CGA-2r2f-jcxj-hqjf

This vulnerability relates to the GitLab dependency: [gem] puma @ 5.6.8 GitLab advises that maintainers should NOT upgrade dependency versions manually, as their automation would have already applied this in cases of simple version increments. If a dependency version has not yet been upgraded, there is usually a good reason. Additionally, past attempts to upgrade GitLab dependencies ahead of the upstream release have resulted in build issues. deferring to upstream (GitLab) to address this CVE in a subsequent update. See: https://docs.gitlab.com/ee/development/dependencies.html.

Due to the affected Gem version being defined inside a Gemfile.lock file, we are unable to determine in the build pipeline a different version for this dependency and must wait for upstream implementation.