Our vulnerability scanner was flagging bcp47 as a vulnerable gem, because it includes really outdated gems in it's Gemfile.lock file. After investigating https://rubygems.org/gems/bcp47/versions/0.3.3 it seems like the gem hasn't has a release in over a decade at this point and the homepage (original github repo) has been removed. I would recommend finding an alternative or removing the dependency altogether due to the gem no longer having an upstream repository.
Our vulnerability scanner was flagging bcp47 as a vulnerable gem, because it includes really outdated gems in it's Gemfile.lock file. After investigating https://rubygems.org/gems/bcp47/versions/0.3.3 it seems like the gem hasn't has a release in over a decade at this point and the homepage (original github repo) has been removed. I would recommend finding an alternative or removing the dependency altogether due to the gem no longer having an upstream repository.