From fb38a1c5dc7862125b099aa20a876d5921c66db4 Mon Sep 17 00:00:00 2001
From: Nora Dossche <7771979+ndossche@users.noreply.github.com>
Date: Fri, 17 Apr 2026 08:03:49 +0200
Subject: [PATCH 1/2] [ruby/openssl] pkey: fix memory leak when derived key is
 too large

Unlikely to happen in practice, but mirrors other similar checks that
also free the context.

https://github.com/ruby/openssl/commit/fd28a16519
---
 ext/openssl/ossl_pkey.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index d2fd5b29c32204..a53332b17edf84 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -1496,8 +1496,10 @@ ossl_pkey_derive(int argc, VALUE *argv, VALUE self)
         EVP_PKEY_CTX_free(ctx);
         ossl_raise(ePKeyError, "EVP_PKEY_derive");
     }
-    if (keylen > LONG_MAX)
+    if (keylen > LONG_MAX) {
+        EVP_PKEY_CTX_free(ctx);
         rb_raise(ePKeyError, "derived key would be too large");
+    }
     str = ossl_str_new(NULL, (long)keylen, &state);
     if (state) {
         EVP_PKEY_CTX_free(ctx);

From d6c68b65ee1f0d704b33dac527317f52949b5277 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 Apr 2026 22:33:12 +0000
Subject: [PATCH 2/2] Bump yard

Bumps the bundler group with 1 update in the /spec/bundler/realworld/fixtures/tapioca directory: [yard](https://yardoc.org).


Updates `yard` from 0.9.37 to 0.9.42

---
updated-dependencies:
- dependency-name: yard
  dependency-version: 0.9.42
  dependency-type: indirect
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 spec/bundler/realworld/fixtures/tapioca/Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/bundler/realworld/fixtures/tapioca/Gemfile.lock b/spec/bundler/realworld/fixtures/tapioca/Gemfile.lock
index 4ce06de722cfaa..c2df2f92299ad2 100644
--- a/spec/bundler/realworld/fixtures/tapioca/Gemfile.lock
+++ b/spec/bundler/realworld/fixtures/tapioca/Gemfile.lock
@@ -32,7 +32,7 @@ GEM
       thor (>= 1.2.0)
       yard-sorbet
     thor (1.4.0)
-    yard (0.9.37)
+    yard (0.9.42)
     yard-sorbet (0.9.0)
       sorbet-runtime
       yard