Merge branch 'fix-addressable-security' into 'master'

蔡耀賢 · 蔡耀賢 · commit 32f294794eb7 · 2026-04-14T19:36:07.000+08:00
Fix addressable security issue

See merge request kdanmobile/shared-code-base/gems/error_response!46
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -3,7 +3,7 @@ plugins:
 
 AllCops:
   NewCops: enable
-  TargetRubyVersion: 3.0
+  TargetRubyVersion: 3.1
   Exclude:
     - 'bin/**/*'
     - 'pkg/**/*'
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## [1.2.1] - 2026-04-08
+- Patch addressable to 2.9.0.
+  - Fix Regular Expression Denial of Service in Addressable templates.
+- Raise the minimum supported Ruby version to 3.1.
 ## [1.2.0] - 2026-03-24
 - Patch activesupport to 7.2.3.1.
   - Fix possible ReDoS vulnerability in `number_to_delimited`.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    error_response (1.2.0)
+    error_response (1.2.1)
       activesupport (~> 7.2.3.1)
 
 GEM
@@ -19,7 +19,7 @@ GEM
       minitest (>= 5.1, < 6)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
-    addressable (2.8.9)
+    addressable (2.9.0)
       public_suffix (>= 2.0.2, < 8.0)
     ast (2.4.3)
     base64 (0.3.0)
diff --git a/VERSION.md b/VERSION.md
@@ -1 +1 @@
-1.2.0
+1.2.1
diff --git a/error_response.gemspec b/error_response.gemspec
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
   s.license     = "MIT"
   s.files       = Dir["lib/**/*"]
   s.require_path = ["lib"]
-  s.required_ruby_version = ">= 3.0"
+  s.required_ruby_version = ">= 3.1"
   s.metadata = {
     "source_code_uri" => "https://github.com/kdan-mobile-software-ltd/error_response",
     "changelog_uri" => "https://github.com/kdan-mobile-software-ltd/error_response/blob/master/CHANGELOG.md",
