From 8ec12d53e38132ee5f3942e3af103625147a9ea3 Mon Sep 17 00:00:00 2001
From: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Date: Tue, 14 Apr 2026 20:43:17 +0530
Subject: [PATCH] Upgrade `rubygem-addressable` to 2.9.0 for CVE-2026-35611
 (#16564)

Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
(cherry picked from commit e776e260f63c7f8129315bfe032ca6bc6ff7f447)
---
 .../rubygem-addressable.signatures.json                    | 2 +-
 SPECS/rubygem-addressable/rubygem-addressable.spec         | 7 +++++--
 cgmanifest.json                                            | 4 ++--
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/SPECS/rubygem-addressable/rubygem-addressable.signatures.json b/SPECS/rubygem-addressable/rubygem-addressable.signatures.json
index c45a3bb9218..c50b446e713 100644
--- a/SPECS/rubygem-addressable/rubygem-addressable.signatures.json
+++ b/SPECS/rubygem-addressable/rubygem-addressable.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "addressable-addressable-2.8.5.tar.gz": "a0dbf36525446ddefcd8753cec75787858de14dfac22aaf897ed0442e6cd318d"
+    "addressable-addressable-2.9.0.tar.gz": "686ef39b4f4eee9078aa3bf61221a8465ae66e4cea3126fabdb8a1166351ca0d"
   }
 }
diff --git a/SPECS/rubygem-addressable/rubygem-addressable.spec b/SPECS/rubygem-addressable/rubygem-addressable.spec
index dbec29e714c..f1672be498a 100644
--- a/SPECS/rubygem-addressable/rubygem-addressable.spec
+++ b/SPECS/rubygem-addressable/rubygem-addressable.spec
@@ -2,8 +2,8 @@
 %global gem_name addressable
 Summary:        an alternative implementation to the URI implementation that is part of Ruby's standard library
 Name:           rubygem-%{gem_name}
-Version:        2.8.5
-Release:        2%{?dist}
+Version:        2.9.0
+Release:        1%{?dist}
 License:        Apache 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -34,6 +34,9 @@ gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-
 %{gemdir}
 
 %changelog
+* Fri Apr 10 2026 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.9.0-1
+- Auto-upgrade to 2.9.0 - for CVE-2026-35611
+
 * Wed Apr 17 2024 Andrew Phelps <anphel@microsoft.com> - 2.8.5-2
 - Update runtime rubygem required version
 
diff --git a/cgmanifest.json b/cgmanifest.json
index e067ec3977e..371c45ef149 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -26594,8 +26594,8 @@
         "type": "other",
         "other": {
           "name": "rubygem-addressable",
-          "version": "2.8.5",
-          "downloadUrl": "https://github.com/sporkmonger/addressable/archive/refs/tags/addressable-2.8.5.tar.gz"
+          "version": "2.9.0",
+          "downloadUrl": "https://github.com/sporkmonger/addressable/archive/refs/tags/addressable-2.9.0.tar.gz"
         }
       }
     },