671291151-3888264257-500')
+      allow(Puppet::Util::Windows::SID).to receive(:ads_to_principal).with(child).and_raise(Puppet::Util::Windows::Error.new('', Puppet::Util::Windows::SID::ERROR_TRUSTED_DOMAIN_FAILURE))
+      sids = Puppet::Util::Windows::ADSI::ADSIObject.get_sids([child])
+      expect(sids[0]).to eq(Puppet::Util::Windows::SID::Principal.new(child.name, child.sid, child.name, nil, :SidTypeUnknown))
+    end
+
+    it 'returns an array of SIDs given an ADSI child and ads_to_principal returning relationship failure' do
+      child = double('child1', name: 'Administrator', sid: 'S-1-5-21-3882680660-671291151-3888264257-500')
+      allow(Puppet::Util::Windows::SID).to receive(:ads_to_principal).with(child).and_raise(Puppet::Util::Windows::Error.new('', Puppet::Util::Windows::SID::ERROR_TRUSTED_RELATIONSHIP_FAILURE))
+      sids = Puppet::Util::Windows::ADSI::ADSIObject.get_sids([child])
+      expect(sids[0]).to eq(Puppet::Util::Windows::SID::Principal.new(child.name, child.sid, child.name, nil, :SidTypeUnknown))
+    end
+  end
+
   describe Puppet::Util::Windows::ADSI::User do
     let(:username)  { 'testuser' }
     let(:domain)    { 'DOMAIN' }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 7.25.0
+  version: 7.27.0
 platform: x86-mingw32
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-06-13 00:00:00.000000000 Z
+date: 2023-10-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -172,22 +172,16 @@ dependencies:
   name: ffi
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
-      - !ruby/object:Gem::Version
-        version: 1.9.24
-    - - "<"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '2'
+        version: 1.15.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
-      - !ruby/object:Gem::Version
-        version: 1.9.24
-    - - "<"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '2'
+        version: 1.15.5
 - !ruby/object:Gem::Dependency
   name: minitar
   requirement: !ruby/object:Gem::Requirement
@@ -2413,6 +2407,7 @@ files:
 - spec/unit/ssl/base_spec.rb
 - spec/unit/ssl/certificate_request_attributes_spec.rb
 - spec/unit/ssl/certificate_request_spec.rb
+- spec/unit/ssl/certificate_signer_spec.rb
 - spec/unit/ssl/certificate_spec.rb
 - spec/unit/ssl/digest_spec.rb
 - spec/unit/ssl/oids_spec.rb
@@ -2575,7 +2570,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.4.12
+rubygems_version: 3.4.20
 signing_key: 
 specification_version: 4
 summary: Puppet, an automated configuration management tool
@@ -3676,6 +3671,7 @@ test_files:
 - spec/unit/ssl/base_spec.rb
 - spec/unit/ssl/certificate_request_attributes_spec.rb
 - spec/unit/ssl/certificate_request_spec.rb
+- spec/unit/ssl/certificate_signer_spec.rb
 - spec/unit/ssl/certificate_spec.rb
 - spec/unit/ssl/digest_spec.rb
 - spec/unit/ssl/oids_spec.rb