{"id":10913,"name":"addressable","ecosystem":"rubygems","repository_url":"https://github.com/sporkmonger/addressable","issues_count":1451,"created_at":"2025-06-06T22:55:14.287Z","updated_at":"2025-06-06T22:55:14.287Z","purl":"pkg:gem/addressable","metadata":{"id":151744,"name":"addressable","ecosystem":"rubygems","description":"Addressable is an alternative implementation to the URI implementation that is\npart of Ruby's standard library. It is flexible, offers heuristic parsing, and\nadditionally provides extensive support for IRIs and URI templates.\n","homepage":"https://github.com/sporkmonger/addressable","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/sporkmonger/addressable","keywords_array":[],"namespace":null,"versions_count":44,"first_release_published_at":"2009-07-25T18:34:57.000Z","latest_release_published_at":"2024-06-21T10:46:38.432Z","latest_release_number":"2.8.7","last_synced_at":"2025-06-07T02:04:27.516Z","created_at":"2022-04-05T16:41:37.247Z","updated_at":"2025-06-07T02:07:05.886Z","registry_url":"https://rubygems.org/gems/addressable","install_command":"gem install addressable -s https://rubygems.org","documentation_url":"http://www.rubydoc.info/gems/addressable/","metadata":{"funding":null},"repo_metadata":{"id":404084,"uuid":"22601","full_name":"sporkmonger/addressable","owner":"sporkmonger","description":"Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. It is flexible, offers heuristic parsing, and additionally provides extensive support for IRIs and URI templates.","archived":false,"fork":false,"pushed_at":"2025-02-16T18:11:45.000Z","size":1968,"stargazers_count":1572,"open_issues_count":44,"forks_count":272,"subscribers_count":32,"default_branch":"main","last_synced_at":"2025-05-28T08:12:55.248Z","etag":null,"topics":["uri","uri-template"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sporkmonger.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2008-06-05T19:00:11.000Z","updated_at":"2025-05-24T14:51:32.000Z","dependencies_parsed_at":"2023-01-13T10:15:24.634Z","dependency_job_id":"e61c6602-9b97-4b5a-9107-164816481eb5","html_url":"https://github.com/sporkmonger/addressable","commit_stats":{"total_commits":792,"total_committers":113,"mean_commits":7.008849557522124,"dds":"0.49242424242424243","last_synced_commit":"4229164843616783287ca359bbe38b574f1908a3"},"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sporkmonger","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":257655569,"owners_count":22580863,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"sporkmonger","name":"Bob Aman","uuid":"1778","kind":"user","description":"","email":"","website":"http://sporkmonger.com/","location":"Minneapolis, MN","twitter":null,"company":"@discord","icon_url":"https://avatars.githubusercontent.com/u/1778?u=f1a2a1438f5ac17d2e56ec18ba5874f5b81a9d0a\u0026v=4","repositories_count":128,"last_synced_at":"2025-06-03T09:15:38.379Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/sporkmonger","funding_links":[],"total_stars":2231,"followers":174,"following":25,"created_at":"2022-11-02T16:17:19.043Z","updated_at":"2025-06-03T09:15:38.379Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sporkmonger","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sporkmonger/repositories"},"tags":[{"name":"addressable-2.8.7","sha":"7930ece6e4ae266e67fc927f2e44e39f97fd5f22","kind":"tag","published_at":"2024-06-21T10:45:56.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.8.7","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.8.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.7/manifests"},{"name":"addressable-2.8.6","sha":"35a0f5c38eed558997187dced2ba8ffffeb07f04","kind":"tag","published_at":"2023-12-09T10:31:50.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.8.6","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.8.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.6/manifests"},{"name":"addressable-2.8.5","sha":"7cd185ec53691ee0b8922c1ddf542725f1d54aa0","kind":"tag","published_at":"2023-08-03T08:54:34.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.8.5","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.8.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.5/manifests"},{"name":"addressable-2.8.4","sha":"e91b64e1ab36dccacd8e339a84e89684ed5bbb3e","kind":"tag","published_at":"2023-04-09T15:02:37.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.8.4","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.8.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.4/manifests"},{"name":"addressable-2.8.3","sha":"68c60e380fe6218100898d73c75b0f4e54340d3e","kind":"tag","published_at":"2023-04-04T21:13:17.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.8.3","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.8.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.3/manifests"},{"name":"addressable-2.8.2","sha":"bcaf766b0a91d889d0a0bfc5cfbdc07bd376924b","kind":"tag","published_at":"2023-04-01T10:49:35.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.8.2","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.2/manifests"},{"name":"addressable-2.8.1","sha":"8657465b438d93c707aff4346fdcf74c742b4a53","kind":"tag","published_at":"2022-08-19T10:50:44.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.8.1","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.1/manifests"},{"name":"addressable-2.8.0","sha":"6469a232c0f1892809ff66737370c765d574e16c","kind":"tag","published_at":"2021-07-03T04:27:41.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.8.0","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.8.0/manifests"},{"name":"addressable-2.7.0","sha":"598aea6b1b6c7cb1e05aa717090235c3703ce759","kind":"tag","published_at":"2019-08-31T03:36:54.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.7.0","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.7.0/manifests"},{"name":"addressable-2.6.0","sha":"a0e06dbfc91ea820a111b2db30795088c907c29e","kind":"tag","published_at":"2019-01-18T07:16:50.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.6.0","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.6.0/manifests"},{"name":"addressable-2.5.2","sha":"0a0e96acb17225f9b1c9cab0bad332b448934c9a","kind":"tag","published_at":"2017-08-25T00:01:53.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.5.2","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.5.2/manifests"},{"name":"addressable-2.5.1","sha":"279dbaf44436500fdbba86b167bbff0fe0ab54e0","kind":"tag","published_at":"2017-03-29T21:16:13.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.5.1","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.5.1/manifests"},{"name":"addressable-2.5.0","sha":"09c5ea06d63066bf12e096b7da9513150b074973","kind":"tag","published_at":"2016-11-04T19:30:23.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.5.0","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.5.0/manifests"},{"name":"addressable-2.4.0","sha":"fb8efbfa705258e9d1571d1d6a4c3e64a7631270","kind":"tag","published_at":"2015-12-07T04:38:26.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.4.0","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.4.0/manifests"},{"name":"addressable-2.3.8","sha":"a4ed495243e7d3b7766f99dc5c57ed26951dc5b8","kind":"tag","published_at":"2015-03-27T15:32:51.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.3.8","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.3.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.8/manifests"},{"name":"addressable-2.3.7","sha":"953b28ffaf164461014fdf3985df65b5dd584af6","kind":"tag","published_at":"2015-02-05T13:03:41.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.3.7","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.3.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.7/manifests"},{"name":"addressable-2.3.6","sha":"9d1e5777e8353fd8b22d39101e9b67425f8e2cfd","kind":"tag","published_at":"2014-03-24T05:54:31.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.3.6","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.3.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.6/manifests"},{"name":"addressable-2.3.5","sha":"9c1122c7fa77f4f62768809a0639de73566df12e","kind":"tag","published_at":"2013-06-27T01:14:15.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.3.5","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.5/manifests"},{"name":"addressable-2.3.4","sha":"f47caa4f4a181fd6784f4e6fadc02b0345bd05df","kind":"tag","published_at":"2013-04-15T19:23:25.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.3.4","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.4/manifests"},{"name":"addressable-2.3.3","sha":"28ce5d056accc2146c0a7747f9e5a112daa43052","kind":"tag","published_at":"2013-02-19T20:03:11.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.3.3","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.3/manifests"},{"name":"addressable-2.3.2","sha":"7f14836517acc210588607d0c4ec87a965919bac","kind":"tag","published_at":"2012-07-27T09:15:08.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.3.2","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.2/manifests"},{"name":"addressable-2.3.1","sha":"7f13fde92562573448974b2a6b5b871daaa6f937","kind":"tag","published_at":"2012-07-21T14:42:16.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.3.1","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.1/manifests"},{"name":"addressable-2.3.0","sha":"768b408ef1e731bb3c9fdf29fbcf23cad5c42d18","kind":"tag","published_at":"2012-07-21T14:25:31.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.3.0","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.3.0/manifests"},{"name":"addressable-2.2.8","sha":"25c04c93cea7514bd6d701286c61f976f799707c","kind":"tag","published_at":"2012-05-02T19:14:26.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.2.8","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.8/manifests"},{"name":"addressable-2.2.7","sha":"378581a7996f52a10cda8da8fe8b72509d1276bb","kind":"tag","published_at":"2012-02-16T12:18:01.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.2.7","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.7/manifests"},{"name":"addressable-2.2.6","sha":"cfd786b792dda11f8317ab24d7161fe31f56a9b6","kind":"tag","published_at":"2011-05-13T00:18:14.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.2.6","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.6/manifests"},{"name":"addressable-2.2.5","sha":"354f223087425c5d028f19794b07682af93dd4ed","kind":"commit","published_at":"2011-04-10T02:51:41.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.2.5","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.5/manifests"},{"name":"addressable-2.2.4","sha":"6565b984f25145da745187fbaec5956e3535a84c","kind":"tag","published_at":"2011-01-29T00:20:59.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.2.4","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.4/manifests"},{"name":"addressable-2.2.3","sha":"4dcd913de90caa3124bdb9a4aa142d4cf1bbd558","kind":"tag","published_at":"2011-01-20T19:56:04.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.2.3","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.3/manifests"},{"name":"addressable-2.2.2","sha":"b97eaa0fc721ecef845567f1d692508ed39b0ec8","kind":"tag","published_at":"2010-10-12T23:06:13.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.2.2","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.2/manifests"},{"name":"addressable-2.2.1","sha":"01604a358884cba3e6fc1c836506730ace41443e","kind":"tag","published_at":"2010-09-10T19:54:37.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.2.1","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.1/manifests"},{"name":"addressable-2.2.0","sha":"d7fabf9c313ceb9f5b70407ca0454983ab703587","kind":"tag","published_at":"2010-08-10T04:21:21.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.2.0","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.2.0/manifests"},{"name":"addressable-2.1.2","sha":"6c052b878555ed77f7629368c1924ea1ffac1d3c","kind":"tag","published_at":"2010-08-10T03:16:29.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.1.2","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.1.2/manifests"},{"name":"addressable-2.1.1","sha":"de80951378af58004772ce7efd6fd62d9d74d248","kind":"tag","published_at":"2009-11-01T22:03:50.