Security: bump actionview, activesupport, nokogiri, uri, yard by technicalpickles · Pull Request #30 · rubyatscale/query_packwerk

technicalpickles · 2026-06-18T20:23:11Z

Summary

Security update addressing multiple CVEs across 5 gems.

Gem	Old	New	GHSA	Severity
actionview	8.0.2	8.1.3	GHSA-v55j-83pf-r9cq	-
activesupport	8.0.2	8.1.3	GHSA-2j26-frm8-cmj9, GHSA-89vf-4333-qx8v, GHSA-cg4j-q9v8-6v38	-
nokogiri	1.18.5	1.19.4	GHSA-v2fc-qm4h-8hqv, GHSA-c4rq-3m3g-8wgx, GHSA-wx95-c6cv-8532, GHSA-353f-x4gh-cqq8, GHSA-5w6v-399v-w3cc	-
uri	1.0.3	1.1.1	GHSA-j4pr-3wm6-xx2r	-
yard	0.9.37	0.9.44	GHSA-3jfp-46x4-xgfj	-

Note: No major-version bumps — all updates are within the same major version series (Rails 8.x, nokogiri 1.x).

Security: bump actionview, activesupport, nokogiri, uri, yard

60139e9

github-project-automation Bot moved this to Triage in Modularity Jun 18, 2026

github-project-automation Bot added this to Modularity Jun 18, 2026

technicalpickles marked this pull request as ready for review June 23, 2026 15:59

technicalpickles requested a review from a team as a code owner June 23, 2026 15:59

ashleywillard approved these changes Jun 23, 2026

View reviewed changes

technicalpickles merged commit e04af4b into main Jun 23, 2026
2 checks passed

technicalpickles deleted the security/dep-sweep branch June 23, 2026 21:12

github-project-automation Bot moved this from Triage to Done in Modularity Jun 23, 2026

technicalpickles had a problem deploying to release June 23, 2026 21:12 — with GitHub Actions Failure