Commit 2741dc4
build(deps): bump rack-session to 2.1.2 (GHSA-33qg-7wpp-89cq) (#67)
Bumps the transitive rack-session dependency from 2.1.0 to 2.1.2 to
resolve a critical advisory: Rack::Session::Cookie's decrypt-failure
fallback enables secretless session forgery and Marshal deserialization
(vulnerable range >= 2.0.0, < 2.1.2).
Conservative lockfile-only change; no direct Gemfile dependency touched.
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent c16ddce commit 2741dc4
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
202 | 202 | | |
203 | 203 | | |
204 | 204 | | |
205 | | - | |
| 205 | + | |
206 | 206 | | |
207 | 207 | | |
208 | 208 | | |
| |||
0 commit comments