From 61fec3d43b03c59a912e8b0555ccb5c64b76999e Mon Sep 17 00:00:00 2001 From: Matt Pelc Date: Sun, 28 Dec 2025 15:51:10 -0800 Subject: [PATCH] Update httparty to 0.24 httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd. https://nvd.nist.gov/vuln/detail/CVE-2025-68696 --- currency_cloud.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/currency_cloud.gemspec b/currency_cloud.gemspec index ebbee1e..88b8fdc 100644 --- a/currency_cloud.gemspec +++ b/currency_cloud.gemspec @@ -13,7 +13,7 @@ Gem::Specification.new do |s| s.licenses = ['MIT'] s.required_ruby_version = '>= 3.0' - s.add_dependency('httparty', '~> 0.23.1') + s.add_dependency('httparty', '~> 0.24') s.add_dependency('json', '>= 2.12.2', '< 2.17.0') s.add_dependency('base64', '~> 0.3.0')