Hello. We're currently using your gem (thank you!), and our Vanta account is flagging that in this repo's Gemfile.lock it is still using uri 1.0.2, which has an active CVE (CVE-2025-27221). The fix was released in uri 1.0.3. Would you be so kind as to bump that dependency or would you be open to a PR that does so? Thank you for your time.
Hello. We're currently using your gem (thank you!), and our Vanta account is flagging that in this repo's Gemfile.lock it is still using
uri1.0.2, which has an active CVE (CVE-2025-27221). The fix was released inuri1.0.3. Would you be so kind as to bump that dependency or would you be open to a PR that does so? Thank you for your time.