[Snyk] Security upgrade ruby from 3.0-alpine to 3.4.8-alpine

[ayusuf-mq]

Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• modules/openapi-generator/src/main/resources/ruby-sinatra-server/Dockerfile

We recommend upgrading to ruby:3.4.8-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	CVE-2025-26519 SNYK-ALPINE316-MUSL-8720632	614
	CVE-2025-26519 SNYK-ALPINE316-MUSL-8720632	614
	Out-of-bounds Write SNYK-ALPINE316-BUSYBOX-6913410	514
	Out-of-bounds Write SNYK-ALPINE316-BUSYBOX-6913410	514

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Out-of-bounds Write

[ayusuf-mq]

This major version upgrade from Ruby 3.0 to 3.4 introduces numerous breaking changes, deprecations, and new behaviors across the language and standard library. The risk is high due to the cumulative impact of four major releases.

Highlights:

• YAML Loading: In Ruby 3.1+, Psych.load (the YAML parser) defaults to safe_load, which disables loading of most classes by default to improve security. Code relying on YAML to deserialize complex Ruby objects will need to be updated to use Psych.unsafe_load or specify permitted classes.
• String Mutability: In Ruby 3.4, string literals will become "chilled". Mutating a string literal will produce a deprecation warning, in preparation for them becoming fully frozen by default in a future version. This will require code changes to avoid warnings and future errors.
• Keyword Arguments & Procs: Changes have been made to keyword argument handling. In Ruby 3.2, methods using *args to delegate keyword arguments must now be marked with ruby2_keywords. Additionally, Procs that accept a single positional argument and keywords will no longer autosplat.
• New it Anonymous Block Argument: In Ruby 3.4, it is introduced as a default name for the first block parameter. This can cause conflicts if it was previously used as a method name within a block without explicit parameters.

Source: Ruby documentation
Recommendation: This is a high-risk upgrade. Before merging, developers must address deprecation warnings from intermediate versions, thoroughly test application behavior, and pay special attention to YAML deserialization, string mutations, and keyword argument forwarding.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.