Pending Release Notes - chef/supermarket GitHub Wiki

Patch release: dependency and security updates (PostgreSQL, Rails, Rack, Nokogiri) plus internal dependency alignment; no functional application feature changes.

Bug Fixes

• None in application code; fixes come via upstream dependency patches (see Security).

Enhancements

• Rails upgraded to 7.1.5.2 enabling newer framework capabilities and consistent versioning across main app and Fieri.

Packaging

• Fieri engine Rails version aligned (7.1.5.2) to remove version skew.
• Updated constraints for Rails, Rack, Nokogiri, PostgreSQL to ensure reproducible secure builds.

Security

• PostgreSQL 13.18 → 13.21
  • CVE-2025-1094
  • CVE-2025-4207
• Rails 7.0.8 → 7.1.5.2
  • CVE-2025-55193
  • CVE-2025-24293
• Rack 2.2.8.1 → 2.2.14
  • CVE-2025-46727
  • CVE-2025-27610
  • CVE-2025-27111
  • CVE-2025-25184
• Nokogiri pinned to ~> 1.18.9
  • CVE-2025-6021
  • CVE-2025-6170
  • CVE-2025-49794
  • CVE-2025-49795
  • CVE-2025-49796