From 961686035ac419e54d20c6644402a2a712ec7521 Mon Sep 17 00:00:00 2001
From: David Grunzweig <dggrunzweig@gmail.com>
Date: Fri, 23 Jan 2026 10:58:08 -0800
Subject: [PATCH] Fix Dependabot security alerts

Add uri >= 1.0.4 to fix credential leakage bypass vulnerability (CVE-2025-27221).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 Gemfile      | 1 +
 Gemfile.lock | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Gemfile b/Gemfile
index dd868e4..7aea428 100644
--- a/Gemfile
+++ b/Gemfile
@@ -20,3 +20,4 @@ gem 'tapioca', group: :development
 gem 'thor', '>= 1.4.0'
 gem 'webmock', group: :development
 gem 'rexml', '>= 3.4.2'
+gem 'uri', '>= 1.0.4'
diff --git a/Gemfile.lock b/Gemfile.lock
index 7ecf04a..04ce8d4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -147,7 +147,7 @@ GEM
     unicode-display_width (3.1.4)
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
-    uri (1.0.3)
+    uri (1.1.1)
     webmock (3.24.0)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
@@ -185,6 +185,7 @@ DEPENDENCIES
   sorbet-runtime
   tapioca
   thor (>= 1.4.0)
+  uri (>= 1.0.4)
   webmock
 
 BUNDLED WITH