From c72cbea0f8dadffe5edbe34b01ff8a9f14fb34fc Mon Sep 17 00:00:00 2001 From: OMpawar-21 Date: Wed, 24 Jun 2026 15:13:50 +0530 Subject: [PATCH 1/2] fix: bump yard to 0.9.44 and concurrent-ruby to 1.3.7 for security patches Addresses Snyk-reported vulnerabilities: - SNYK-RUBY-YARD-17400355: Directory Traversal in yard@0.9.42 (fixed in 0.9.44) - SNYK-RUBY-CONCURRENTRUBY-17391432: Infinite loop in concurrent-ruby@1.3.6 (fixed in 1.3.7) - SNYK-RUBY-CONCURRENTRUBY-17391433: Improper Locking in concurrent-ruby@1.3.6 (fixed in 1.3.7) - SNYK-RUBY-CONCURRENTRUBY-17391434: Wrap-around Error in concurrent-ruby@1.3.6 (fixed in 1.3.7) --- Gemfile.lock | 8 ++++---- contentstack_utils.gemspec | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 934e413..ec5d687 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -25,7 +25,7 @@ GEM base64 (0.3.0) benchmark (0.5.0) bigdecimal (4.1.1) - concurrent-ruby (1.3.6) + concurrent-ruby (1.3.7) connection_pool (3.0.2) crack (1.0.1) bigdecimal @@ -84,7 +84,7 @@ GEM addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - yard (0.9.42) + yard (0.9.44) PLATFORMS aarch64-linux-gnu @@ -102,7 +102,7 @@ DEPENDENCIES rspec (~> 3.13) simplecov (~> 0.22) webmock (~> 3.23) - yard (~> 0.9.38) + yard (>= 0.9.44) BUNDLED WITH - 2.5.22 + 2.3.26 diff --git a/contentstack_utils.gemspec b/contentstack_utils.gemspec index 4b379a1..3c77c2c 100644 --- a/contentstack_utils.gemspec +++ b/contentstack_utils.gemspec @@ -28,5 +28,5 @@ Gem::Specification.new do |s| s.add_development_dependency 'rspec', '~> 3.13' s.add_development_dependency 'webmock', '~> 3.23' s.add_development_dependency 'simplecov', '~> 0.22' - s.add_development_dependency 'yard', '~> 0.9.38' + s.add_development_dependency 'yard', '>= 0.9.44' end From 8ceb254591cc2996c7fa7016991feb35b721427d Mon Sep 17 00:00:00 2001 From: OMpawar-21 Date: Wed, 24 Jun 2026 15:20:48 +0530 Subject: [PATCH 2/2] fix: updated version bump --- CHANGELOG.md | 3 +++ Gemfile.lock | 4 ++-- lib/contentstack_utils/version.rb | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a356b0a..723d3af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## [1.2.5](https://github.com/contentstack/contentstack-utils-ruby/tree/v1.2.5) (2026-06-24) + - Fixed security vulnerabilities: upgraded yard to 0.9.44 (Directory Traversal) and concurrent-ruby to 1.3.7 (Infinite loop, Improper Locking, Wrap-around Error). + ## [1.2.4](https://github.com/contentstack/contentstack-utils-ruby/tree/v1.2.4) (2026-04-15) - Fixed Security issues. diff --git a/Gemfile.lock b/Gemfile.lock index ec5d687..d22889f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - contentstack_utils (1.2.4) + contentstack_utils (1.2.5) activesupport (>= 7.0, < 8) nokogiri (~> 1.19, >= 1.19.2) @@ -105,4 +105,4 @@ DEPENDENCIES yard (>= 0.9.44) BUNDLED WITH - 2.3.26 + 2.5.22 diff --git a/lib/contentstack_utils/version.rb b/lib/contentstack_utils/version.rb index 2ac4815..d184ac3 100644 --- a/lib/contentstack_utils/version.rb +++ b/lib/contentstack_utils/version.rb @@ -1,3 +1,3 @@ module ContentstackUtils - VERSION = "1.2.4" + VERSION = "1.2.5" end