Skip to content

Security: bump rexml, yard#53

Draft
technicalpickles wants to merge 1 commit into
mainfrom
security/dep-sweep
Draft

Security: bump rexml, yard#53
technicalpickles wants to merge 1 commit into
mainfrom
security/dep-sweep

Conversation

@technicalpickles

@technicalpickles technicalpickles commented Jun 18, 2026

Copy link
Copy Markdown

Security Dependencies Bumped

Gem Old Version New Version GHSA Severity
rexml 3.2.6 3.4.4 GHSA-2rxp-v6pw-ch6m High
rexml 3.2.6 3.4.4 GHSA-vmwr-mc7x-5vc3 High
rexml 3.2.6 3.4.4 GHSA-5866-49gr-22v4 Medium
rexml 3.2.6 3.4.4 GHSA-r55c-59qm-vjw6 Medium
rexml 3.2.6 3.4.4 GHSA-4xqq-m2hx-25v8 Medium
rexml 3.2.6 3.4.4 GHSA-vg3r-rm7w-2xgh Medium
yard 0.9.36 0.9.44 GHSA-3jfp-46x4-xgfj Medium

Note: rexml bump represents a minor version upgrade (3.2.x -> 3.4.x). All tests passing (55 examples, 0 failures).

Changes

  • Updated Gemfile.lock with new versions
  • Regenerated Sorbet RBI files for rexml@3.4.4 and yard@0.9.44

@technicalpickles @claude
Security: bump rexml, yard
26c2960 
Bumped rexml from 3.2.6 to 3.4.4 (addresses multiple CVEs)
Bumped yard from 0.9.36 to 0.9.44 (addresses GHSA-3jfp-46x4-xgfj)

Tests passing: rspec (55 examples, 0 failures)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-project-automation github-project-automation Bot moved this to Triage in Modularity Jun 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Modularity
Status: Triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@technicalpickles