Skip to content

chore(deps): update httparty to 0.24.0 (CVE-2025-68696)#45

Open
mapup-security-fix-bot[bot] wants to merge 1 commit intomainfrom
fix/vuln-11-httparty
Open

chore(deps): update httparty to 0.24.0 (CVE-2025-68696)#45
mapup-security-fix-bot[bot] wants to merge 1 commit intomainfrom
fix/vuln-11-httparty

Conversation

@mapup-security-fix-bot
Copy link
Copy Markdown

@mapup-security-fix-bot mapup-security-fix-bot Bot commented Apr 21, 2026

Security Fix: CVE-2025-68696httparty upgraded to 0.24.0

Vulnerability Summary

Field Value
Package httparty (RubyGems)
CVE CVE-2025-68696
Severity High
Vulnerable range <= 0.23.2
Fixed version 0.24.0
Current locked version 0.18.1

What Changed

  • Updated Gemfile.lock in the ruby/ subdirectory to resolve httparty at 0.24.0 via bundle update httparty.
  • The existing Gemfile constraint (>= 0.21.0) already permits 0.24.0; no Gemfile edit was required.

Notes for Reviewer

  • Bump type: minor (0.18.10.24.0). This is a significant version jump; please verify application behaviour.
  • No local changelog found: There is no CHANGELOG in the repo to confirm API compatibility. Recommend reviewing the httparty releases for any breaking changes between 0.18.1 and 0.24.0.
  • No test suite in CI: The repository's CI workflows (gitleaks.yml, semgrep.yml) are security-scan-only; there are no automated Ruby tests to catch regressions. Manual testing of routes using httparty calls is advised before merging.

References

@mapup-security-fix-bot mapup-security-fix-bot Bot added security Security vulnerability needs-human-review Requires manual review before merge labels Apr 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs-human-review Requires manual review before merge security Security vulnerability

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants