Commit 298ec16
Ignore CVE-2026-40295 in bundler-audit (#67)
devise 5.0.4 fixes an Open Redirect in the Timeoutable session timeout
handler, but devise_token_auth ~> 1.2 still pins devise < 5. The
:timeoutable module isn't enabled on Shopkeeper, so the affected code
path doesn't exist in this app. Same rationale as the existing
CVE-2026-32700 entry.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent 4b57aef commit 298ec16
1 file changed
Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
0 commit comments