WIP Libsch1 20 maintenance and security

.bundler-audit.yml

@@ -31,10 +31,12 @@ ignore:
   - CVE-2025-55193
   - GHSA-76r7-hhxj-r776
 
-  # activestorage (5.2.4.6) — fix: ~> 6.1.7.7, >= 7.0.8.1
+  # activestorage (5.2.4.6) — fix: ~> 6.1.7.7, >= 7.0.8.1; CVE-2026-33658 fix: ~> 7.2.3.1, ~> 8.0.4.1, >= 8.1.2.1
   - CVE-2022-21831
   - CVE-2024-26144
+  - CVE-2026-33658
   - GHSA-8h22-8cf7-hq6g
+  - GHSA-p9fm-f462-ggrg
 
   # activesupport (5.2.4.6) — fix: ~> 5.2.8, ~> 6.1.7.x, >= 7.0.x
   - CVE-2023-22796
@@ -44,10 +46,6 @@ ignore:
   - GHSA-pj73-v5mw-pm9j
   - GHSA-cr5q-6q9f-rq6q
 
-  # aws-sdk-s3 (1.114.0) — fix: >= 1.208.0
-  - CVE-2025-14762
-  - GHSA-2xgq-q749-89fq
-
   # carrierwave (1.3.2) — fix: ~> 2.2.6, >= 3.0.7
   - CVE-2023-49090
   - CVE-2024-29034
@@ -59,20 +57,10 @@ ignore:
   - GHSA-fcjw-8rhj-gwwc
   - GHSA-57hq-95w6-v4fc
 
-  # faraday (0.17.5) — fix: ~> 1.10.5, >= 2.14.1
+  # faraday (0.17.6) — fix: ~> 1.10.5, >= 2.14.1
   - CVE-2026-25765
   - GHSA-33mh-2634-fwr2
 
-  # globalid (1.0.0) — fix: >= 1.0.1
-  - CVE-2023-22799
-  - GHSA-23c2-gwp5-pxw9
-
-  # httparty (0.20.0) — fix: >= 0.24.0 (SSRF); >= 0.21.0 (multipart)
-  - CVE-2024-22049
-  - CVE-2025-68696
-  - GHSA-5pq7-52mg-hr42
-  - GHSA-hm5p-x4rq-38w4
-
   # jquery-ui-rails (6.0.1) — fix: >= 7.0.0 or >= 8.0.0 depending on CVE
   - CVE-2021-41182
   - CVE-2021-41183
@@ -83,13 +71,7 @@ ignore:
   - GHSA-gpqq-952q-5327
   - GHSA-h6gj-6jjq-h8g9
 
-  # loofah (2.18.0) — fix: >= 2.19.1
-  - CVE-2022-23514
-  - CVE-2022-23515
-  - CVE-2022-23516
-  - GHSA-228g-948r-83gx
-
-  # nokogiri (1.13.8) — fix: >= 1.14.3 through >= 1.19.1 depending on CVE
+  # nokogiri (1.15.7) — fix: >= 1.14.3 through >= 1.19.1 depending on CVE
   - CVE-2022-23476
   - GHSA-mrxw-mxhj-p664
   - GHSA-2qc6-mcvw-92cw
@@ -149,37 +131,7 @@ ignore:
   - GHSA-whrj-4476-wvmp
   - GHSA-mxw3-3hh2-x2mh
 
-  # rails-html-sanitizer (1.4.3) — fix: >= 1.4.4
-  - CVE-2022-23517
-  - CVE-2022-23518
-  - CVE-2022-23519
-  - CVE-2022-23520
-  - GHSA-mcvf-2q2m-x72m
-  - GHSA-rrfc-7g8p-99q8
-  - GHSA-9h9g-93gc-623h
-
-  # rexml (3.2.5) — fix: >= 3.3.6
-  - CVE-2024-35176
-  - CVE-2024-39908
-  - CVE-2024-41123
-  - CVE-2024-41946
-  - CVE-2024-43398
-  - CVE-2024-49761
-  - GHSA-vg3r-rm7w-2xgh
-  - GHSA-4xqq-m2hx-25v8
-  - GHSA-r55c-59qm-vjw6
-  - GHSA-5866-49gr-22v4
-  - GHSA-vmwr-mc7x-5vc3
-
   # sidekiq (6.5.5) — fix: ~> 6.5.10, >= 7.1.3
   - CVE-2023-26141
   - GHSA-3qc2-v3hp-6cv8
 
-  # thor (1.2.1) — fix: >= 1.4.0
-  - CVE-2025-54314
-  - GHSA-mqcp-p2hv-vw6x
-
-  # webrick (1.7.0) — fix: >= 1.8.2
-  - CVE-2024-47220
-  - CVE-2025-6442
-  - GHSA-r995-q44h-hr64

.gitignore

@@ -42,3 +42,7 @@ dump.rdb
 
 # Compiled assets
 public/**
+
+# Node / Yarn (local state; regenerated by yarn install)
+.yarn/install-state.gz
+node_modules/

.yarnrc.yml

@@ -0,0 +1 @@
+nodeLinker: node-modules