From 2c45dbfe7ce5eb3b5a4c9bc37143344addd9e9c8 Mon Sep 17 00:00:00 2001
From: Ian Maia <ian.maia@automattic.com>
Date: Wed, 25 Mar 2026 13:05:56 +0100
Subject: [PATCH] Update activesupport to fix security vulnerabilities

Addresses three activesupport security advisories:
- GHSA-cg4j-q9v8-6v38: ReDoS vulnerability in number_to_delimited
- GHSA-89vf-4333-qx8v: XSS vulnerability in SafeBuffer#%
- GHSA-2j26-frm8-cmj9: DoS vulnerability in number helpers

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 Gemfile.lock | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 4789d587d..ba53f9d1e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -28,7 +28,7 @@ GEM
       nkf
       rexml
     abbrev (0.1.2)
-    activesupport (7.2.2.1)
+    activesupport (7.2.3.1)
       base64
       benchmark (>= 0.3)
       bigdecimal
@@ -37,7 +37,7 @@ GEM
       drb
       i18n (>= 1.6, < 2)
       logger (>= 1.4.2)
-      minitest (>= 5.1)
+      minitest (>= 5.1, < 6)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
     addressable (2.8.7)
@@ -69,8 +69,8 @@ GEM
       aws-eventstream (~> 1, >= 1.0.2)
     babosa (1.0.4)
     base64 (0.2.0)
-    benchmark (0.4.0)
-    bigdecimal (3.1.9)
+    benchmark (0.5.0)
+    bigdecimal (4.0.1)
     buildkit (1.6.1)
       sawyer (>= 0.6)
     buildkite-test_collector (2.9.0)
@@ -124,8 +124,8 @@ GEM
     colored2 (3.1.2)
     commander (4.6.0)
       highline (~> 2.0.0)
-    concurrent-ruby (1.3.5)
-    connection_pool (2.5.0)
+    concurrent-ruby (1.3.6)
+    connection_pool (3.0.2)
     cork (0.3.0)
       colored2 (~> 3.1)
     crack (1.0.0)
@@ -164,7 +164,7 @@ GEM
     docile (1.4.1)
     domain_name (0.6.20240107)
     dotenv (2.8.1)
-    drb (2.2.1)
+    drb (2.2.3)
     emoji_regex (3.2.3)
     erubi (1.13.1)
     escape (0.0.4)
@@ -308,7 +308,7 @@ GEM
       domain_name (~> 0.5)
     httpclient (2.9.0)
       mutex_m
-    i18n (1.14.7)
+    i18n (1.14.8)
       concurrent-ruby (~> 1.0)
     java-properties (0.3.0)
     jmespath (1.6.2)
@@ -322,12 +322,12 @@ GEM
     language_server-protocol (3.17.0.4)
     lint_roller (1.1.0)
     locale (2.1.4)
-    logger (1.6.6)
+    logger (1.7.0)
     method_source (0.9.2)
     mini_magick (4.13.2)
     mini_mime (1.1.5)
     mini_portile2 (2.8.9)
-    minitest (5.25.5)
+    minitest (5.27.0)
     molinillo (0.8.0)
     multi_json (1.15.0)
     multipart-post (2.4.1)