Skip to content

Commit 0ca908c

Browse files
rz1989srz1989s
committed
fix(security): update rack 3.2.5 and nokogiri 1.19.1
Fixes 3 vulnerabilities flagged by bundler-audit: - rack CVE-2026-22860 (High): Directory traversal via Rack::Directory - rack GHSA-whrj-4476-wvmp (Medium): Stored XSS via javascript: filenames - nokogiri GHSA-wx95-c6cv-8532 (Medium): Unchecked xmlC14NExecute return
1 parent 428733d commit 0ca908c

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

Gemfile.lock

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -189,11 +189,11 @@ GEM
189189
net-protocol
190190
net-ssh (7.3.0)
191191
nio4r (2.7.5)
192-
nokogiri (1.19.0-aarch64-linux-gnu)
192+
nokogiri (1.19.1-aarch64-linux-gnu)
193193
racc (~> 1.4)
194-
nokogiri (1.19.0-arm64-darwin)
194+
nokogiri (1.19.1-arm64-darwin)
195195
racc (~> 1.4)
196-
nokogiri (1.19.0-x86_64-linux-gnu)
196+
nokogiri (1.19.1-x86_64-linux-gnu)
197197
racc (~> 1.4)
198198
ostruct (0.6.3)
199199
parallel (1.27.0)
@@ -219,7 +219,7 @@ GEM
219219
nio4r (~> 2.0)
220220
raabro (1.4.0)
221221
racc (1.8.1)
222-
rack (3.2.4)
222+
rack (3.2.5)
223223
rack-session (2.1.1)
224224
base64 (>= 0.1.0)
225225
rack (>= 3.0.0)
@@ -404,4 +404,4 @@ DEPENDENCIES
404404
web-console
405405

406406
BUNDLED WITH
407-
2.4.10
407+
4.0.7

0 commit comments

Comments
 (0)