From 4d4568f758f409f24ed4a4f22179b1a7419dc81e Mon Sep 17 00:00:00 2001 From: Ian Maia Date: Thu, 2 Jul 2026 11:26:29 +0200 Subject: [PATCH 1/2] Bump concurrent-ruby for CVE-2026-54904 --- CHANGELOG.md | 1 + Gemfile.lock | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d77356cd..a333dc609 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ _None_ ### Bug Fixes - Bump `faraday` and `nokogiri` to address security vulnerabilities. [#749] +- Bump `concurrent-ruby` to address CVE-2026-54904 / GHSA-h8w8-99g7-qmvj. ### Internal Changes diff --git a/Gemfile.lock b/Gemfile.lock index 9b37967ee..a080543d9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -83,7 +83,7 @@ GEM colored2 (3.1.2) commander (4.6.0) highline (~> 2.0.0) - concurrent-ruby (1.3.6) + concurrent-ruby (1.3.7) connection_pool (3.0.2) cork (0.3.0) colored2 (~> 3.1) From 109d55a75987752917b3ef71b0fdea818f53cefc Mon Sep 17 00:00:00 2001 From: Gio Lodi Date: Thu, 2 Jul 2026 19:34:22 +1000 Subject: [PATCH 2/2] Add PR no. for `concurrent-ruby` to changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a333dc609..5f693ce7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ _None_ ### Bug Fixes - Bump `faraday` and `nokogiri` to address security vulnerabilities. [#749] -- Bump `concurrent-ruby` to address CVE-2026-54904 / GHSA-h8w8-99g7-qmvj. +- Bump `concurrent-ruby` to address CVE-2026-54904 / GHSA-h8w8-99g7-qmvj. [#751] ### Internal Changes