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.1.1","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.1.1/manifests"},{"name":"addressable-2.1.0","sha":"f7e9f17d9e2585845efefac88b139b856fcd2173","kind":"tag","published_at":"2009-05-19T17:14:59.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.1.0","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.1.0/manifests"},{"name":"addressable-2.0.2","sha":"d341c39f7b99a14b2b41ffb79beb0170467120d1","kind":"tag","published_at":"2009-01-31T03:20:26.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.0.2","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.0.2/manifests"},{"name":"addressable-2.0.1","sha":"6fb070f7d04a5a7b251ff5dac22bd1fb81fd346c","kind":"tag","published_at":"2008-12-02T19:26:15.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.0.1","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.0.1/manifests"},{"name":"addressable-2.0.0","sha":"126259d1ef0315fa0b1cad07b8194748763e2bf2","kind":"tag","published_at":"2008-11-16T01:36:12.000Z","download_url":"https://codeload.github.com/sporkmonger/addressable/tar.gz/addressable-2.0.0","html_url":"https://github.com/sporkmonger/addressable/releases/tag/addressable-2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sporkmonger%2Faddressable/tags/addressable-2.0.0/manifests"}]},"repo_metadata_updated_at":"2025-06-07T02:07:05.886Z","dependent_packages_count":1604,"downloads":965814015,"downloads_period":"total","dependent_repos_count":897139,"rankings":{"downloads":0.013380760696245582,"dependent_repos_count":0.011150633913537985,"dependent_packages_count":0.03177930665358326,"stargazers_count":1.300163914318529,"forks_count":1.5566284943299027,"docker_downloads_count":0.02787658478384496,"average":0.49016328244927393},"purl":"pkg:gem/addressable","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4aGMtcTg1Ny0zajZn","url":"https://github.com/advisories/GHSA-jxhc-q857-3j6g","title":"Regular Expression Denial of Service in Addressable templates","description":"### Impact\n\nWithin the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected.\n\n### Patches\n\nThe vulnerability was introduced in version 2.3.0 (previously yanked) and has been present in all subsequent versions up to, and including, 2.7.0. It is fixed in version 2.8.0.\n\n### Workarounds\n\nThe vulnerability can be avoided by only creating Template objects from trusted sources that have been validated not to produce catastrophic backtracking.\n\n### References\n\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n- https://cwe.mitre.org/data/definitions/1333.html\n- https://www.regular-expressions.info/catastrophic.html\n\n### For more information\nIf you have any questions or comments about this advisory:\n* [Open an issue](https://github.com/sporkmonger/addressable/issues)\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-07-12T16:58:33.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g","https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc","https://github.com/sporkmonger/addressable/commit/89c76130ce255c601f642a018cb5fb5a80e679a7","https://nvd.nist.gov/vuln/detail/CVE-2021-32740","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/","https://github.com/sporkmonger/addressable/commit/92685096b1f7235ed8986c03ce30a24972eed848#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76","https://github.com/advisories/GHSA-jxhc-q857-3j6g","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/addressable/CVE-2021-32740.yml"],"source_kind":"github","identifiers":["GHSA-jxhc-q857-3j6g","CVE-2021-32740"],"repository_url":"https://github.com/sporkmonger/addressable","blast_radius":44.646448023969555,"packages":[{"versions":[{"first_patched_version":"2.8.0","vulnerable_version_range":"\u003e= 2.3.0, \u003c= 2.7.0"}],"ecosystem":"rubygems","package_name":"addressable"}],"created_at":"2022-12-21T16:11:56.161Z","updated_at":"2023-05-04T19:34:32.000Z"}],"docker_usage_url":"https://docker.ecosyste.ms/usage/rubygems/addressable","docker_dependents_count":3932,"docker_downloads_count":3787168008,"usage_url":"https://repos.ecosyste.ms/usage/rubygems/addressable","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/rubygems/addressable/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/addressable/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/addressable/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/addressable/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/addressable/related_packages","maintainers":[{"uuid":"42999","login":"therabidbanana","name":null,"email":null,"url":null,"packages_count":15,"html_url":"https://rubygems.org/profiles/therabidbanana","role":null,"created_at":"2022-11-07T12:44:19.651Z","updated_at":"2022-11-07T12:44:19.651Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/therabidbanana/packages"},{"uuid":"50548","login":"dentarg","name":null,"email":null,"url":null,"packages_count":13,"html_url":"https://rubygems.org/profiles/dentarg","role":null,"created_at":"2022-11-07T12:44:19.657Z","updated_at":"2022-11-07T12:44:19.657Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/dentarg/packages"},{"uuid":"2249","login":"sporkmonger","name":null,"email":null,"url":null,"packages_count":16,"html_url":"https://rubygems.org/profiles/sporkmonger","role":null,"created_at":"2022-11-07T12:44:19.665Z","updated_at":"2022-11-07T12:44:19.665Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/sporkmonger/packages"}],"registry":{"name":"rubygems.org","url":"https://rubygems.org","ecosystem":"rubygems","default":true,"packages_count":198118,"maintainers_count":66429,"namespaces_count":0,"keywords_count":17799,"github":"rubygems","metadata":{"funded_packages_count":7045},"icon_url":"https://github.com/rubygems.png","created_at":"2022-04-04T15:19:23.446Z","updated_at":"2025-06-06T05:59:27.395Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/namespaces"}},"unique_repositories_count":1382,"unique_repositories_count_past_30_days":4,"recent_issues":[{"uuid":"4728543465","node_id":"PR_kwDOCsb_Ws7pyLna","number":115,"state":"open","title":"Bump the bundler group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-23T18:34:35.000Z","updated_at":"2026-06-23T18:34:45.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":2,"packages":[{"name":"addressable","old_version":"2.8.0","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"concurrent-ruby","old_version":"1.1.6","new_version":"1.3.7","repository_url":"https://github.com/ruby-concurrency/concurrent-ruby"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the / directory: [addressable](https://github.com/sporkmonger/addressable) and [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby).\n\nUpdates `addressable` from 2.8.0 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.4 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore \u003ccode\u003eAddressable::IDNA.unicode_normalize_kc\u003c/code\u003e as a deprecated method (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/504\"\u003esporkmonger/addressable#504\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.3 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix template expand level 2 hash support for non-string objects (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/499\"\u003e#499\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/498\"\u003e#498\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.0...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `concurrent-ruby` from 1.1.6 to 1.3.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/releases\"\u003econcurrent-ruby's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.7\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eThere are 3 security fixes in this release, so updating is recommended.\nThese security vulnerabilities are not very likely to be hit in practice and have a corresponding \u003ccode\u003eLow\u003c/code\u003e severity score.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-h8w8-99g7-qmvj\"\u003eCVE-2026-54904\u003c/a\u003e \u003ccode\u003eAtomicReference#update\u003c/code\u003e livelocks when the stored value is \u003ccode\u003eFloat::NAN\u003c/code\u003e. Fix by \u003ca href=\"https://github.com/joshuay03\"\u003e\u003ccode\u003e@​joshuay03\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/eregon\"\u003e\u003ccode\u003e@​eregon\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-wv3x-4vxv-whpp\"\u003eCVE-2026-54905\u003c/a\u003e \u003ccode\u003eReentrantReadWriteLock\u003c/code\u003e read-count overflow grants a write lock without exclusivity. Fix by \u003ca href=\"https://github.com/joshuay03\"\u003e\u003ccode\u003e@​joshuay03\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-6wx8-w4f5-wwcr\"\u003eCVE-2026-54906\u003c/a\u003e \u003ccode\u003eReadWriteLock\u003c/code\u003e allows wrong-thread write release and stray read-release counter corruption. Fix by \u003ca href=\"https://github.com/joshuay03\"\u003e\u003ccode\u003e@​joshuay03\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003econcurrent-ruby-ext: fix build on Darwin 32-bit by \u003ca href=\"https://github.com/barracuda156\"\u003e\u003ccode\u003e@​barracuda156\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1064\"\u003eruby-concurrency/concurrent-ruby#1064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SECURITY.md by \u003ca href=\"https://github.com/eregon\"\u003e\u003ccode\u003e@​eregon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1104\"\u003eruby-concurrency/concurrent-ruby#1104\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Ruby 4.0 in CI by \u003ca href=\"https://github.com/eregon\"\u003e\u003ccode\u003e@​eregon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1106\"\u003eruby-concurrency/concurrent-ruby#1106\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/barracuda156\"\u003e\u003ccode\u003e@​barracuda156\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1064\"\u003eruby-concurrency/concurrent-ruby#1064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.3.6...v1.3.7\"\u003ehttps://github.com/ruby-concurrency/concurrent-ruby/compare/v1.3.6...v1.3.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.3.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRun tests without the C extension in CI by \u003ca href=\"https://github.com/eregon\"\u003e\u003ccode\u003e@​eregon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1081\"\u003eruby-concurrency/concurrent-ruby#1081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Promise docs by \u003ca href=\"https://github.com/danieldiekmeier\"\u003e\u003ccode\u003e@​danieldiekmeier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1083\"\u003eruby-concurrency/concurrent-ruby#1083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect word in readme by \u003ca href=\"https://github.com/wwahammy\"\u003e\u003ccode\u003e@​wwahammy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1084\"\u003eruby-concurrency/concurrent-ruby#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix mistakes in MVar documentation by \u003ca href=\"https://github.com/trinistr\"\u003e\u003ccode\u003e@​trinistr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1087\"\u003eruby-concurrency/concurrent-ruby#1087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix multi require concurrent/executor/cached_thread_pool by \u003ca href=\"https://github.com/OuYangJinTing\"\u003e\u003ccode\u003e@​OuYangJinTing\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1085\"\u003eruby-concurrency/concurrent-ruby#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse typed data APIs by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1096\"\u003eruby-concurrency/concurrent-ruby#1096\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Joshua Young to the list of maintainers by \u003ca href=\"https://github.com/eregon\"\u003e\u003ccode\u003e@​eregon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1097\"\u003eruby-concurrency/concurrent-ruby#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAsynchronous pruning for RubyThreadPoolExecutor by \u003ca