chore: bump cocoapods to 1.16.2 to resolve activesupport XSS vulnerability (CVE in SafeBuffer#%)\n\nUpgrades cocoapods from 1.11.3 to 1.16.2, which relaxes the\nactivesupport constraint from < 7 to < 8, allowing activesupport\nto resolve to 7.2.3.1 (the earliest patched version).\n\nFixes Dependabot alert #10.

ekjotmultani · ekjotmultani · commit 476c1d4c02f8 · 2026-03-24T15:37:58.000-07:00
diff --git a/Gemfile b/Gemfile
@@ -3,6 +3,5 @@
 source "https://rubygems.org"
 
 gem 'xcpretty', '0.3.0'
-gem 'cocoapods', '1.11.3'
-gem 'cocoapods-downloader', '1.6.3'
+gem 'cocoapods', '1.16.2'
 gem 'jazzy', '0.14.2'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,44 +1,49 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (3.0.7)
+    CFPropertyList (3.0.8)
+    activesupport (7.2.3.1)
       base64
-      nkf
-      rexml
-    activesupport (6.1.7.6)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
-      minitest (>= 5.1)
-      tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+      logger (>= 1.4.2)
+      minitest (>= 5.1, < 6)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+    addressable (2.8.9)
+      public_suffix (>= 2.0.2, < 8.0)
     algoliasearch (1.27.5)
       httpclient (~> 2.8, >= 2.8.3)
       json (>= 1.5.1)
     atomos (0.1.3)
-    base64 (0.2.0)
+    base64 (0.3.0)
+    benchmark (0.5.0)
+    bigdecimal (4.0.1)
     claide (1.1.0)
-    cocoapods (1.11.3)
+    cocoapods (1.16.2)
       addressable (~> 2.8)
       claide (>= 1.0.2, < 2.0)
-      cocoapods-core (= 1.11.3)
+      cocoapods-core (= 1.16.2)
       cocoapods-deintegrate (>= 1.0.3, < 2.0)
-      cocoapods-downloader (>= 1.4.0, < 2.0)
+      cocoapods-downloader (>= 2.1, < 3.0)
       cocoapods-plugins (>= 1.0.0, < 2.0)
       cocoapods-search (>= 1.0.0, < 2.0)
-      cocoapods-trunk (>= 1.4.0, < 2.0)
+      cocoapods-trunk (>= 1.6.0, < 2.0)
       cocoapods-try (>= 1.1.0, < 2.0)
       colored2 (~> 3.1)
       escape (~> 0.0.4)
       fourflusher (>= 2.3.0, < 3.0)
       gh_inspector (~> 1.0)
       molinillo (~> 0.8.0)
       nap (~> 1.0)
-      ruby-macho (>= 1.0, < 3.0)
-      xcodeproj (>= 1.21.0, < 2.0)
-    cocoapods-core (1.11.3)
-      activesupport (>= 5.0, < 7)
+      ruby-macho (>= 2.3.0, < 3.0)
+      xcodeproj (>= 1.27.0, < 2.0)
+    cocoapods-core (1.16.2)
+      activesupport (>= 5.0, < 8)
       addressable (~> 2.8)
       algoliasearch (~> 1.0)
       concurrent-ruby (~> 1.1)
@@ -48,7 +53,7 @@ GEM
       public_suffix (~> 4.0)
       typhoeus (~> 1.0)
     cocoapods-deintegrate (1.0.5)
-    cocoapods-downloader (1.6.3)
+    cocoapods-downloader (2.1)
     cocoapods-plugins (1.0.0)
       nap
     cocoapods-search (1.0.1)
@@ -57,16 +62,20 @@ GEM
       netrc (~> 0.11)
     cocoapods-try (1.2.0)
     colored2 (3.1.2)
-    concurrent-ruby (1.2.2)
+    concurrent-ruby (1.3.6)
+    connection_pool (3.0.2)
+    drb (2.2.3)
     escape (0.0.4)
-    ethon (0.15.0)
+    ethon (0.18.0)
       ffi (>= 1.15.0)
-    ffi (1.15.5)
+      logger
+    ffi (1.17.3)
     fourflusher (2.3.1)
     fuzzy_match (2.0.4)
     gh_inspector (1.1.3)
-    httpclient (2.8.3)
-    i18n (1.14.1)
+    httpclient (2.9.0)
+      mutex_m
+    i18n (1.14.8)
       concurrent-ruby (~> 1.0)
     jazzy (0.14.2)
       cocoapods (~> 1.5)
@@ -78,51 +87,51 @@ GEM
       sassc (~> 2.1)
       sqlite3 (~> 1.3)
       xcinvoke (~> 0.3.0)
-    json (2.6.1)
+    json (2.19.2)
     liferaft (0.0.6)
-    mini_portile2 (2.8.7)
-    minitest (5.19.0)
+    logger (1.7.0)
+    mini_portile2 (2.8.9)
+    minitest (5.27.0)
     molinillo (0.8.0)
-    mustache (1.1.1)
-    nanaimo (0.3.0)
+    mustache (1.1.2)
+    mutex_m (0.3.0)
+    nanaimo (0.4.0)
     nap (1.1.0)
     netrc (0.11.0)
-    nkf (0.2.0)
     open4 (1.3.4)
-    public_suffix (4.0.6)
-    redcarpet (3.5.1)
-    rexml (3.4.2)
+    public_suffix (4.0.7)
+    redcarpet (3.6.1)
+    rexml (3.4.4)
     rouge (2.0.7)
     ruby-macho (2.5.1)
     sassc (2.4.0)
       ffi (~> 1.9)
+    securerandom (0.4.1)
     sqlite3 (1.7.3)
       mini_portile2 (~> 2.8.0)
-    typhoeus (1.4.0)
-      ethon (>= 0.9.0)
+    typhoeus (1.6.0)
+      ethon (>= 0.18.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     xcinvoke (0.3.0)
       liferaft (~> 0.0.6)
-    xcodeproj (1.25.0)
+    xcodeproj (1.27.0)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
-      nanaimo (~> 0.3.0)
-      rexml (>= 3.3.2, < 4.0)
+      nanaimo (~> 0.4.0)
+      rexml (>= 3.3.6, < 4.0)
     xcpretty (0.3.0)
       rouge (~> 2.0.7)
-    zeitwerk (2.6.11)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  cocoapods (= 1.11.3)
-  cocoapods-downloader (= 1.6.3)
+  cocoapods (= 1.16.2)
   jazzy (= 0.14.2)
   xcpretty (= 0.3.0)
 
 BUNDLED WITH
-   2.5.14
+  4.0.8
