Fix vulnerability

[curquiza]

Summary by CodeRabbit

• Chores
  • Updated dependency to improve compatibility and stability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Updates the HTTParty gem dependency constraint in meilisearch.gemspec from version ~> 0.22 to ~> 0.24, allowing the Ruby gem to support newer versions of the HTTParty HTTP client library.

Changes

Cohort / File(s)	Summary
Dependency Version Update meilisearch.gemspec	Bumped HTTParty version constraint from ~> 0.22 to ~> 0.24

Estimated Code Review Effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A hop and a bump, version flows free,
HTTParty now points to twenty-four-three,
Dependencies dance in the gemspec file,
One small change, but oh how worthwhile! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Fix vulnerability' is vague and does not specify which vulnerability or dependency is being fixed, making it unclear without reviewing the details.	Consider updating the title to be more specific, such as 'Update httparty dependency to 0.24' or 'Bump httparty to fix security vulnerability' to clearly convey the primary change.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2139680 and 5c94756.

📒 Files selected for processing (1)

• meilisearch.gemspec

🔇 Additional comments (1)

meilisearch.gemspec (1)

18-18: HTTParty 0.24 is valid and addresses CVE-2025-68696.

The dependency update is appropriate. HTTParty 0.24.0 was released on Dec 28, 2025 and fixes CVE-2025-68696, a Server-Side Request Forgery (SSRF) vulnerability that allows API-key leakage when request paths contain absolute URLs. All versions of HTTParty <= 0.23.2, including 0.22.x, are affected. The constraint ~> 0.24 correctly allows patch updates while requiring at least version 0.24.0.

No evidence of breaking changes between 0.22 and 0.24 was found during verification.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (883b8d5) to head (5c94756).
⚠️ Report is 22 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #668   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           10        10           
  Lines          809       809           
=========================================
  Hits           809       809           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.