href=\"https://github.com/joshuay03\"\u003e\u003ccode\u003e@​joshuay03\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1082\"\u003eruby-concurrency/concurrent-ruby#1082\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark RubySingleThreadExecutor as a SerialExecutorService by \u003ca href=\"https://github.com/meineerde\"\u003e\u003ccode\u003e@​meineerde\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1070\"\u003eruby-concurrency/concurrent-ruby#1070\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow TimerTask to be safely restarted after shutdown and avoid duplicate tasks by \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1001\"\u003eruby-concurrency/concurrent-ruby#1001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFlaky test fix: allow ThreadPool to shutdown before asserting completed_task_count by \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1098\"\u003eruby-concurrency/concurrent-ruby#1098\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eThreadPoolExecutor#kill\u003c/code\u003e will \u003ccode\u003ewait_for_termination\u003c/code\u003e in JRuby; ensure \u003ccode\u003eTimerSet\u003c/code\u003e timer thread shuts down cleanly by \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1044\"\u003eruby-concurrency/concurrent-ruby#1044\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danieldiekmeier\"\u003e\u003ccode\u003e@​danieldiekmeier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1083\"\u003eruby-concurrency/concurrent-ruby#1083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wwahammy\"\u003e\u003ccode\u003e@​wwahammy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1084\"\u003eruby-concurrency/concurrent-ruby#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trinistr\"\u003e\u003ccode\u003e@​trinistr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1087\"\u003eruby-concurrency/concurrent-ruby#1087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OuYangJinTing\"\u003e\u003ccode\u003e@​OuYangJinTing\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1085\"\u003eruby-concurrency/concurrent-ruby#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1096\"\u003eruby-concurrency/concurrent-ruby#1096\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joshuay03\"\u003e\u003ccode\u003e@​joshuay03\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1082\"\u003eruby-concurrency/concurrent-ruby#1082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.3.5...v1.3.6\"\u003ehttps://github.com/ruby-concurrency/concurrent-ruby/compare/v1.3.5...v1.3.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md\"\u003econcurrent-ruby's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.3.7 (16 June 2026)\u003c/h2\u003e\n\u003cp\u003econcurrent-ruby:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSee the \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/releases/tag/v1.3.7\"\u003erelease notes on GitHub\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.6 (13 December 2025)\u003c/h2\u003e\n\u003cp\u003econcurrent-ruby:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSee the \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/releases/tag/v1.3.6\"\u003erelease notes on GitHub\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.5, edge v0.7.2 (15 January 2025)\u003c/h2\u003e\n\u003cp\u003econcurrent-ruby:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1062\"\u003e#1062\u003c/a\u003e) Remove dependency on logger.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003econcurrent-ruby-edge:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1062\"\u003e#1062\u003c/a\u003e) Remove dependency on logger.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.4 (10 August 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1060\"\u003e#1060\u003c/a\u003e) Fix bug with return value of \u003ccode\u003eConcurrent.available_processor_count\u003c/code\u003e when \u003ccode\u003ecpu.cfs_quota_us\u003c/code\u003e is -1.\u003c/li\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1058\"\u003e#1058\u003c/a\u003e) Add \u003ccode\u003eConcurrent.cpu_shares\u003c/code\u003e that is cgroups aware.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.3 (9 June 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1053\"\u003e#1053\u003c/a\u003e) Improve the speed of \u003ccode\u003eConcurrent.physical_processor_count\u003c/code\u003e on Windows.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.2, edge v0.7.1 (7 June 2024)\u003c/h2\u003e\n\u003cp\u003econcurrent-ruby:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1051\"\u003e#1051\u003c/a\u003e) Remove dependency on \u003ccode\u003ewin32ole\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003econcurrent-ruby-edge:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1052\"\u003e#1052\u003c/a\u003e) Fix dependency on \u003ccode\u003econcurrent-ruby\u003c/code\u003e to allow the latest release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.1 (29 May 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 1.3.0 was broken when pushed to RubyGems. 1.3.1 is a packaging fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.0 (28 May 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1042\"\u003e#1042\u003c/a\u003e) Align Java Executor Service behavior for \u003ccode\u003eshuttingdown?\u003c/code\u003e, \u003ccode\u003eshutdown?\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1038\"\u003e#1038\u003c/a\u003e) Add \u003ccode\u003eConcurrent.available_processor_count\u003c/code\u003e that is cgroups aware.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/4c8fc28ab6bb9bd8258a4c0c2fa6d35ebe77b3cb\"\u003e\u003ccode\u003e4c8fc28\u003c/code\u003e\u003c/a\u003e Release 1.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/d91ca9426cb819d6cc63f1bd64bfe54644d0beca\"\u003e\u003ccode\u003ed91ca94\u003c/code\u003e\u003c/a\u003e Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/7e4d711bacf7a1dac3ef6bda44004387be2dc7e6\"\u003e\u003ccode\u003e7e4d711\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eReentrantReadWriteLock\u003c/code\u003e read hold overflow into write-lock bit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/6e37e0644b83b182971dc540d2e4bee38df61386\"\u003e\u003ccode\u003e6e37e06\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eAtomicReference#update\u003c/code\u003e livelock when stored value is \u003ccode\u003eFloat::NAN\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/2825cfa12cb708b76557803957f76862eb1151a2\"\u003e\u003ccode\u003e2825cfa\u003c/code\u003e\u003c/a\u003e Cleanup spec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/3fd493283ca5f84f0ef4e84aabd43ad68df4626b\"\u003e\u003ccode\u003e3fd4932\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eReadWriteLock\u003c/code\u003e wrong-thread write release and stray read release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/1974b4772efc034ee8eaa562b4370343f4c5c54b\"\u003e\u003ccode\u003e1974b47\u003c/code\u003e\u003c/a\u003e Add Ruby 4.0 in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/df8706d40c483d76bbb0b3a35a633c68fa9e17be\"\u003e\u003ccode\u003edf8706d\u003c/code\u003e\u003c/a\u003e Add SECURITY.md (\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1104\"\u003e#1104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/7a1b78941c081106c20a9ca0144ac73a48d254ab\"\u003e\u003ccode\u003e7a1b789\u003c/code\u003e\u003c/a\u003e Bump actions/upload-pages-artifact from 4 to 5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/9b2dbf712896a638a73d2fa221206961c8d6484d\"\u003e\u003ccode\u003e9b2dbf7\u003c/code\u003e\u003c/a\u003e Bump actions/deploy-pages from 4 to 5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.1.6...v1.3.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/geolonia/docs.geolonia.com/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/geolonia/docs.geolonia.com/pull/115","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/geolonia%2Fdocs.geolonia.com/issues/115","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/115/packages"},{"uuid":"4618295616","node_id":"PR_kwDOI1T9787kLusn","number":3,"state":"closed","title":"Bump addressable from 2.8.0 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T02:46:09.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-09T02:42:19.000Z","updated_at":"2026-06-09T02:46:16.000Z","time_to_close":230,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"addressable","old_version":"2.8.0","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.0 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.4 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore \u003ccode\u003eAddressable::IDNA.unicode_normalize_kc\u003c/code\u003e as a deprecated method (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/504\"\u003esporkmonger/addressable#504\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.3 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix template expand level 2 hash support for non-string objects (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/499\"\u003e#499\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/498\"\u003e#498\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.0...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/netzzi/digitalgarden/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/netzzi%2Fdigitalgarden/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4617939687","node_id":"PR_kwDOQU7yX87kKkkc","number":217,"state":"closed","title":"Bump the bundler group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-13T10:47:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-09T01:24:58.000Z","updated_at":"2026-06-13T10:47:57.000Z","time_to_close":379369,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":18,"packages":[{"name":"puma","old_version":"7.2.0","new_version":"7.2.1","repository_url":"https://github.com/puma/puma"},{"name":"devise","old_version":"4.9.4","new_version":"5.0.4","repository_url":"https://github.com/heartcombo/devise"},{"name":"faraday","old_version":"2.14.1","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"},{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"},{"name":"actionview","old_version":"7.2.3","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.8","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"mcp","old_version":"0.8.0","new_version":"0.9.2","repository_url":"https://github.com/modelcontextprotocol/ruby-sdk"},{"name":"net-imap","old_version":"0.5.12","new_version":"0.5.14","repository_url":"https://github.com/ruby/net-imap"},{"name":"yard","old_version":"0.9.38","new_version":"0.9.42"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [puma](https://github.com/puma/puma) | `7.2.0` | `7.2.1` |\n| [devise](https://github.com/heartcombo/devise) | `4.9.4` | `5.0.4` |\n| [faraday](https://github.com/lostisland/faraday) | `2.14.1` | `2.14.2` |\n| [jwt](https://github.com/jwt/ruby-jwt) | `3.1.2` | `3.2.0` |\n| [actionview](https://github.com/rails/rails) | `7.2.3` | `7.2.3.1` |\n| [addressable](https://github.com/sporkmonger/addressable) | `2.8.8` | `2.9.0` |\n| [mcp](https://github.com/modelcontextprotocol/ruby-sdk) | `0.8.0` | `0.9.2` |\n| [net-imap](https://github.com/ruby/net-imap) | `0.5.12` | `0.5.14` |\n| [yard](https://yardoc.org) | `0.9.38` | `0.9.42` |\n\n\nUpdates `puma` from 7.2.0 to 7.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBugfixes\n\u003cul\u003e\n\u003cli\u003eLimit and anchor PROXY protocol v1 parsing to prevent abuse via crafted inputs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eParse PROXY protocol only once per connection to prevent injection on keep-alive requests (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/security/advisories/GHSA-qpgp-93vx-g8v8\"\u003eCVE-2026-47736 / GHSA-qpgp-93vx-g8v8\u003c/a\u003e: Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/security/advisories/GHSA-2vqw-3mp8-cgmx\"\u003eCVE-2026-47737 / GHSA-2vqw-3mp8-cgmx\u003c/a\u003e: Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.1 / 2026-05-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBugfixes\n\u003cul\u003e\n\u003cli\u003eLimit and anchor PROXY protocol v1 parsing to prevent abuse via crafted inputs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eParse PROXY protocol only once per connection to prevent injection on keep-alive requests (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/92754ace040db67622f0e6406dea0b47c94d0139\"\u003e\u003ccode\u003e92754ac\u003c/code\u003e\u003c/a\u003e Release v7.2.1 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3948\"\u003e#3948\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/ebe9db3929ab8299d19c8f5b41e8ef4f4b22fa58\"\u003e\u003ccode\u003eebe9db3\u003c/code\u003e\u003c/a\u003e 7.2.1 backport (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/puma/puma/compare/v7.2.0...v7.