There is new CVE for Ruby publicly post on 22 Nov 2022:
https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/
This will require patch updates to all dev-lang/ruby YAML autogens in next and manual curated ebuild version bumps in 1.4 to these versions:
2.7.7 – https://www.ruby-lang.org/en/news/2022/11/24/ruby-2-7-7-released/
3.0.5 – https://www.ruby-lang.org/en/news/2022/11/24/ruby-3-0-5-released/
3.1.3 – https://www.ruby-lang.org/en/news/2022/11/24/ruby-3-1-3-released/
Please make the PR against Harvester 2022-11 before it merges or directly to kit-fixups if that Harvester 2022-11 merge window is missed.