🚨 [security] [ruby] Update faraday 2.13.4 → 2.14.1 (minor) #298
Cirrus CI / bundle-audit
failed
Feb 9, 2026 in 32s
Task Summary
Instruction audit failed in 00:01
Details
✅ 00:00 clone
✅ 00:05 os_setup
✅ 00:01 rbenv_setup
✅ 00:06 rbenv
✅ 00:01 bundle
✅ 00:13 install
❌ 00:01 audit
COMPREPLY=()
local word="${COMP_WORDS[COMP_CWORD]}"
if [ "$COMP_CWORD" -eq 1 ]; then
COMPREPLY=( $(compgen -W "$(rbenv commands)" -- "$word") )
else
local words=("${COMP_WORDS[@]}")
unset "words[0]"
unset "words[$COMP_CWORD]"
local completions=$(rbenv completions "${words[@]}")
COMPREPLY=( $(compgen -W "$completions" -- "$word") )
fi
}
complete -F _rbenv rbenv
command rbenv rehash 2>/dev/null
rbenv() {
local command
command="${1:-}"
if [ "$#" -gt 0 ]; then
shift
fi
case "$command" in
rehash|shell)
eval "$(rbenv "sh-$command" "$@")";;
*)
command rbenv "$command" "$@";;
esac
}
bundle audit check --update
Download ruby-advisory-db ...
Cloning into '/root/.local/share/ruby-advisory-db'...
ruby-advisory-db:
advisories: 1056 advisories
last updated: 2026-02-07 16:42:05 -0800
commit: 1886fa514d2ebe25d6146a1f1c786ac533d51d57
Name: rack
Version: 3.2.2
CVE: CVE-2025-61780
GHSA: GHSA-r657-rxjc-j557
Criticality: Medium
URL: https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
Title: Rack has a Possible Information Disclosure Vulnerability
Solution: update to '~> 2.2.20', '~> 3.1.18', '>= 3.2.3'
Name: rack
Version: 3.2.2
CVE: CVE-2025-61919
GHSA: GHSA-6xw4-3v39-52mm
Criticality: High
URL: https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
Title: Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
Solution: update to '~> 2.2.20', '~> 3.1.18', '>= 3.2.3'
Vulnerabilities found!
Loading