From efc6cb1ddbdb9a7231c5410d610c4c3cfa727592 Mon Sep 17 00:00:00 2001
From: Quentin Rousseau <contact@quent.in>
Date: Mon, 8 Jun 2026 07:10:41 -0700
Subject: [PATCH] Add view_component 3.25.0 as patched for CVE-2026-44836 and
 CVE-2026-44837

v3.25.0 backports both security fixes to the 3.x branch.

Ref: https://github.com/ViewComponent/view_component/issues/2637
Release: https://github.com/ViewComponent/view_component/releases/tag/v3.25.0
---
 gems/view_component/CVE-2026-44836.yml | 2 ++
 gems/view_component/CVE-2026-44837.yml | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/gems/view_component/CVE-2026-44836.yml b/gems/view_component/CVE-2026-44836.yml
index dc11a28819..a4525e3595 100644
--- a/gems/view_component/CVE-2026-44836.yml
+++ b/gems/view_component/CVE-2026-44836.yml
@@ -25,9 +25,11 @@ unaffected_versions:
   - "< 3.0.0"
 patched_versions:
   - ">= 4.9.0"
+  - ">= 3.25.0, < 4.0.0"
 related:
   url:
     - https://viewcomponent.org/CHANGELOG.html#490
     - https://github.com/ViewComponent/view_component/releases/tag/v4.9.0
+    - https://github.com/ViewComponent/view_component/releases/tag/v3.25.0
     - https://github.com/ViewComponent/view_component/security/advisories/GHSA-7f3r-gwc9-2995
     - https://github.com/advisories/GHSA-7f3r-gwc9-2995
diff --git a/gems/view_component/CVE-2026-44837.yml b/gems/view_component/CVE-2026-44837.yml
index 9d91b7f297..588ef96c45 100644
--- a/gems/view_component/CVE-2026-44837.yml
+++ b/gems/view_component/CVE-2026-44837.yml
@@ -18,9 +18,11 @@ unaffected_versions:
   - "< 3.0.0"
 patched_versions:
   - ">= 4.9.0"
+  - ">= 3.25.0, < 4.0.0"
 related:
   url:
     - https://viewcomponent.org/CHANGELOG.html#490
     - https://github.com/ViewComponent/view_component/releases/tag/v4.9.0
+    - https://github.com/ViewComponent/view_component/releases/tag/v3.25.0
     - https://github.com/ViewComponent/view_component/security/advisories/GHSA-hg3h-g7xc-f7vp
     - https://github.com/advisories/GHSA-hg3h-g7xc-f7vp