[ruby-core:111200] [Ruby master Misc#19178] How does CRuby handle CVE issues in stdlib gems which get patched?