GHSA SYNC: Updated 2 fields in 1 existing advisory + 1 brand new advisory

gems/measured/GHSA-29g5-m8v7-v564.yml

@@ -0,0 +1,25 @@
+---
+gem: measured
+ghsa: 29g5-m8v7-v564
+url: https://github.com/Shopify/measured/security/advisories/GHSA-29g5-m8v7-v564
+title: Measured is vulnerable to Path Traversal attacks during
+  class initialization
+date: 2025-07-15
+description: |
+  ### Impact
+
+  A path traversal vulnerability exists where an attacker
+  with access to manipulate inputs when initializing the
+  `Measured::Cache::Json class` would be able to instruct
+  the library to read arbitrary files.
+
+  ### Patches
+
+  Users should update to the latest version.
+patched_versions:
+  - ">= 3.2.1"
+related:
+  url:
+    - https://github.com/Shopify/measured/security/advisories/GHSA-29g5-m8v7-v564
+    - https://github.com/Shopify/measured/commit/d6319985a2304d97c085e3dc45c98af554f4be76
+    - https://github.com/advisories/GHSA-29g5-m8v7-v564

gems/resolv/CVE-2025-24294.yml

@@ -1,6 +1,7 @@
 ---
 gem: resolv
 cve: 2025-24294
+ghsa: xh69-987w-hrp8
 url: https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294
 title: Possible Denial of Service in resolv gem
 date: 2025-07-09
@@ -35,6 +36,7 @@ description: |
 
   ## History
   Originally published at 2025-07-08 07:00:00 (UTC)
+cvss_v3: 5.3
 patched_versions:
   - "~> 0.2.2"
   - "~> 0.3.0"