Skip to content

Update vulnerable Ruby gems#749

Merged
iangmaia merged 1 commit into
trunkfrom
iangmaia/security-rubygems-2026-07
Jul 1, 2026
Merged

Update vulnerable Ruby gems#749
iangmaia merged 1 commit into
trunkfrom
iangmaia/security-rubygems-2026-07

Conversation

@iangmaia

@iangmaia iangmaia commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Update Faraday from 1.10.5 to 1.10.6
  • Update Nokogiri from 1.19.3 to 1.19.4
  • Raise the declared minimum versions so future bundle updates do not reintroduce the vulnerable versions

@iangmaia iangmaia requested a review from a team as a code owner July 1, 2026 12:41
Copilot AI review requested due to automatic review settings July 1, 2026 12:41
@iangmaia iangmaia force-pushed the iangmaia/security-rubygems-2026-07 branch from 043f942 to e59e9db Compare July 1, 2026 12:43

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates dependency floors/locks to address known vulnerabilities and prevent Bundler from resolving back to affected versions in this fastlane plugin’s Ruby dependency set.

Changes:

  • Bump Faraday from 1.10.5 to 1.10.6 and raise the minimum constraint accordingly.
  • Bump Nokogiri from 1.19.3 to 1.19.4 and raise the gemspec minimum constraint accordingly.
  • Regenerate/update Gemfile.lock to reflect the new resolved versions and dependency requirements.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File Description
Gemfile.lock Updates locked/resolved versions and dependency floors for Faraday and Nokogiri.
Gemfile Raises the minimum Faraday version requirement to >= 1.10.6.
fastlane-plugin-wpmreleasetoolkit.gemspec Raises the minimum Nokogiri runtime dependency to >= 1.19.4.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Gemfile

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 4 changed files in this pull request and generated no new comments.

@iangmaia iangmaia force-pushed the iangmaia/security-rubygems-2026-07 branch from e59e9db to 0a194dc Compare July 1, 2026 14:36
@iangmaia iangmaia merged commit f62d68e into trunk Jul 1, 2026
6 checks passed
@iangmaia iangmaia deleted the iangmaia/security-rubygems-2026-07 branch July 1, 2026 16:54
Copilot AI mentioned this pull request Jul 2, 2026
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants