Skip to content

Bump concurrent-ruby for CVE-2026-54904#751

Merged
mokagio merged 2 commits into
trunkfrom
iangmaia/fix-concurrent-ruby-dependabot-64
Jul 2, 2026
Merged

Bump concurrent-ruby for CVE-2026-54904#751
mokagio merged 2 commits into
trunkfrom
iangmaia/fix-concurrent-ruby-dependabot-64

Conversation

@iangmaia

@iangmaia iangmaia commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

What does it do?

Bumps concurrent-ruby from 1.3.6 to 1.3.7 in Gemfile.lock to address Dependabot alert for CVE-2026-54904 / GHSA-h8w8-99g7-qmvj.

Checklist before requesting a review

  • Run bundle exec rubocop to test for code style violations and recommendations.
  • Add Unit Tests (aka specs/*_spec.rb) if applicable.
  • Run bundle exec rspec to run the whole test suite and ensure all your tests pass.
  • Make sure you added an entry in the CHANGELOG.md file to describe your changes under the appropriate existing ### subsection of the existing ## Trunk section.
  • If applicable, add an entry in the MIGRATION.md file to describe how the changes will affect the migration from the previous major version and what the clients will need to change and consider.

@iangmaia iangmaia requested a review from a team as a code owner July 2, 2026 09:28
Copilot AI review requested due to automatic review settings July 2, 2026 09:28

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the Ruby dependency lockfile to address a security advisory by bumping concurrent-ruby to 1.3.7, and documents the change in the Trunk changelog.

Changes:

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
Gemfile.lock Updates the resolved concurrent-ruby version to 1.3.7.
CHANGELOG.md Adds a Trunk bug-fix entry documenting the security bump.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread CHANGELOG.md Outdated
@mokagio mokagio enabled auto-merge July 2, 2026 09:34
@mokagio mokagio merged commit 88bfb27 into trunk Jul 2, 2026
6 checks passed
@mokagio mokagio deleted the iangmaia/fix-concurrent-ruby-dependabot-64 branch July 2, 2026 09:36
@iangmaia iangmaia self-assigned this Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants