From 589e77c262059c8817600f92eaf0376500414181 Mon Sep 17 00:00:00 2001 From: Morgan Roderick Date: Thu, 9 Jul 2026 09:29:45 +0200 Subject: [PATCH] fix: update websocket-driver to 0.8.2 (CVE-2026-54464, CVE-2026-54467, CVE-2026-54468, GHSA-8j3g-f24p-4mpw) Patches 4 CVEs in websocket-driver < 0.8.1/0.8.2: resource limit bypass, memory exhaustion in HTTP header parser, and unspecified denial-of-service. --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index d70594603..6b8dc770a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -600,7 +600,7 @@ GEM addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - websocket-driver (0.8.0) + websocket-driver (0.8.2) base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -942,7 +942,7 @@ CHECKSUMS view_component (4.12.0) sha256=b9a5979d1c43eba2aa21a06a86f661aab3990104855f2909ef7c3779acdcdcb4 web-console (4.3.0) sha256=e13b71301cdfc2093f155b5aa3a622db80b4672d1f2f713119cc7ec7ac6a6da4 webmock (3.26.2) sha256=774556f2ea6371846cca68c01769b2eac0d134492d21f6d0ab5dd643965a4c90 - websocket-driver (0.8.0) sha256=ed0dba4b943c22f17f9a734817e808bc84cdce6a7e22045f5315aa57676d4962 + websocket-driver (0.8.2) sha256=97c556b019bf3410b4961002ac501621e9322d3f8a7bc02161a09301cc4c4146 websocket-extensions (0.1.5) sha256=1c6ba63092cda343eb53fc657110c71c754c56484aad42578495227d717a8241 xpath (3.2.0) sha256=6dfda79d91bb3b949b947ecc5919f042ef2f399b904013eb3ef6d20dd3a4082e yaml (0.4.0) sha256=240e69d1e6ce3584d6085978719a0faa6218ae426e034d8f9b02fb54d3471942