Update components and remove PDK runtime

This removes the PDK runtime project and components that were only used for it, since we intend to replace the PDK.

Many of these component updates aren't strictly required, but doing so to stay as up to date as possible. Ones with CVE fixes are noted.
Also, removed some versioning logic where the old version is no longer used, or in some cases added logic to ensure
the most up-to-date components are used for OpenVox 8 when those version don't support Ruby 2.7 in OpenVox 7.

For OpenVox (and some for Bolt):
* Ruby 3.2.9
  - This was actually done in a previous PR. Noting here that it
    addresses CVE-2025-24294 and CVE-2025-43857.
* curl 8.15.0
* libffi 3.5.2
* libxml2 2.14.5
* openssl 3.0.17
* ruby-shadown 2.5.1
* rubygem-concurrent-ruby 1.3.5
* rubygem-fast_gettext 4.1.0 for OpenVox 8, 2.4.0 for OpenVox 7
* rubygem-gettext 3.5.1
* rubygem-hiera-eyaml 4.3.0
* rubygem-highline 3.1.2
* rubygem-mini_portile2 2.8.9
* rubygem-multi_json 1.17.0 for OpenVox 8
* rubygem-net-ssh 7.3.0
* rubygem-nokogiri 1.18.9
  - Default libxml2 embedded in the gem contained CVE-2025-32414, CVE-2025-32415, CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, CVE-2025-49796
  - However, we compile nokogiri against our own version of libxml2 which did not have these issues. Still, updating to avoid popping scanners.
* rubygem-openfact 5.1.0
* rubygem-prime 0.1.4
* rubygem-sys-filesystem 1.5.3 (except for Solaris, which we are not building right now, but has to stay at 1.4.5)
* rubygem-thor 1.4.0
* virt-what 1.27

For Bolt:
* rubygem-aws-eventstream 1.4.0
* rubygem-aws-partitions 1.1154.0
* rubygem-aws-sdk-core 3.232.0
* rubygem-aws-sdk-ec2 1.555.0
* rubygem-aws-sigv4 1.12.1
* rubygem-bindata 2.5.1
* rubygem-colored2 4.0.3
* rubygem-ed25519 1.4.0
* rubygem-faraday-em_http 2.0.1
* rubygem-faraday-em_synchrony 1.0.1
* rubygem-faraday-excon 2.3.0
* rubygem-faraday-httpclient 2.0.2
* rubygem-faraday-multipart 1.1.1
* rubygem-faraday-net_http_persistent 2.3.1
* rubygem-faraday-net_http 3.4.1
* rubygem-faraday-patron 2.0.2
* rubygem-faraday-rack 2.1.3
* rubygem-faraday-retry 2.3.2
* rubygem-faraday 2.13.4
* rubygem-gettext-setup 1.1.0
* rubygem-httpclient 2.9.0
* rubygem-net-http-persistent 4.0.6
* rubygem-net-scp 4.1.0
* rubygem-public_suffix 6.0.2
* rubygem-puppet-resource_api 2.0.0
* rubygem-puppet-strings 5.0.0
* rubygem-puppet 8.10.0 (to be replaced with the OpenVox gem soon)
* rubygem-r10k 5.0.2
* rubygem-rgen 0.10.2
* rubygem-rubyzip 2.4.1
* rubygem-terminal-table 4.0.0
* rubygem-unicode-display_width 3.1.4
* rubygem-webrick 1.9.1
* rubygem-yard 0.9.37

Author: nmburgan

configs/components/ansicon.rb

@@ -2,7 +2,6 @@
 # Component release information: https://github.com/hercules-team/augeas/releases
 #####
 component 'augeas' do |pkg, settings, platform|
-  # Projects may define an :augeas_version setting, or we use 1.8.1 by default:
   version = settings[:augeas_version] || '1.14.1'
   pkg.version version
 

configs/components/augeas.rb

@@ -1,19 +1,16 @@
 #####
 # Component release information: https://github.com/curl/curl/releases
-# Notes:
-#   2025-07-23: The latest is 8.15.0, but it contains no security fixes or
-#   relevant improvements for us, so waiting to update until we need to.
 #####
 component 'curl' do |pkg, settings, platform|
   # Projects may define a :curl_version setting
-  version = settings[:curl_version] || '8.14.1'
+  version = settings[:curl_version] || '8.15.0'
   pkg.version version
 
   case version
   when '7.88.1'
     pkg.sha256sum 'cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7'
-  when '8.14.1'
-    pkg.sha256sum '6766ada7101d292b42b8b15681120acd68effa4a9660935853cf6d61f0d984d4'
+  when '8.15.0'
+    pkg.sha256sum 'd85cfc79dc505ff800cb1d321a320183035011fa08cb301356425d86be8fc53c'
   else
     raise "curl version #{version} has not been configured; Cannot continue."
   end

configs/components/curl.rb

@@ -2,8 +2,8 @@
 # Component release information: https://github.com/libffi/libffi/releases
 #####
 component 'libffi' do |pkg, settings, platform|
-  pkg.version '3.4.8'
-  pkg.sha256sum 'bc9842a18898bfacb0ed1252c4febcc7e78fa139fd27fdc7a3e30d9d9356119b'
+  pkg.version '3.5.2'
+  pkg.sha256sum 'f3a3082a23b37c293a4fcd1053147b371f2ff91fa7ea1b2a52e335676bac82dc'
   pkg.url "https://github.com/libffi/libffi/releases/download/v#{pkg.get_version}/#{pkg.get_name}-#{pkg.get_version}.tar.gz"
   pkg.mirror "#{settings[:buildsources_url]}/#{pkg.get_name}-#{pkg.get_version}.tar.gz"
 

configs/components/git.rb

@@ -4,8 +4,8 @@
 #   https://github.com/GNOME/libxml2/tags
 #####
 component "libxml2" do |pkg, settings, platform|
-  pkg.version '2.13.8'
-  pkg.sha256sum '277294cb33119ab71b2bc81f2f445e9bc9435b893ad15bb2cd2b0e859a0ee84a'
+  pkg.version '2.14.5'
+  pkg.sha256sum '03d006f3537616833c16c53addcdc32a0eb20e55443cba4038307e3fa7d8d44b'
 
   libxml2_version_y = pkg.get_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1.\2')
   pkg.url "https://download.gnome.org/sources/libxml2/#{libxml2_version_y}/libxml2-#{pkg.get_version}.tar.xz"

configs/components/libffi.rb

@@ -6,8 +6,8 @@
 #   need to move to the 3.5.x LTS stream in the next year.
 #####
 component 'openssl' do |pkg, settings, platform|
-  pkg.version '3.0.16'
-  pkg.sha256sum '57e03c50feab5d31b152af2b764f10379aecd8ee92f16c985983ce4a99f7ef86'
+  pkg.version '3.0.17'
+  pkg.sha256sum 'dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce'
   pkg.url "https://github.com/openssl/openssl/releases/download/openssl-#{pkg.get_version}/openssl-#{pkg.get_version}.tar.gz"
   pkg.mirror "#{settings[:buildsources_url]}/openssl-#{pkg.get_version}.tar.gz"
 

configs/components/libxml2.rb

@@ -5,7 +5,7 @@
 #####
 component "ruby-shadow" do |pkg, settings, platform|
   pkg.url "https://github.com/apalmblad/ruby-shadow"
-  pkg.ref "refs/tags/2.5.0"
+  pkg.ref "refs/tags/2.5.1"
 
   pkg.build_requires "ruby-#{settings[:ruby_version]}"
   if !platform.is_cross_compiled? && platform.architecture == 'sparc'