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devise` from 4.9.4 to 5.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/releases\"\u003edevise's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.4/CHANGELOG.md#504---2026-05-08\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.4/CHANGELOG.md#504---2026-05-08\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.2\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0.rc\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/blob/main/CHANGELOG.md\"\u003edevise's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e5.0.4 - 2026-05-08\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix open redirect in \u003ccode\u003eFailureApp\u003c/code\u003e via unvalidated \u003ccode\u003eReferer\u003c/code\u003e header on non-GET session timeout. CVE-2026-40295 \u003ca href=\"https://github.com/heartcombo/devise/security/advisories/GHSA-jp94-3292-c3xv\"\u003eGHSA-jp94-3292-c3xv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3 - 2026-03-16\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix race condition vulnerability on confirmable \u0026quot;change email\u0026quot; which would allow confirming an email they don't own CVE-2026-32700 \u003ca href=\"https://github.com/heartcombo/devise/security/advisories/GHSA-57hq-95w6-v4fc\"\u003eGHSA-57hq-95w6-v4fc\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5783\"\u003e#5783\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5784\"\u003e#5784\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2 - 2026-02-18\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eenhancements\n\u003cul\u003e\n\u003cli\u003eAllow resource class scopes to override the global configuration for \u003ccode\u003esign_in_after_change_password\u003c/code\u003e behaviour. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5825\"\u003e#5825\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eNote\u003c/em\u003e: some users ran into an issue with this change because \u003ccode\u003eRegistrationsController\u003c/code\u003e now relies on a setting from the \u003ccode\u003e:registerable\u003c/code\u003e module. These users were configuring their own routes pointing to the \u003ccode\u003eRegistrationsController\u003c/code\u003e for resource edit/update actions mostly, without relying on the other registration actions (e.g. user sign up.), so they omitted \u003ccode\u003e:registerable\u003c/code\u003e from the model declaration. While using just a portion of the controller functionality is a valid use for \u003ccode\u003e:registerable\u003c/code\u003e (or any module really), the module must still be declared in the model, much like the other modules must be declared if you plan on using just a portion of their behavior. Please check \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5828#issuecomment-3926822788\"\u003ethis issue\u003c/a\u003e for more info.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esign_in_after_reset_password?\u003c/code\u003e check hook to passwords controller, to allow it to be customized by users. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5826\"\u003e#5826\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1 - 2026-02-13\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebug fixes\n\u003cul\u003e\n\u003cli\u003eFix translation issue with German \u003ccode\u003eE-Mail\u003c/code\u003e on invalid authentication messages caused by previous fix for incorrect grammar \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5822\"\u003e#5822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0 - 2026-01-23\u003c/h3\u003e\n\u003cp\u003eno changes\u003c/p\u003e\n\u003ch3\u003e5.0.0.rc - 2025-12-31\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Ruby \u0026lt; 2.7\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Rails \u0026lt; 7.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003e:bypass\u003c/code\u003e option from \u003ccode\u003esign_in\u003c/code\u003e helper, use \u003ccode\u003ebypass_sign_in\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003edevise_error_messages!\u003c/code\u003e helper, use \u003ccode\u003erender \u0026quot;devise/shared/error_messages\u0026quot;, resource: resource\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003escope\u003c/code\u003e second argument from \u003ccode\u003esign_in(resource, :admin)\u003c/code\u003e controller test helper, use \u003ccode\u003esign_in(resource, scope: :admin)\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::TestHelpers\u003c/code\u003e, use \u003ccode\u003eDevise::Test::ControllerHelpers\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5598\"\u003e#5598\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise.activerecord51?\u003c/code\u003e method.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove \u003ccode\u003eSecretKeyFinder\u003c/code\u003e and use \u003ccode\u003eapp.secret_key_base\u003c/code\u003e as the default secret key for \u003ccode\u003eDevise.secret_key\u003c/code\u003e if a custom \u003ccode\u003eDevise.secret_key\u003c/code\u003e is not provided.\u003c/p\u003e\n\u003cp\u003eThis is potentially a breaking change because Devise previously used the following order to find a secret key:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eapp.credentials.secret_key_base \u0026gt; app.secrets.secret_key_base \u0026gt; application.config.secret_key_base \u0026gt; application.secret_key_base\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow, it always uses \u003ccode\u003eapplication.secret_key_base\u003c/code\u003e. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for \u003ccode\u003erecoverable\u003c/code\u003e, \u003ccode\u003elockable\u003c/code\u003e, and \u003ccode\u003econfirmable\u003c/code\u003e will be invalid.\n\u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5645\"\u003e#5645\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange password instructions button label on devise view from \u003ccode\u003eSend me reset password instructions\u003c/code\u003e to \u003ccode\u003eSend me password reset instructions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5515\"\u003e#5515\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange \u003ccode\u003e\u0026lt;br\u0026gt;\u003c/code\u003e tags separating form elements to wrapping them in \u003ccode\u003e\u0026lt;p\u0026gt;\u003c/code\u003e tags \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5494\"\u003e#5494\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReplace \u003ccode\u003e[data-turbo-cache=false]\u003c/code\u003e with \u003ccode\u003e[data-turbo-temporary]\u003c/code\u003e on \u003ccode\u003edevise/shared/error_messages\u003c/code\u003e partial. This has been \u003ca href=\"https://github.com/hotwired/turbo/releases/tag/v7.3.0\"\u003edeprecated by Turbo since v7.3.0 (released on Mar 1, 2023)\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/9ea459de9aec5f1217ad738c58e0d23fb9f5beaa\"\u003e\u003ccode\u003e9ea459d\u003c/code\u003e\u003c/a\u003e Release v5.0.4 with sec fix for timeoutable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/025fe2124f9928766fc46520e999633b598d0360\"\u003e\u003ccode\u003e025fe21\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/7ca7ed9c174525a4d36167441b35af4a0991b6af\"\u003e\u003ccode\u003e7ca7ed9\u003c/code\u003e\u003c/a\u003e Add GHSA link to the v5.0.3 sec fix changelog entry [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/605de86174c26b9f5b2618470249db2c225327d4\"\u003e\u003ccode\u003e605de86\u003c/code\u003e\u003c/a\u003e Update links to https [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/5e3a8bf3a01cc556185dbde47ecf3bb20c41b150\"\u003e\u003ccode\u003e5e3a8bf\u003c/code\u003e\u003c/a\u003e Bundle update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/5d202775d75ccee8c36a9ed72062f627202e29e2\"\u003e\u003ccode\u003e5d20277\u003c/code\u003e\u003c/a\u003e Cleanup old Rails.version check for db migration path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/4ffb0b7e88b627ac0575e475b279e0cc474b4ded\"\u003e\u003ccode\u003e4ffb0b7\u003c/code\u003e\u003c/a\u003e Fix Gemfile for Rails 7.2, incorrectly testing against 7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/2f809205b2a9112767e68e1a5666c649a42609c6\"\u003e\u003ccode\u003e2f80920\u003c/code\u003e\u003c/a\u003e Release v5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/53347074021b38590653b95523f9b7113e5dcfdc\"\u003e\u003ccode\u003e5334707\u003c/code\u003e\u003c/a\u003e Add CVE to changelog [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/02527772bd9adbc3357d9c62fbc16e73e438121d\"\u003e\u003ccode\u003e0252777\u003c/code\u003e\u003c/a\u003e Fix race condition vulnerability, by ensuring the \u003ccode\u003eunconfirmed_email\u003c/code\u003e is alwa...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/heartcombo/devise/compare/v4.9.4...v5.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.14.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/2ecd5e05388303087c3f6872ef7f98f260e9560f\"\u003e\u003ccode\u003e2ecd5e0\u003c/code\u003e\u003c/a\u003e Update version.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3f1280c69e93297d574e85a2d462d05ebadf1d09\"\u003e\u003ccode\u003e3f1280c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/81dc1688742ad30fa747daba5a82592a1e4df8a8\"\u003e\u003ccode\u003e81dc168\u003c/code\u003e\u003c/a\u003e Upgrade package.json packages using audit fix (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/8b4d1fd06fd47dd33f3720794d4df38498c240ec\"\u003e\u003ccode\u003e8b4d1fd\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a01039c948d3e9e41e03d152aed7244f0fb4d5ca\"\u003e\u003ccode\u003ea01039c\u003c/code\u003e\u003c/a\u003e fix(docs): fix incorrect link label in request-options and remove dead link i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/7df3f24bc32d309136c67d94a9f5e4679085af0d\"\u003e\u003ccode\u003e7df3f24\u003c/code\u003e\u003c/a\u003e Lint: Style/OneClassPerFile (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1668\"\u003e#1668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/c6988a840738760fae1a40d653fa2ccd0da425b9\"\u003e\u003ccode\u003ec6988a8\u003c/code\u003e\u003c/a\u003e Modernize RuboCop configuration and fix offenses (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/32e010f1c3d5cf0f854fd52df553adf9b29985f4\"\u003e\u003ccode\u003e32e010f\u003c/code\u003e\u003c/a\u003e Add Ruby 4 to CI (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jwt` from 3.1.2 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c\"\u003e\u003ccode\u003e0b6f800\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fa19073546360856e9f4dab221fc2c5d73a45e82\"\u003e\u003ccode\u003efa19073\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c\"\u003e\u003ccode\u003e4933c1e\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53\"\u003e\u003ccode\u003e707c0f1\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b8a1665824a43d71cd6406cf9adcae842ceb1c22\"\u003e\u003ccode\u003eb8a1665\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b\"\u003e\u003ccode\u003e8159a9c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.8 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.8...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erb` from 6.0.1 to 6.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/releases\"\u003eerb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.3...v6.0.4\"\u003ehttps://github.com/ruby/erb/compare/v6.0.3...v6.