From 39b784957dc62e913f89bc9f2cfed4d9e615e6fc Mon Sep 17 00:00:00 2001
From: "Andrey \"Zed\" Zaikin" <zed@elastic.co>
Date: Fri, 20 Mar 2026 12:03:43 +0200
Subject: [PATCH] upgrade faraday due to CVE-2026-25765 (#424)

### https://github.com/elastic/search-team/issues/12889

### Checklists

<!--You can remove unrelated items from checklists below and/or add new
items that may help during the review.-->

#### Pre-Review Checklist
- [ ] This PR does NOT contain credentials of any kind, such as API keys
or username/passwords (double check `crawler.yml.example` and
`elasticsearch.yml.example`)
- [ ] This PR has a meaningful title
- [ ] This PR links to all relevant GitHub issues that it fixes or
partially addresses
- If there is no GitHub issue, please create it. Each PR should have a
link to an issue
- [ ] this PR has a thorough description
- [ ] Covered the changes with automated tests
- [ ] Tested the changes locally
- [ ] Added a label for each target release version (example: `v0.1.0`)
- [ ] Considered corresponding documentation changes
- [ ] Contributed any configuration settings changes to the
configuration reference
- [ ] Ran `make notice` if any dependencies have been added

#### Changes Requiring Extra Attention

<!--Please call out any changes that require special attention from the
reviewers and/or increase the risk to availability or security of the
system after deployment. Remove the ones that don't apply.-->

- [ ] Security-related changes (encryption, TLS, SSRF, etc)
- [ ] New external service dependencies added.

### Related Pull Requests

<!--List any relevant PRs here or remove the section if this is a
standalone PR.

* https://github.com/elastic/.../pull/123-->

### Release Note

<!--If you think this enhancement/fix should be included in the release
notes,
please write a concise user-facing description of the change here.
You should also label the PR with `release_note` so the release notes
author(s) can easily look it up.-->

(cherry picked from commit a9045e180e28a69d686faf058ffe51845cf4b1d1)
---
 Gemfile.lock | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index d44aa92e..d2ed2922 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -19,7 +19,6 @@ GEM
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.2)
-    base64 (0.2.0)
     bigdecimal (3.1.8-java)
     bson (4.15.0-java)
     coderay (1.1.3)
@@ -42,10 +41,10 @@ GEM
       tzinfo
     factory_bot (6.2.1)
       activesupport (>= 5.0.0)
-    faraday (2.8.1)
-      base64
-      faraday-net_http (>= 2.0, < 3.1)
-      ruby2_keywords (>= 0.0.4)
+    faraday (2.14.1)
+      faraday-net_http (>= 2.0, < 3.5)
+      json
+      logger
     faraday-net_http (3.0.2)
     ffi (1.16.3-java)
     fugit (1.11.1)
@@ -60,6 +59,7 @@ GEM
     json-schema (4.3.0)
       addressable (>= 2.8)
     language_server-protocol (3.17.0.3)
+    logger (1.7.0)
     method_source (1.1.0)
     minitest (5.22.3)
     multi_json (1.15.0)
@@ -121,7 +121,6 @@ GEM
     ruby-debug-ide (0.7.3)
       rake (>= 0.8.1)
     ruby-progressbar (1.13.0)
-    ruby2_keywords (0.0.5)
     rufus-scheduler (3.9.1)
       fugit (~> 1.1, >= 1.1.6)
     simplecov (0.22.0)