commit by to_remotes 2026-02-24 10:09:45 +0100 from cicd

bundle-audit-time.txt

@@ -1 +1 @@
-2026-02-23T15:32:00+01:00
+2026-02-24T10:09:45+01:00

report.txt

@@ -1 +1,27 @@
-No vulnerabilities found
+Name: nokogiri
+Version: 1.18.10
+GHSA: GHSA-wx95-c6cv-8532
+Criticality: Medium
+URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
+Title: Nokogiri does not check the return value from xmlC14NExecute
+Solution: update to '>= 1.19.1'
+
+Name: rack
+Version: 3.2.4
+CVE: CVE-2026-22860
+GHSA: GHSA-mxw3-3hh2-x2mh
+Criticality: High
+URL: https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh
+Title: Rack has a Directory Traversal via Rack:Directory
+Solution: update to '~> 2.2.22', '~> 3.1.20', '>= 3.2.5'
+
+Name: rack
+Version: 3.2.4
+CVE: CVE-2026-25500
+GHSA: GHSA-whrj-4476-wvmp
+Criticality: Medium
+URL: https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp
+Title: Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
+Solution: update to '~> 2.2.22', '~> 3.1.20', '>= 3.2.5'
+
+Vulnerabilities found!

update-info.txt

@@ -1,7 +1,15 @@
 Updating ruby-advisory-db ...
-Already up to date.
+Updating ceb1564..23d78a1
+Fast-forward
+ gems/nokogiri/GHSA-wx95-c6cv-8532.yml | 46 ++++++++++++++++++++++++++++++
+ gems/rack/CVE-2026-22860.yml          | 43 ++++++++++++++++++++++++++++
+ gems/rack/CVE-2026-25500.yml          | 53 +++++++++++++++++++++++++++++++++++
+ 3 files changed, 142 insertions(+)
+ create mode 100644 gems/nokogiri/GHSA-wx95-c6cv-8532.yml
+ create mode 100644 gems/rack/CVE-2026-22860.yml
+ create mode 100644 gems/rack/CVE-2026-25500.yml
 Updated ruby-advisory-db
 ruby-advisory-db:
-  advisories:	1058 advisories
+  advisories:	1061 advisories
-  last updated:	2026-02-14 16:57:54 -0800
+  last updated:	2026-02-23 15:02:44 -0800
-  commit:	ceb15641ac50e71ba95015aff0d4bf9c52525c27
+  commit:	23d78a198195022af675826b0e4ac0e647a14234