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude dependabot updates from release note by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/101\"\u003eruby/erb#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: rename BDSL to BSDL by \u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze src in initialize by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse tag instead of branch with lewagon/wait-on-check-action by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/107\"\u003eruby/erb#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: exclude some files from published gem by \u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.3\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude dependabot updates from release note by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/101\"\u003eruby/erb#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: rename BDSL to BSDL by \u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze src in initialize by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/blob/master/NEWS.md\"\u003eerb's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude some files from published gem \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFreeze \u003ccode\u003esrc\u003c/code\u003e in \u003ccode\u003eERB#initialize\u003c/code\u003e for Ractor compatibility \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/4d2b45e140044f464794c0463d838d5cb4bba96c\"\u003e\u003ccode\u003e4d2b45e\u003c/code\u003e\u003c/a\u003e Version 6.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9d017be4e375cdd058650ce528ee6adfead20cac\"\u003e\u003ccode\u003e9d017be\u003c/code\u003e\u003c/a\u003e Prohibit def_method on marshal-loaded ERB instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9c8fa8a339605c6edf058805cc549a6afa70cb31\"\u003e\u003ccode\u003e9c8fa8a\u003c/code\u003e\u003c/a\u003e Version 6.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/0ebc6aef1caeb7c8df2e5e4b821d3eb539b5a166\"\u003e\u003ccode\u003e0ebc6ae\u003c/code\u003e\u003c/a\u003e Bump rubygems/release-gem from 1.1.2 to 1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/25a729a9985378a029b7df23f0b2795bf47c47e4\"\u003e\u003ccode\u003e25a729a\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.15.0 to 2.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9820802399770bc56b986ee65510ae93fd20103a\"\u003e\u003ccode\u003e9820802\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/261136602a4e9079360575b805180df2c6877eb6\"\u003e\u003ccode\u003e2611366\u003c/code\u003e\u003c/a\u003e Bump lewagon/wait-on-check-action from 1.5.0 to 1.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/890d87f02d18be5735f18d817c7f6dc49f62dd4a\"\u003e\u003ccode\u003e890d87f\u003c/code\u003e\u003c/a\u003e Use github.token instead of missing MATZBOT_DEPENDABOT_MERGE_TOKEN secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/afc32b6dd1a6b2c41a15e6ac10ac3f6899de42f9\"\u003e\u003ccode\u003eafc32b6\u003c/code\u003e\u003c/a\u003e Fix dependabot auto-merge by using GH_TOKEN env var\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/2fd0a6b71c0db9d5b0b14aaaab4d1768d54e7600\"\u003e\u003ccode\u003e2fd0a6b\u003c/code\u003e\u003c/a\u003e fix: exclude some files from published gem (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json` from 2.19.1 to 2.19.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-06-03 (2.19.8)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5233dd9b851a4924f793aec1a1658ed8b66a34c7\"\u003e\u003ccode\u003e5233dd9\u003c/code\u003e\u003c/a\u003e Release 2.19.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/3f44b26cf34f37e97065ff37f5eaecac69d5f28e\"\u003e\u003ccode\u003e3f44b26\u003c/code\u003e\u003c/a\u003e Prevent buffer over-read when generating EOF error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/be8d068a8eb1124fdc2273e102dc986edf1140f7\"\u003e\u003ccode\u003ebe8d068\u003c/code\u003e\u003c/a\u003e Handle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/59501c07de4257714d94a2d5bd44f08fad1a4a4c\"\u003e\u003ccode\u003e59501c0\u003c/code\u003e\u003c/a\u003e Get rid of all_images gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c7a7b2be6f20e52439f4fdc5263e9b539fc6ad6c\"\u003e\u003ccode\u003ec7a7b2b\u003c/code\u003e\u003c/a\u003e Add a security note in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `loofah` from 2.25.0 to 2.25.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/flavorjones/loofah/releases\"\u003eloofah's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.25.1 / 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003eLoofah::HTML5::Scrub.allowed_uri?\u003c/code\u003e recognizes unescaped whitespace entities and rejects schemas containing them. See \u003ca href=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-46fp-8f5p-pf2m\"\u003eGHSA-46fp-8f5p-pf2m\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md\"\u003eloofah's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.25.1 / 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003eLoofah::HTML5::Scrub.allowed_uri?\u003c/code\u003e recognizes unescaped whitespace entities and rejects schemas containing them. See \u003ca href=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-46fp-8f5p-pf2m\"\u003eGHSA-46fp-8f5p-pf2m\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/c895c8b2ac9c7255ca10c4e3083b8f0b019b7189\"\u003e\u003ccode\u003ec895c8b\u003c/code\u003e\u003c/a\u003e version bump to v2.25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/f4ebc9c5193dde759a57541062e490e86fc7c068\"\u003e\u003ccode\u003ef4ebc9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e from flavorjones/flavorjones/better-allowed-uri\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/9f4e5dbd79f63775b3ad6196fa391f8e807da156\"\u003e\u003ccode\u003e9f4e5db\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003eallowed_uri?\u003c/code\u003e to handle unescaped whitespace entities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/e6f47515f642b1868f9025e85429301fa6f8bb20\"\u003e\u003ccode\u003ee6f4751\u003c/code\u003e\u003c/a\u003e doc: Move security reporting to Github\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/flavorjones/loofah/compare/v2.25.0...v2.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 0.8.0 to 0.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.9.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_delete\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eMCP::Client::Stdio\u003c/code\u003e transport (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProgress notifications per MCP specification (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAutomatic \u003ccode\u003e_meta\u003c/code\u003e parameter extraction support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCORS and Accept wildcard support for browser-based MCP clients (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eautoload\u003c/code\u003e to defer loading of unused subsystems (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce release package size (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse mutex-protected \u003ccode\u003esession_exists?\u003c/code\u003e in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/blob/main/CHANGELOG.md\"\u003emcp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.9.2] - 2026-03-27\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.9.1] - 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_delete\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.9.0] - 2026-03-20\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eMCP::Client::Stdio\u003c/code\u003e transport (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProgress notifications per MCP specification (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAutomatic \u003ccode\u003e_meta\u003c/code\u003e parameter extraction support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCORS and Accept wildcard support for browser-based MCP clients (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eautoload\u003c/code\u003e to defer loading of unused subsystems (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce release package size (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse mutex-protected \u003ccode\u003esession_exists?\u003c/code\u003e in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/3fc7bcd2683d2200d42f79ab46752dc65f896db1\"\u003e\u003ccode\u003e3fc7bcd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/272\"\u003e#272\u003c/a\u003e from koic/release_0_9_2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/8fbc2b46313479cdbf5afbb44045583f94e813e3\"\u003e\u003ccode\u003e8fbc2b4\u003c/code\u003e\u003c/a\u003e Release 0.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/6b092797c90183099b88f86ada44b27dea340d6f\"\u003e\u003ccode\u003e6b09279\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e from koic/use_accessor_in_server_context_with_meta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/a2575b24e5f48943f4f0b66b6632b917fe803116\"\u003e\u003ccode\u003ea2575b2\u003c/code\u003e\u003c/a\u003e Use accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/e189d7852a80d63c00bd488fe5f58420673aaa87\"\u003e\u003ccode\u003ee189d78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/db40143402d65b4fb6923cec42d2d72cb89b3874\"\u003e\u003ccode\u003edb40143\u003c/code\u003e\u003c/a\u003e Reject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/3b1fc72fb50dfe3685e5d5387820b86d25f60e94\"\u003e\u003ccode\u003e3b1fc72\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/267\"\u003e#267\u003c/a\u003e from koic/release_0_9_1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/f29259c0b1f540c56acd977ed17f938c3388b641\"\u003e\u003ccode\u003ef29259c\u003c/code\u003e\u003c/a\u003e Release 0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/ccddd87e96f66ddd00884fda906a08634303fa05\"\u003e\u003ccode\u003eccddd87\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e from koic/allow_client_call_tool_to_accept_a_tool_name\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/73070f1fd7e8e69658c5f13e10212d537ffc3799\"\u003e\u003ccode\u003e73070f1\u003c/code\u003e\u003c/a\u003e Allow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/compare/v0.8.0...v0.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `net-imap` from 0.5.12 to 0.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/net-imap/releases\"\u003enet-imap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e🔒 Security\u003c/h3\u003e\n\u003cp\u003eThis release contains fixes for \u003cstrong\u003emultiple vulnerabilities\u003c/strong\u003e concerning \u003cem\u003e\u003cstrong\u003e\u003ccode\u003eSTARTTLS\u003c/code\u003e stripping\u003c/strong\u003e\u003c/em\u003e, argument validation, and denial of service attacks.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/665\"\u003eruby/net-imap#665\u003c/a\u003e fixes a \u003ccode\u003eSTARTTLS\u003c/code\u003e stripping vulnerability (GHSA-vcgp-9326-pqcp).\nWithout this fix, a man-in-the-middle attacker can cause \u003ccode\u003eNet::IMAP#starttls\u003c/code\u003e to return \u0026quot;successfully\u0026quot;, \u003cstrong\u003e\u003cem\u003ewithout starting TLS\u003c/em\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nArgument validation is significantly improved.  Several command injection vulnerabilities have been fixed:\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via Symbol arguments (GHSA-75xq-5h9v-w6px).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003eattr\u003c/code\u003e argument to \u003ccode\u003e#store\u003c/code\u003e/\u003ccode\u003e#uid_store\u003c/code\u003e (GHSA-hm49-wcqc-g2xg)\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003estorage_limit\u003c/code\u003e argument to \u003ccode\u003e#setquota\u003c/code\u003e (GHSA-hm49-wcqc-g2xg).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command injection via \u003ccode\u003eRawData\u003c/code\u003e (GHSA-hm49-wcqc-g2xg):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#search\u003c/code\u003e and \u003ccode\u003e#uid_search\u003c/code\u003e send \u003ccode\u003ecriteria\u003c/code\u003e as raw data, when it is a String\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e#fetch\u003c/code\u003e and \u003ccode\u003e#uid_fetch\u003c/code\u003e send \u003ccode\u003eattr\u003c/code\u003e as raw data, when it is a String.\nWhen \u003ccode\u003eattr\u003c/code\u003e is an Array, its String members are sent as raw data.