Skip to content

Update activesupport to fix security vulnerabilities#25450

Merged
iangmaia merged 1 commit intotrunkfrom
iangmaia/update-activesupport-security-fix
Mar 25, 2026
Merged

Update activesupport to fix security vulnerabilities#25450
iangmaia merged 1 commit intotrunkfrom
iangmaia/update-activesupport-security-fix

Conversation

@iangmaia
Copy link
Copy Markdown
Contributor

@iangmaia iangmaia commented Mar 25, 2026

Summary

  • Updates activesupport gem to fix three security vulnerabilities published on 2026-03-23
  • GHSA-cg4j-q9v8-6v38: ReDoS vulnerability in number_to_delimited (NumberToDelimitedConverter used a regex with gsub! causing quadratic time complexity)
  • GHSA-89vf-4333-qx8v: XSS vulnerability in SafeBuffer#%
  • GHSA-2j26-frm8-cmj9: DoS vulnerability in number helpers

Test plan

  • Verify CI passes
  • Confirm activesupport version in Gemfile.lock is patched (>= 8.1.2.1 for 8.1.x, >= 8.0.4.1 for 8.0.x, >= 7.2.3.1 for 7.x)

🤖 Generated with Claude Code

@iangmaia @claude
Update activesupport to fix security vulnerabilities
dd68234 
Addresses three activesupport security advisories:
- GHSA-cg4j-q9v8-6v38: ReDoS vulnerability in number_to_delimited
- GHSA-89vf-4333-qx8v: XSS vulnerability in SafeBuffer#%
- GHSA-2j26-frm8-cmj9: DoS vulnerability in number helpers

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 25, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@wpmobilebot
Copy link
Copy Markdown
Contributor

wpmobilebot commented Mar 25, 2026

🤖 Build Failure Analysis

This build has failures. Claude has analyzed them - check the build annotations for details.

@iangmaia iangmaia self-assigned this Mar 25, 2026
@iangmaia iangmaia added the dependencies Pull requests that update a dependency file label Mar 25, 2026
@iangmaia iangmaia added this to the 26.9 milestone Mar 25, 2026
@iangmaia iangmaia added this pull request to the merge queue Mar 25, 2026
Merged via the queue into trunk with commit 8d1ad3f Mar 25, 2026
30 checks passed
@iangmaia iangmaia deleted the iangmaia/update-activesupport-security-fix branch March 25, 2026 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AliSoftware AliSoftware AliSoftware approved these changes

@mokagio mokagio Awaiting requested review from mokagio

@twstokes twstokes Awaiting requested review from twstokes

Assignees

@iangmaia iangmaia

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

26.9

Development

Successfully merging this pull request may close these issues.

3 participants

@iangmaia @wpmobilebot @AliSoftware