🚨 [security] [ruby] Update rack 3.2.2 → 3.2.3 (patch) #285
Cirrus CI / bundle-audit
failed
Oct 10, 2025 in 40s
Task Summary
Instruction audit failed in 00:01
Details
✅ 00:00 clone
✅ 00:14 os_setup
✅ 00:01 rbenv_setup
✅ 00:08 rbenv
✅ 00:01 bundle
✅ 00:10 install
❌ 00:01 audit
source ~/.bashrc
export PATH="$HOME/.rbenv/bin:$PATH"
eval "$(rbenv init -)"
export PATH="/root/.rbenv/shims:${PATH}"
export RBENV_SHELL=bash
source '/root/.rbenv/completions/rbenv.bash'
_rbenv() {
COMPREPLY=()
local word="${COMP_WORDS[COMP_CWORD]}"
if [ "$COMP_CWORD" -eq 1 ]; then
COMPREPLY=( $(compgen -W "$(rbenv commands)" -- "$word") )
else
local words=("${COMP_WORDS[@]}")
unset "words[0]"
unset "words[$COMP_CWORD]"
local completions=$(rbenv completions "${words[@]}")
COMPREPLY=( $(compgen -W "$completions" -- "$word") )
fi
}
complete -F _rbenv rbenv
command rbenv rehash 2>/dev/null
rbenv() {
local command
command="${1:-}"
if [ "$#" -gt 0 ]; then
shift
fi
case "$command" in
rehash|shell)
eval "$(rbenv "sh-$command" "$@")";;
*)
command rbenv "$command" "$@";;
esac
}
bundle audit check --update
Download ruby-advisory-db ...
Cloning into '/root/.local/share/ruby-advisory-db'...
ruby-advisory-db:
advisories: 1029 advisories
last updated: 2025-10-08 21:44:33 -0700
commit: e80dfb041da37a032aaf0c4a1fceeaaf5aeb381c
Name: uri
Version: 1.0.3
CVE: CVE-2025-61594
Criticality: Unknown
URL: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594
Title: CVE-2025-61594 - URI Credential Leakage Bypass over CVE-2025-27221
Solution: update to '~> 0.12.5', '~> 0.13.3', '>= 1.0.4'
Vulnerabilities found!
Loading