Skip to content

Commit 03fb02f

Browse files
nmburgannmburgan
committed
Downgrade uri gem to 0.12.5
This is a default gem, and Ruby 3.2.9 ships 0.12.4. Version 0.12.5 addresses a CVE, so we ship this version until Ruby 3.2.10 is released which should include it.
1 parent 9930ec8 commit 03fb02f

File tree

3 files changed

+12
-3
lines changed

3 files changed

+12
-3
lines changed

configs/components/rubygem-uri.rb

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,15 @@
11
#####
22
# Component release information:
33
# https://rubygems.org/gems/uri
4+
# Notes:
5+
# 2025-12-14: This is a default gem, and is only included here to address
6+
# CVE-2025-61594. This component should be removed once Ruby 3.2.10 is released.
47
#####
58
component 'rubygem-uri' do |pkg, _settings, _platform|
69
### Maintained by update_gems automation ###
7-
pkg.version '1.1.1'
8-
pkg.sha256sum '379fa58d27ffb1387eaada68c749d1426738bd0f654d812fcc07e7568f5c57c6'
10+
# PINNED
11+
pkg.version '0.12.5'
12+
pkg.sha256sum '883424e272244f029ad3b9fe0e9ad18d1c33cdadff0a366c301ce737c62eb414'
913
### End automated maintenance section ###
1014

1115
instance_eval File.read('configs/components/_base-rubygem.rb')

configs/projects/agent-runtime-main.rb

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,9 @@
6464
proj.component 'rubygem-text'
6565
proj.component 'rubygem-thor'
6666

67+
# Remove this once Ruby 3.2.10 is released
68+
proj.component 'rubygem-uri'
69+
6770
# We add rexml explicitly in here because even though ruby 3 ships with rexml as its default gem, the version
6871
# of rexml it ships with can contain CVEs. So, we add it here to update to a higher version free from the CVEs.
6972
proj.component 'rubygem-rexml'

configs/projects/openbolt-runtime.rb

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,6 @@
158158
proj.component 'rubygem-faraday-httpclient'
159159
proj.component 'rubygem-faraday-multipart'
160160
proj.component 'rubygem-faraday-net_http'
161-
proj.component 'rubygem-uri'
162161
proj.component 'rubygem-faraday-net_http_persistent'
163162
proj.component 'rubygem-faraday-patron'
164163
proj.component 'rubygem-patron'
@@ -225,6 +224,9 @@
225224
proj.component 'rubygem-webrick'
226225
proj.component 'rubygem-yard'
227226

227+
# Remove this once Ruby 3.2.10 is released
228+
proj.component 'rubygem-uri'
229+
228230
# Core Windows dependencies
229231
proj.component 'rubygem-windows_error'
230232
proj.component 'rubygem-winrm'

0 commit comments

Comments
 (0)