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!CAUTION]\n\u003ccode\u003eRawData\u003c/code\u003e does not defend against \u003cem\u003eother\u003c/em\u003e forms of argument injection!  It is an intentionally low-level API.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nTwo denial of service vulnerabilities have been addressed.\nThese are generally only relevant when connecting to an \u003cem\u003euntrusted hostile server\u003c/em\u003e (or without TLS).\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/650\"\u003eruby/net-imap#650\u003c/a\u003e fixes quadratic time complexity when reading large responses containing many string literals (GHSA-q2mw-fvj9-vvcw).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/656\"\u003eruby/net-imap#656\u003c/a\u003e adds a configurable \u003ccode\u003emax_iterations\u003c/code\u003e count for \u003ccode\u003eSCRAM-*\u003c/code\u003e authentication (GHSA-87pf-fpwv-p7m7).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 Add \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/654\"\u003e#654\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/656\"\u003eruby/net-imap#656\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 Fix STARTTLS stripping vulnerability (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/665\"\u003eruby/net-imap#665\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔒 Fix CRLF injection vulnerabilities (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/657\"\u003e#657\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/658\"\u003e#658\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/659\"\u003e#659\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/660\"\u003e#660\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/636\"\u003e#636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/661\"\u003e#661\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e, reported by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e⚡ Much faster ResponseReader performance (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/642\"\u003e#642\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/650\"\u003eruby/net-imap#650\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 Config \u003ccode\u003eversion_defaults\u003c/code\u003e should be attr_reader (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/594\"\u003e#594\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/631\"\u003eruby/net-imap#631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 Wait to continue RawData literals (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/660\"\u003e#660\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️  Improve internal literal sending (partially backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/616\"\u003e#616\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/649\"\u003e#649\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/652\"\u003eruby/net-imap#652\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Fix Data polyfill tests for ruby 4.1 by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/632\"\u003eruby/net-imap#632\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/net-imap/compare/v0.5.13...v0.5.14\"\u003ehttps://github.com/ruby/net-imap/compare/v0.5.13...v0.5.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/4063bc1d1d3e21046544ed7a2c131e5f886bab01\"\u003e\u003ccode\u003e4063bc1\u003c/code\u003e\u003c/a\u003e 🔖 Bump version to 0.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da\"\u003e\u003ccode\u003ef79d35b\u003c/code\u003e\u003c/a\u003e 🔀 Merge pull request \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/665\"\u003e#665\u003c/a\u003e from ruby/backport/v0.5/STARTTLS-stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/b3ad198bdecd7f8f1342bf2f0191bc5261130383\"\u003e\u003ccode\u003eb3ad198\u003c/code\u003e\u003c/a\u003e 🍒 pick 24d5c773d: 🔒🥅 Handle tagged \u0026quot;OK\u0026quot; to incomplete command [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/7a233c57fdf319ad8f238072a60c27948dd44e89\"\u003e\u003ccode\u003e7a233c5\u003c/code\u003e\u003c/a\u003e 🍒 pick 62eea6ffe: 🔒🥅 Ensure STARTTLS tagged response was handled [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/a530fa7d0efba9e02aa88ea9b9835e4d5e58f308\"\u003e\u003ccode\u003ea530fa7\u003c/code\u003e\u003c/a\u003e 🍒 pick 46636cae8: ❌🔒 Add failing test for STARTTLS stripping [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/6...\n\n_Description has been truncated_","html_url":"https://github.com/yuuki2014/shiroichizu/pull/217","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuuki2014%2Fshiroichizu/issues/217","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/217/packages"},{"uuid":"4575412978","node_id":"PR_kwDOQp4dK87h_fBe","number":3,"state":"open","title":"chore(deps): bump the bundler group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:28:47.000Z","updated_at":"2026-06-02T22:29:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"bundler","update_count":7,"packages":[{"name":"activesupport","old_version":"7.2.2.1","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"aws-sdk-s3","old_version":"1.181.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"faraday","old_version":"1.10.4","new_version":"1.10.5","repository_url":"https://github.com/lostisland/faraday"},{"name":"json","old_version":"2.10.1","new_version":"2.10.2","repository_url":"https://github.com/ruby/json"},{"name":"jwt","old_version":"2.10.1","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"},{"name":"rexml","old_version":"3.4.1","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [activesupport](https://github.com/rails/rails) | `7.2.2.1` | `7.2.3.1` |\n| [addressable](https://github.com/sporkmonger/addressable) | `2.8.7` | `2.9.0` |\n| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.181.0` | `1.208.0` |\n| [faraday](https://github.com/lostisland/faraday) | `1.10.4` | `1.10.5` |\n| [json](https://github.com/ruby/json) | `2.10.1` | `2.10.2` |\n| [jwt](https://github.com/jwt/ruby-jwt) | `2.10.1` | `2.10.3` |\n| [rexml](https://github.com/ruby/rexml) | `3.4.1` | `3.4.2` |\n\n\nUpdates `activesupport` from 7.2.2.1 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.2.1...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.181.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 1.10.4 to 1.10.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport CVE-2026-25765 by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1665\"\u003elostisland/faraday#1665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ehttps://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/5c1d68aae6020c7a5398147356e5a42ca205bf80\"\u003e\u003ccode\u003e5c1d68a\u003c/code\u003e\u003c/a\u003e Version bump to 1.10.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/ea02c0ecbcd7ecc5553767f0cd97ec94eae6142b\"\u003e\u003ccode\u003eea02c0e\u003c/code\u003e\u003c/a\u003e Update rubocop complexity thresholds for security fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d0fc049beb0b0e4e3bd4a52711189130bba7c5f4\"\u003e\u003ccode\u003ed0fc049\u003c/code\u003e\u003c/a\u003e Backport security fix for CVE-2026-25765 to 1.x branch (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1665\"\u003e#1665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json` from 2.10.1 to 2.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e unadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/ruby/json/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2025-03-12 (2.10.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e inadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/350c1fd154eaf7840f696c623362478a9148166c\"\u003e\u003ccode\u003e350c1fd\u003c/code\u003e\u003c/a\u003e Release 2.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf\"\u003e\u003ccode\u003ec56db31\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cf242d89a0523bacd5238a59c77b33411b8c3208\"\u003e\u003ccode\u003ecf242d8\u003c/code\u003e\u003c/a\u003e Fix potential out of bound read in \u003ccode\u003ejson_string_unescape\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/57911f1ecf065c36cf36e6bc46fd037c675ceb55\"\u003e\u003ccode\u003e57911f1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/762\"\u003e#762\u003c/a\u003e from byroot/invalid-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7d0637b9e6e0269c88418b142cb9a1ef2799587d\"\u003e\u003ccode\u003e7d0637b\u003c/code\u003e\u003c/a\u003e Raise a ParserError on all incomplete unicode escape sequence.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c079793b7655b749a4d85f5c8e6bd2649fd31c0c\"\u003e\u003ccode\u003ec079793\u003c/code\u003e\u003c/a\u003e Avoid fast-path IO writes when IO has ext enc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ac30b69c06a2e4d21cca4875a7265c24f6ede5ed\"\u003e\u003ccode\u003eac30b69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/757\"\u003e#757\u003c/a\u003e from rahim/fix-generator-error-no-method-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/2e015ff839ed2044ead0fd27b63a912766270a1b\"\u003e\u003ccode\u003e2e015ff\u003c/code\u003e\u003c/a\u003e Fix JSON::GeneratorError#detailed_message with Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f3e113654fb61cb670ab70f2470dc26183c369e1\"\u003e\u003ccode\u003ef3e1136\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/756\"\u003e#756\u003c/a\u003e from byroot/utf8-snippets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e144793b7226c2df75c414749d6f87ab7fcf4dce\"\u003e\u003ccode\u003ee144793\u003c/code\u003e\u003c/a\u003e Ensure parser error snippets are valid UTF-8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jwt` from 2.10.1 to 2.10.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.1\"\u003ev3.2.1\u003c/a\u003e (NEXT)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.2.0...v3.2.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eYour contribution here\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix rejection of unknown algorithms from JWKs for RFC compliance and pquip \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/728\"\u003e#728\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/658275c3f20156df0656cf25d3e2129fa0fd2322\"\u003e\u003ccode\u003e658275c\u003c/code\u003e\u003c/a\u003e Version 2.10.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/67dc9d344ece2c18ff1f25621e10f5a692503191\"\u003e\u003ccode\u003e67dc9d3\u003c/code\u003e\u003c/a\u003e Backport: Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/c73c286901b88bd7c73ec72c5154da74b8533ba1\"\u003e\u003ccode\u003ec73c286\u003c/code\u003e\u003c/a\u003e Simplify CI on 2.10 branch (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7ff5f070ce696ed31d361238fda221d429786187\"\u003e\u003ccode\u003e7ff5f07\u003c/code\u003e\u003c/a\u003e Fix deprecation messages\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.4.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.4.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/EmilynnJ/jitsi-meet/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade Bundler dependencies to pick up security fixes and SDK improvements. Bumps `activesupport`, `addressable`, `aws-sdk-s3`, `faraday`, `json`, `jwt`, and `rexml` with no app code changes.\n\n- **Dependencies**\n  - `activesupport` 7.2.3.1 — security fixes and minor perf updates\n  - `addressable` 2.9.0 — fixes ReDoS in Template#match\n  - `aws-sdk-s3` 1.208.0 — SDK updates incl. encryption and checksum behavior\n  - `faraday` 1.10.5 — security fix\n  - `json` 2.10.2 — parser stability fixes\n  - `jwt` 2.10.3 — reject nil/empty HMAC keys (security)\n  - `rexml` 3.4.2 — performance and parsing improvements\n\n\u003csup\u003eWritten for commit 9f6a056a79f5089917c2f9c93714eabeea5fc4ce. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/jitsi-meet/pull/3?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 7 bundler dependencies in Gemfile.lock\n\u003e Updates the Ruby bundler lockfile with 7 dependency version bumps. No application logic changes are included.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 9f6a056.