From c29bf9a04010d92f95d7095082e6b29ab86bfa82 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Thu, 1 Jan 2026 09:31:38 -0500 Subject: [PATCH 1/4] GHSA SYNC: 1 modified advisory --- gems/uri/CVE-2025-61594.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/gems/uri/CVE-2025-61594.yml b/gems/uri/CVE-2025-61594.yml index e8e2c9cf17..57f3dfa275 100644 --- a/gems/uri/CVE-2025-61594.yml +++ b/gems/uri/CVE-2025-61594.yml @@ -1,6 +1,7 @@ --- gem: uri cve: 2025-61594 +ghsa: j4pr-3wm6-xx2r url: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594 title: CVE-2025-61594 - URI Credential Leakage Bypass over CVE-2025-27221 date: 2025-10-07 From 619733a90e111b000f7a496dc83ed73bfab04276 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Thu, 1 Jan 2026 10:03:36 -0500 Subject: [PATCH 2/4] Lock down Ruby version to 3.4.8 --- .github/workflows/ruby.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index 147ec4348e..9d25fe57f3 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -25,7 +25,7 @@ jobs: - name: Set up Ruby uses: ruby/setup-ruby@v1 with: - ruby-version: ruby + ruby-version: 3.4.8 - name: Install ruby dependencies run: bundle install --jobs 4 --retry 3 - name: Validate YAML From dfc0da405ecb83a1ac36828f44285e0c79881e1e Mon Sep 17 00:00:00 2001 From: Al Snow Date: Thu, 1 Jan 2026 14:42:19 -0500 Subject: [PATCH 3/4] Fix kwalify to work with Ruby 4.0.0 --- .github/workflows/ruby.yml | 2 +- spec/spec_helper.rb | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index 9d25fe57f3..147ec4348e 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -25,7 +25,7 @@ jobs: - name: Set up Ruby uses: ruby/setup-ruby@v1 with: - ruby-version: 3.4.8 + ruby-version: ruby - name: Install ruby dependencies run: bundle install --jobs 4 --retry 3 - name: Validate YAML diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index ab66791556..885d3fff1c 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,3 +1,11 @@ +require 'strscan' + +class StringScanner + def peep(len) + peek(len) + end +end + require 'date' require 'kwalify' require 'rspec' From 3aa63530e6acb004af007a197566f4144dae01a5 Mon Sep 17 00:00:00 2001 From: Al Snow <43523+jasnow@users.noreply.github.com> Date: Thu, 8 Jan 2026 15:50:14 -0500 Subject: [PATCH 4/4] Remove StringScanner class and peep method Removed StringScanner class and its peep method. --- spec/spec_helper.rb | 8 -------- 1 file changed, 8 deletions(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 885d3fff1c..ab66791556 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,11 +1,3 @@ -require 'strscan' - -class StringScanner - def peep(len) - peek(len) - end -end - require 'date' require 'kwalify' require 'rspec'