From 77429d5825d6675fea2adb3dcb6d90d54455debe Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sun, 6 Oct 2024 16:59:35 +1100 Subject: [PATCH 1/3] Bump puma from 5.6.8 to 5.6.9 --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 47c74e6f2..b2032de6d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -525,7 +525,7 @@ GEM binding_of_caller (>= 0.7) pry (>= 0.9.11) public_suffix (5.0.4) - puma (5.6.8) + puma (5.6.9) nio4r (~> 2.0) pyu-ruby-sasl (0.0.3.3) racc (1.8.0) From c9c99a61eba768b846bb60980a4db5f68a764862 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sun, 6 Oct 2024 17:00:36 +1100 Subject: [PATCH 2/3] Bump rexml from 3.3.4 to 3.3.8 --- Gemfile.lock | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index b2032de6d..972fb73ab 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -566,8 +566,7 @@ GEM http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) - rexml (3.3.4) - strscan + rexml (3.3.8) rollbar (2.27.1) rollbar-user_informer (0.1.0) rollbar (~> 2.15) @@ -638,7 +637,6 @@ GEM sqlite3 (1.6.9-x86_64-darwin) sqlite3 (1.6.9-x86_64-linux) stackprof (0.2.12) - strscan (3.1.0) terminal-table (1.8.0) unicode-display_width (~> 1.1, >= 1.1.1) thor (1.3.1) From 0d9b6ea10a78e41993b3179b35c7bf493d2885c7 Mon Sep 17 00:00:00 2001 From: Orien Madgwick <497874+orien@users.noreply.github.com> Date: Sun, 6 Oct 2024 17:08:42 +1100 Subject: [PATCH 3/3] Ignore CVE-2024-6484 until a patch is available --- .bundler-audit.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .bundler-audit.yml diff --git a/.bundler-audit.yml b/.bundler-audit.yml new file mode 100644 index 000000000..1aeeca7e4 --- /dev/null +++ b/.bundler-audit.yml @@ -0,0 +1,2 @@ +ignore: + - CVE-2024-6484 # ignore until a patch is available https://github.com/advisories/GHSA-9mvj-f7w8-pvh2