Draft: Update bundler in gitlab-ruby (!914) · Merge requests · GitLab.org / Build / CNG · GitLab

Gerard Hickey requested to merge 3050-update-bundler into master Mar 02, 2022

A customer scan brought to our attention that gitlab-ruby is set to use a version of the bundler gem that is vulnerable to CVE-2021-43809.

Solution

Upgrade the bundler version used in gitlab-ruby to >=2.2.33

Closes gitlab-org/charts/gitlab#3050 (closed)