From 897aacc66031872bf676afa3fe74fd596b664d90 Mon Sep 17 00:00:00 2001
From: Pat Sier <patrick.sier@cms.hhs.gov>
Date: Wed, 23 Jul 2025 12:59:24 -0400
Subject: [PATCH] Update thor to address vulnerability

---
 app/Gemfile      | 1 +
 app/Gemfile.lock | 7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/app/Gemfile b/app/Gemfile
index 9cdbacb0e..29da2c204 100644
--- a/app/Gemfile
+++ b/app/Gemfile
@@ -81,6 +81,7 @@ gem "gpgme", "~> 2.0", ">= 2.0.12"
 gem "pdf-reader", "~> 2.12.0"
 gem "net-imap", "0.4.20"  # Fixing GHSA-j3g3-5qv5-52m
 gem "cgi", ">= 0.4.2"     # Fixing GHSA-mhwm-jh88-3gjf
+gem "thor", ">= 1.4.0"    # Fixing GHSA-mqcp-p2hv-vw6x
 
 group :development, :test do
   gem "brakeman"
diff --git a/app/Gemfile.lock b/app/Gemfile.lock
index 92ab592ca..677871b39 100644
--- a/app/Gemfile.lock
+++ b/app/Gemfile.lock
@@ -496,13 +496,13 @@ GEM
     snaky_hash (2.0.1)
       hashie
       version_gem (~> 1.1, >= 1.1.1)
-    solid_queue (1.1.5)
+    solid_queue (1.2.1)
       activejob (>= 7.1)
       activerecord (>= 7.1)
       concurrent-ruby (>= 1.3.1)
       fugit (~> 1.11.0)
       railties (>= 7.1)
-      thor (~> 1.3.1)
+      thor (>= 1.3.1)
     sprockets (4.2.1)
       concurrent-ruby (~> 1.0)
       rack (>= 2.2.4, < 4)
@@ -516,7 +516,7 @@ GEM
     stringio (3.1.2)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
-    thor (1.3.2)
+    thor (1.4.0)
     thread_safe (0.3.6)
     timecop (0.9.10)
     timeout (0.4.3)
@@ -628,6 +628,7 @@ DEPENDENCIES
   sprockets-rails
   stackprof
   stimulus-rails
+  thor (>= 1.4.0)
   timecop
   turbo-rails
   tzinfo-data