Update faraday gem version constraint in Gemfile and Gemfile.lock to prevent upgrades beyond 3.0, addressing CVE-2026-25765 (SSRF vulnerability).

vswamidass-sfdc · vswamidass-sfdc · commit 15cd3643227e · 2026-02-18T12:22:03.000-08:00
diff --git a/Gemfile b/Gemfile
@@ -92,7 +92,7 @@ gem 'dotenv-rails', groups: %i[development test]
 gem 'httparty', '>= 0.24.0'
 
 # Security: Fix CVE-2026-25765 (SSRF vulnerability)
-gem 'faraday', '>= 2.14.1'
+gem 'faraday', '>= 2.14.1', '< 3.0'
 
 # Markdown renderer
 gem 'redcarpet'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -136,7 +136,7 @@ GEM
       railties (>= 6.1.0)
     faker (3.5.2)
       i18n (>= 1.8.11, < 2)
-    faraday (2.13.2)
+    faraday (2.14.1)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
@@ -550,6 +550,7 @@ DEPENDENCIES
   dotenv-rails
   factory_bot_rails
   faker
+  faraday (>= 2.14.1, < 3.0)
   google-api-client
   googleauth
   httparty (>= 0.24.0)
