From ff697eac4d79e626be57f32bcdc7a2610ce4db9a Mon Sep 17 00:00:00 2001
From: Beni Cherniavsky-Paskin <cben@redhat.com>
Date: Wed, 11 May 2022 13:21:03 +0300
Subject: [PATCH] Bump kubeclient >= 4.9.3 to avoid Kubeclient::Config
 vulnerability

4.9.3 fixed [CVE-2022-0759 in `Kubeclient::Config`](https://github.com/ManageIQ/kubeclient/issues/554), which I see you do use, at least in `create_client_from_config`.
Current "~> 4.3" range already allows 4.9.x but safer to force it as minimum.
---
 fog-kubevirt.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fog-kubevirt.gemspec b/fog-kubevirt.gemspec
index 18cc3b8..4cfaf8f 100644
--- a/fog-kubevirt.gemspec
+++ b/fog-kubevirt.gemspec
@@ -32,5 +32,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "webmock", "~> 3.5"
 
   spec.add_dependency("fog-core", "~> 2.1")
-  spec.add_dependency("kubeclient", "~> 4.3")
+  spec.add_dependency("kubeclient", ">= 4.9.3", "< 5.0.0")
 end