From 8ea1d6f278ad8f3284244627e2d735faf19d32ab Mon Sep 17 00:00:00 2001
From: Scott Carleton <313254+ScotterC@users.noreply.github.com>
Date: Mon, 12 Jan 2026 11:16:55 -0500
Subject: [PATCH] Relax httparty dependency constraint to allow >= 0.22.0

This fixes CVE-2025-68696 (GHSA-hm5p-x4rq-38w4) by allowing projects
to update to httparty 0.24.0 which patches a potential SSRF
vulnerability that could lead to API key leakage.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 Gemfile.lock            | 4 ++--
 lib/pinecone/version.rb | 2 +-
 pinecone.gemspec        | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 295265b..2796eaa 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,10 +1,10 @@
 PATH
   remote: .
   specs:
-    pinecone (1.2.1)
+    pinecone (1.2.2)
       dry-struct (~> 1.6)
       dry-validation (~> 1.10)
-      httparty (~> 0.24.0)
+      httparty (>= 0.22.0)
 
 GEM
   remote: https://rubygems.org/
diff --git a/lib/pinecone/version.rb b/lib/pinecone/version.rb
index 01b93be..82969d2 100644
--- a/lib/pinecone/version.rb
+++ b/lib/pinecone/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Pinecone
-  VERSION = "1.2.1"
+  VERSION = "1.2.2"
 end
diff --git a/pinecone.gemspec b/pinecone.gemspec
index 4c8ae6d..aec1ba2 100644
--- a/pinecone.gemspec
+++ b/pinecone.gemspec
@@ -17,5 +17,5 @@ Gem::Specification.new do |s|
 
   s.add_dependency "dry-struct", "~> 1.6"
   s.add_dependency "dry-validation", "~> 1.10"
-  s.add_dependency "httparty", "~> 0.24.0"
+  s.add_dependency "httparty", ">= 0.22.0"
 end