Foreman » Packaging

During my attempt to migrate our Foreman to 3.6.1 on Ubuntu 20.04, our security scanners reported the following GEM packages:

stop vulnerabilities package CRITICAL Vulnerability found in non-os package type (gem) - /usr/share/foreman/vendor/ruby/2.7.0/specifications/git-1.7.0.gemspec (fixed in: 1.11.0)(GHSA-69p6-wvmq-27gg - https://github.com/advisories/GHSA-69p6-wvmq-27gg)

stop vulnerabilities package CRITICAL Vulnerability found in non-os package type (gem) - /usr/share/foreman/vendor/ruby/2.7.0/specifications/diffy-3.3.0.gemspec (fixed in: 3.4.1)(GHSA-5ww9-9qp2-x524 - https://github.com/advisories/GHSA-5ww9-9qp2-x524)

Based on content of the DEB packages I'm installing, the above gems come from ruby-foreman-templates package:
$ dpkg x ./ruby-foreman-templates_9.3.0-2_all.deb ttt
$ ls -l ~/ttt/usr/share/foreman/vendor/cache
total 260
drwxr-xr-x 2 korekhov korekhov 4096 Jul 19 2022 ./
drwxr-xr-x 3 korekhov korekhov 4096 Jul 19 2022 ../
-rw-r--r- 1 korekhov korekhov 17920 Dec 29 2018 diffy-3.3.0.gem
rw-r--r- 1 korekhov korekhov 49152 May 16 2022 foreman_templates-9.3.0.gem
rw-r--r- 1 korekhov korekhov 31232 Apr 25 2020 git-1.7.0.gem
rw-r--r- 1 korekhov korekhov 153600 Jun 1 2018 rchardet-1.8.0.gem

I had a similar issue with 3.3.1 (which also had activerecord gem flagged). I know that 3.3 is not supported anymore, just pointing out here is that this appears to be pretty old issue to me.

Can this package be re-built with patched versions (git-1.11.0 and diff-3.4.1 gems), please?