Skip to content

update_insecure_gems_replace_unmaintained_gems#10

Open
btihen wants to merge 3 commits into
LAS-IT:masterfrom
btihen:update_insecure_gems_replace_unmaintained_gems
Open

update_insecure_gems_replace_unmaintained_gems#10
btihen wants to merge 3 commits into
LAS-IT:masterfrom
btihen:update_insecure_gems_replace_unmaintained_gems

Conversation

@btihen

@btihen btihen commented Jun 12, 2026

Copy link
Copy Markdown
Collaborator

Security updates

❯ bundler-audit --update
Updated ruby-advisory-db
ruby-advisory-db:
  advisories:	1142 advisories
  last updated:	2026-06-09 16:44:42 -0400
  commit:	5887ac7a01c31456220218e5858d2455ce9fddaf

Name: addressable
Version: 2.8.1
CVE: CVE-2026-35611
GHSA: GHSA-h27x-rffw-24p4
Criticality: High
URL: https://github.com/sporkmonger/addressable/security/advisories/GHSA-h27x-rffw-24p4
Title: Addressable has a Regular Expression Denial of Service in Addressable templates
Solution: update to '>= 2.9.0'

Name: faraday
Version: 2.14.1
CVE: CVE-2026-33637
GHSA: GHSA-5rv5-xj5j-3484
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2026-33637
Title: Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2 - protocol-relative URI objects still bypass host scoping
Solution: update to '>= 2.14.2'

Name: jwt
Version: 3.1.2
CVE: CVE-2026-45363
GHSA: GHSA-c32j-vqhx-rx3x
Criticality: High
URL: https://www.cve.org/CVERecord?id=CVE-2026-45363
Title: ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351
Solution: update to '~> 2.10.3', '>= 3.2.0'

Name: rexml
Version: 3.2.5
CVE: CVE-2024-35176
GHSA: GHSA-vg3r-rm7w-2xgh
Criticality: Medium
URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
Title: REXML contains a denial of service vulnerability
Solution: update to '>= 3.2.7'

Name: rexml
Version: 3.2.5
CVE: CVE-2024-39908
GHSA: GHSA-4xqq-m2hx-25v8
Criticality: Medium
URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
Title: DoS in REXML
Solution: update to '>= 3.3.2'

Name: rexml
Version: 3.2.5
CVE: CVE-2024-41123
GHSA: GHSA-r55c-59qm-vjw6
Criticality: Medium
URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
Title: DoS vulnerabilities in REXML
Solution: update to '>= 3.3.3'

Name: rexml
Version: 3.2.5
CVE: CVE-2024-41946
GHSA: GHSA-5866-49gr-22v4
Criticality: Medium
URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
Title: DoS vulnerabilities in REXML
Solution: update to '>= 3.3.3'

Name: rexml
Version: 3.2.5
CVE: CVE-2024-43398
GHSA: GHSA-vmwr-mc7x-5vc3
Criticality: Medium
URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
Title: REXML denial of service vulnerability
Solution: update to '>= 3.3.6'

Name: rexml
Version: 3.2.5
CVE: CVE-2024-49761
GHSA: GHSA-2rxp-v6pw-ch6m
Criticality: High
URL: https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
Title: REXML ReDoS vulnerability
Solution: update to '>= 3.3.9'

Vulnerabilities found!

Replace Codacy-Coverage with simplecov. Codacy-Coverage is no longer maintained and doesn't support Ruby 4.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@btihen