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/jitsi-meet/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fjitsi-meet/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4524547044","node_id":"PR_kwDOC0W56M7fbO48","number":22,"state":"open","title":"Bump the bundler group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T13:35:38.000Z","updated_at":"2026-05-26T13:36:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":3,"packages":[{"name":"addressable","old_version":"2.8.8","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"faraday","old_version":"2.14.1","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"},{"name":"nokogiri","old_version":"1.19.1","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 3 updates in the / directory: [addressable](https://github.com/sporkmonger/addressable), [faraday](https://github.com/lostisland/faraday) and [nokogiri](https://github.com/sparklemotion/nokogiri).\n\nUpdates `addressable` from 2.8.8 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.8...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.14.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/2ecd5e05388303087c3f6872ef7f98f260e9560f\"\u003e\u003ccode\u003e2ecd5e0\u003c/code\u003e\u003c/a\u003e Update version.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3f1280c69e93297d574e85a2d462d05ebadf1d09\"\u003e\u003ccode\u003e3f1280c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/81dc1688742ad30fa747daba5a82592a1e4df8a8\"\u003e\u003ccode\u003e81dc168\u003c/code\u003e\u003c/a\u003e Upgrade package.json packages using audit fix (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/8b4d1fd06fd47dd33f3720794d4df38498c240ec\"\u003e\u003ccode\u003e8b4d1fd\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a01039c948d3e9e41e03d152aed7244f0fb4d5ca\"\u003e\u003ccode\u003ea01039c\u003c/code\u003e\u003c/a\u003e fix(docs): fix incorrect link label in request-options and remove dead link i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/7df3f24bc32d309136c67d94a9f5e4679085af0d\"\u003e\u003ccode\u003e7df3f24\u003c/code\u003e\u003c/a\u003e Lint: Style/OneClassPerFile (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1668\"\u003e#1668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/c6988a840738760fae1a40d653fa2ccd0da425b9\"\u003e\u003ccode\u003ec6988a8\u003c/code\u003e\u003c/a\u003e Modernize RuboCop configuration and fix offenses (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/32e010f1c3d5cf0f854fd52df553adf9b29985f4\"\u003e\u003ccode\u003e32e010f\u003c/code\u003e\u003c/a\u003e Add Ruby 4 to CI (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.19.1 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/carlowahlstedt/carlowahlstedt.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/carlowahlstedt/carlowahlstedt.github.io/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlowahlstedt%2Fcarlowahlstedt.github.io/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"},{"uuid":"4472017836","node_id":"PR_kwDOPKm1Fs7cy_dL","number":34,"state":"closed","title":"Bump the bundler group across 9 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T20:32:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T19:37:07.000Z","updated_at":"2026-06-09T20:32:08.000Z","time_to_close":1904099,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":6,"packages":[{"name":"nokogiri","old_version":"1.13.8","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.4","new_version":"2.2.23","repository_url":"https://github.com/rack/rack"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"addressable","old_version":"2.8.4","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"faraday","old_version":"2.13.1","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"},{"name":"rack","old_version":"3.1.14","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"},{"name":"faraday","old_version":"2.11.0","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack), [addressable](https://github.com/sporkmonger/addressable), [faraday](https://github.com/lostisland/faraday), [rack-session](https://github.com/rack/rack-session) and [jwt](https://github.com/jwt/ruby-jwt) to permit the latest version.\nUpdates `nokogiri` from 1.13.8 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.13.8...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 2.2.4 to 2.2.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.4 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.4...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.13.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/2ecd5e05388303087c3f6872ef7f98f260e9560f\"\u003e\u003ccode\u003e2ecd5e0\u003c/code\u003e\u003c/a\u003e Update version.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3f1280c69e93297d574e85a2d462d05ebadf1d09\"\u003e\u003ccode\u003e3f1280c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/81dc1688742ad30fa747daba5a82592a1e4df8a8\"\u003e\u003ccode\u003e81dc168\u003c/code\u003e\u003c/a\u003e Upgrade package.json packages using audit fix (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/8b4d1fd06fd47dd33f3720794d4df38498c240ec\"\u003e\u003ccode\u003e8b4d1fd\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a01039c948d3e9e41e03d152aed7244f0fb4d5ca\"\u003e\u003ccode\u003ea01039c\u003c/code\u003e\u003c/a\u003e fix(docs): fix incorrect link label in request-options and remove dead link i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/7df3f24bc32d309136c67d94a9f5e4679085af0d\"\u003e\u003ccode\u003e7df3f24\u003c/code\u003e\u003c/a\u003e Lint: Style/OneClassPerFile (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1668\"\u003e#1668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/c6988a840738760fae1a40d653fa2ccd0da425b9\"\u003e\u003ccode\u003ec6988a8\u003c/code\u003e\u003c/a\u003e Modernize RuboCop configuration and fix offenses (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/32e010f1c3d5cf0f854fd52df553adf9b29985f4\"\u003e\u003ccode\u003e32e010f\u003c/code\u003e\u003c/a\u003e Add Ruby 4 to CI (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.14 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.4...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/releases\"\u003erack-session's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.11.0 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"ht...\n\n_Description has been truncated_","html_url":"https://github.com/useplato/gitlabhq/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/useplato%2Fgitlabhq/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"},{"uuid":"4471611584","node_id":"PR_kwDOPmBpWM7cxqM-","number":11,"state":"closed","title":"Bump the bundler group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T00:18:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T18:35:05.000Z","updated_at":"2026-05-27T00:18:24.000Z","time_to_close":711797,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":18,"packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"carrierwave","old_version":"1.3.4","new_version":"2.2.6","repository_url":"https://github.com/carrierwaveuploader/carrierwave"},{"name":"aws-sdk-s3","old_version":"1.198.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"view_component","old_version":"3.23.2","new_version":"4.11.0","repository_url":"https://github.com/viewcomponent/view_component"},{"name":"actionview","old_version":"8.0.2.1","new_version":"8.0.5","repository_url":"https://github.com/rails/rails"},{"name":"activestorage","old_version":"8.0.2.1","new_version":"8.0.5","repository_url":"https://github.com/rails/rails"},{"name":"activesupport","old_version":"8.0.2.1","new_version":"8.0.5","repository_url":"https://github.com/rails/rails"},{"name":"css_parser","old_version":"1.21.1","new_version":"1.22.0","repository_url":"https://github.com/premailer/css_parser"},{"name":"erb","old_version":"5.0.2","new_version":"6.0.4","repository_url":"https://github.com/ruby/erb"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [addressable](https://github.com/sporkmonger/addressable), [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [carrierwave](https://github.com/carrierwaveuploader/carrierwave), [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby), [view_component](https://github.com/viewcomponent/view_component), [actionview](https://github.com/rails/rails), [activestorage](https://github.com/rails/rails), [activesupport](https://github.com/rails/rails), [css_parser](https://github.com/premailer/css_parser), [erb](https://github.com/ruby/erb), [faraday](https://github.com/lostisland/faraday), [jwt](https://github.com/jwt/ruby-jwt), [net-imap](https://github.com/ruby/net-imap), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml), [uri](https://github.com/ruby/uri) and [yard](https://yardoc.org) to permit the latest version.\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `carrierwave` from 1.3.4 to 2.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/releases\"\u003ecarrierwave's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/blob/v2.2.6/CHANGELOG.md\"\u003ecarrierwave's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6 - 2024-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5 - 2023-11-29\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4 - 2023-06-10\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3 - 2022-11-21\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2 - 2021-05-28\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1 - 2021-03-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0 - 2021-02-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/eb6359e79fee43d1c480b0f50d9a585b3c3b1c1c\"\u003e\u003ccode\u003eeb6359e\u003c/code\u003e\u003c/a\u003e Version 2.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e\u003ccode\u003e4317871\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability remained\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/0fcff94cebce07b856531d6502b11466e8331409\"\u003e\u003ccode\u003e0fcff94\u003c/code\u003e\u003c/a\u003e Version 2.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e\u003ccode\u003e39b282d\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f91bee6487d8e5d8bd2c1a88dd25269a2c1e4d0\"\u003e\u003ccode\u003e2f91bee\u003c/code\u003e\u003c/a\u003e Version 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f2d77a42e9f871ae342920581050cc6669e5c7c\"\u003e\u003ccode\u003e2f2d77a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2665\"\u003e#2665\u003c/a\u003e from SuperTux88/backport-kwargs-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/52237f4992c1dd39dca3bdbac7aa6b242947915d\"\u003e\u003ccode\u003e52237f4\u003c/code\u003e\u003c/a\u003e fix: ruby 2.7 kwarg warning in uploader process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/bdb0be021107a75faabdce4121e493ad3efdcea4\"\u003e\u003ccode\u003ebdb0be0\u003c/code\u003e\u003c/a\u003e File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/ed8c518c8ac0186cb25623895ca40706a65bb7cd\"\u003e\u003ccode\u003eed8c518\u003c/code\u003e\u003c/a\u003e Forward to 1.x changelog for older changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/baf5df7d9acea95f46eaea456743241ef3d644f5\"\u003e\u003ccode\u003ebaf5df7\u003c/code\u003e\u003c/a\u003e Version 2.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/compare/v1.3.4...v2.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.198.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `view_component` from 3.23.2 to 4.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/viewcomponent/view_component/releases\"\u003eview_component's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erender_in\u003c/code\u003e signature to accept \u003ccode\u003e**_\u003c/code\u003e for compatibility with Rails \u003ca href=\"https://redirect.github.com/rails/rails/pull/50623\"\u003e#50623\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix translation scope resolution in nested lambda-backed slots. Relative \u003ccode\u003et(\u0026quot;.key\u0026quot;)\u003c/code\u003e calls inside lambda-backed slots were resolving against an intermediate component's scope instead of the original partial's scope where the block was defined.