From dfd5eb59acd230accd60286c2037d1c45e27cc2b Mon Sep 17 00:00:00 2001
From: Jason Frey <fryguy9@gmail.com>
Date: Tue, 4 Mar 2025 09:11:44 -0500
Subject: [PATCH] Update gems for CVEs

- cgi 0.4.2  for CVE-2025-27219: https://github.com/advisories/GHSA-gh9q-2xrm-x6qv
- uri 0.13.2 for CVE-2025-27221: https://github.com/advisories/GHSA-22h5-pq3x-2gf2
---
 Gemfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index ad3526ae98f..1305bd32945 100644
--- a/Gemfile
+++ b/Gemfile
@@ -86,10 +86,10 @@ gem "terminal",                                              :require => false
 gem "wim_parser",                       "~>1.0",             :require => false
 
 # gems to resolve security issues
-# CVE-2023-28756 fixed: ruby 3.1.4 - https://github.com/advisories/GHSA-fg7x-g82r-94qc
-gem "time", "~> 0.2.2"
-# CVE-2023-36617 https://github.com/advisories/GHSA-hww2-5g85-429m
-gem "uri",  "~> 0.13.1" # Avoid URI 1.0.0 for now due to: https://github.com/ruby/uri/issues/125
+gem "cgi",  "~> 0.4.2"  # CVE-2025-27219: https://github.com/advisories/GHSA-gh9q-2xrm-x6qv
+gem "time", "~> 0.2.2"  # CVE-2023-28756: https://github.com/advisories/GHSA-fg7x-g82r-94qc; ruby 3.1.4+
+gem "uri",  "~> 0.13.2" # CVE-2025-27221: https://github.com/advisories/GHSA-22h5-pq3x-2gf2
+                        # Avoid URI 1.0.0 for now due to: https://github.com/ruby/uri/issues/125
 
 # Custom gem that replaces mime-types in order to redirect mime-types calls to mini_mime
 #   Source is located at https://github.com/ManageIQ/mime-types-redirector