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eArtin Boghosian\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNameError: uninitialized constant ViewComponent::SystemTestControllerNefariousPathError\u003c/code\u003e when booting in the test environment with \u003ccode\u003eeager_load = true\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix yielded content rendered at wrong location when using form helpers.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e, \u003cem\u003eMarkus\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix path traversal vulnerability in \u003ccode\u003eViewComponentsSystemTestController\u003c/code\u003e where sibling directories sharing a string prefix with the allowed temp directory could bypass the path containment check. The \u003ccode\u003estart_with?\u003c/code\u003e check has been replaced with a separator-aware prefix check, and nefarious path errors now return a 404 instead of an unhandled exception.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix preview route vulnerability where inherited methods on \u003ccode\u003eViewComponent::Preview\u003c/code\u003e (such as \u003ccode\u003erender_with_template\u003c/code\u003e) could be invoked via the preview URL, allowing arbitrary internal Rails templates to be rendered with attacker-controlled locals and request parameters. \u003ccode\u003erender_args\u003c/code\u003e now raises \u003ccode\u003eAbstractController::ActionNotFound\u003c/code\u003e for any example not explicitly declared on the preview subclass.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eyard-lint\u003c/code\u003e to CI.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003ecompile.view_component\u003c/code\u003e ActiveSupport::Notifications event for eager compilation at boot time.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e, \u003cem\u003eGitHub Copilot\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix stale content cache when slots are accessed before \u003ccode\u003erender_in\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJared Armstrong\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd rubocop-view_component to resources.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eAndy Waite\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix bug where inheritance of components with formatless templates improperly raised a NoMethodError.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eGitHub Copilot\u003c/em\u003e, \u003cem\u003eJoel Hawksley\u003c/em\u003e, \u003cem\u003eCameron Dutro\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.6.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ViewComponent/view_component/blob/main/docs/CHANGELOG.md\"\u003eview_component's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erender_in\u003c/code\u003e signature to accept \u003ccode\u003e**_\u003c/code\u003e for compatibility with Rails \u003ca href=\"https://redirect.github.com/rails/rails/pull/50623\"\u003e#50623\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix translation scope resolution in nested lambda-backed slots. Relative \u003ccode\u003et(\u0026quot;.key\u0026quot;)\u003c/code\u003e calls inside lambda-backed slots were resolving against an intermediate component's scope instead of the original partial's scope where the block was defined.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eArtin Boghosian\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNameError: uninitialized constant ViewComponent::SystemTestControllerNefariousPathError\u003c/code\u003e when booting in the test environment with \u003ccode\u003eeager_load = true\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix yielded content rendered at wrong location when using form helpers.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e, \u003cem\u003eMarkus\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix path traversal vulnerability in \u003ccode\u003eViewComponentsSystemTestController\u003c/code\u003e where sibling directories sharing a string prefix with the allowed temp directory could bypass the path containment check. The \u003ccode\u003estart_with?\u003c/code\u003e check has been replaced with a separator-aware prefix check, and nefarious path errors now return a 404 instead of an unhandled exception.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix preview route vulnerability where inherited methods on \u003ccode\u003eViewComponent::Preview\u003c/code\u003e (such as \u003ccode\u003erender_with_template\u003c/code\u003e) could be invoked via the preview URL, allowing arbitrary internal Rails templates to be rendered with attacker-controlled locals and request parameters. \u003ccode\u003erender_args\u003c/code\u003e now raises \u003ccode\u003eAbstractController::ActionNotFound\u003c/code\u003e for any example not explicitly declared on the preview subclass.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eyard-lint\u003c/code\u003e to CI.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003ecompile.view_component\u003c/code\u003e ActiveSupport::Notifications event for eager compilation at boot time.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e, \u003cem\u003eGitHub Copilot\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix stale content cache when slots are accessed before \u003ccode\u003erender_in\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJared Armstrong\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd rubocop-view_component to resources.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eAndy Waite\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/b1f6917f3fe02589873c4ae95f7794e0bcb3b0ef\"\u003e\u003ccode\u003eb1f6917\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/viewcomponent/view_component/issues/2640\"\u003e#2640\u003c/a\u003e from ViewComponent/release-4-11-0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/f54b15a7b4cd9b27d9dd45e6907a9ef57d91b918\"\u003e\u003ccode\u003ef54b15a\u003c/code\u003e\u003c/a\u003e bump allocations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/49b66854d2d24fff1e3e3c4822cade917a1ea837\"\u003e\u003ccode\u003e49b6685\u003c/code\u003e\u003c/a\u003e release 4.11.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/e94672a5e27e52c793a8d1ddf68f60e2c5fd1afe\"\u003e\u003ccode\u003ee94672a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/viewcomponent/view_component/issues/2636\"\u003e#2636\u003c/a\u003e from ViewComponent/render_in_api\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/9360f6a1483b28fcfe9ae391543f61070e41937a\"\u003e\u003ccode\u003e9360f6a\u003c/code\u003e\u003c/a\u003e Fix appraisal naming consistency: use underscores throughout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/5b6e7320ab1dbba18f9066cc685a319142818ae5\"\u003e\u003ccode\u003e5b6e732\u003c/code\u003e\u003c/a\u003e whitespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/8a8e8c031eaef4bc52ec3eabf2bf7c615004a3a1\"\u003e\u003ccode\u003e8a8e8c0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/viewcomponent/view_component/issues/2634\"\u003e#2634\u003c/a\u003e from ViewComponent/dependabot/bundler/selenium-webdr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/346937739f4288a6defff13572bb58369d2fe874\"\u003e\u003ccode\u003e3469377\u003c/code\u003e\u003c/a\u003e Rename rails_main-head gemfile to use underscore for appraisal compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/da30a8f7d762e4ec1f4d316de782d5e2f1900c58\"\u003e\u003ccode\u003eda30a8f\u003c/code\u003e\u003c/a\u003e Fix Rails main compatibility issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/635645d172cd395f9ca574d0d3edf7c456f43495\"\u003e\u003ccode\u003e635645d\u003c/code\u003e\u003c/a\u003e fix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/viewcomponent/view_component/compare/v3.23.2...v4.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 8.0.2.1 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.5\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix inflections to better handle overlapping acronyms.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.inflections(:en) do |inflect|\r\n  inflect.acronym \u0026quot;USD\u0026quot;\r\n  inflect.acronym \u0026quot;USDC\u0026quot;\r\nend\r\n\u003cp\u003e\u0026quot;USDC\u0026quot;.underscore # =\u0026gt; \u0026quot;usdc\u0026quot;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSilence Dalli 4.0+ warning when using \u003ccode\u003eActiveSupport::Cache::MemCacheStore\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ezzak\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake \u003ccode\u003edelegate\u003c/code\u003e and \u003ccode\u003edelegate_missing_to\u003c/code\u003e work in BasicObject subclasses.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eRafael Mendonça França\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eActiveSupport::Inflector.humanize\u003c/code\u003e with international characters.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.humanize(\u0026quot;áÉÍÓÚ\u0026quot;)  # =\u0026gt; \u0026quot;Áéíóú\u0026quot;\r\nActiveSupport::Inflector.humanize(\u0026quot;аБВГДЕ\u0026quot;) # =\u0026gt; \u0026quot;Абвгде\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cem\u003eJose Luis Duran\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003einsert_all\u003c/code\u003e and \u003ccode\u003eupsert_all\u003c/code\u003e log message when called on anonymous classes.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eGabriel Sobrinho\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRespect \u003ccode\u003eActiveRecord::SchemaDumper.ignore_tables\u003c/code\u003e when dumping SQLite virtual tables.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eHans Schnedlitz\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRestore previous instrumenter after \u003ccode\u003eexecute_or_skip\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/eb126bb140127d3589ad9be093a845e24fc4f475\"\u003e\u003ccode\u003eeb126bb\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.5 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/f7fe4a5297dac5e1184747ce53e0305c56f487c3\"\u003e\u003ccode\u003ef7fe4a5\u003c/code\u003e\u003c/a\u003e Merge branch '8-0-sec' into 8-0-stable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924\"\u003e\u003ccode\u003ec79a07d\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/853e56de62dcdec036228e56414b49049da5b83a\"\u003e\u003ccode\u003e853e56d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56906\"\u003e#56906\u003c/a\u003e from kataokatsuki/fix-strict-locals-non-ascii-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/f64c3d09ace91c011e0628c9d8cf6ea9874ffe9f\"\u003e\u003ccode\u003ef64c3d0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56891\"\u003e#56891\u003c/a\u003e from pietervisser/fix-collection-caching-to-preserv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0a8792a661211963068f76bdc5f158b873979927\"\u003e\u003ccode\u003e0a8792a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56389\"\u003e#56389\u003c/a\u003e from bogdan/semantic-file-input-accept\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ea29cee26f240ad46051be4ddf47d0351fce1a18\"\u003e\u003ccode\u003eea29cee\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56316\"\u003e#56316\u003c/a\u003e from shivabhusal/support-closing_parenthesis-in-nex...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/950d80c33c462f16897344f0293039b12fbb54ab\"\u003e\u003ccode\u003e950d80c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56270\"\u003e#56270\u003c/a\u003e from Saidbek/fix-multiline-strict-locals-parsing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 8.0.2.1 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.5\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix inflections to better handle overlapping acronyms.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.inflections(:en) do |inflect|\r\n  inflect.acronym \u0026quot;USD\u0026quot;\r\n  inflect.acronym \u0026quot;USDC\u0026quot;\r\nend\r\n\u003cp\u003e\u0026quot;USDC\u0026quot;.underscore # =\u0026gt; \u0026quot;usdc\u0026quot;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSilence Dalli 4.0+ warning when using \u003ccode\u003eActiveSupport::Cache::MemCacheStore\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ezzak\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake \u003ccode\u003edelegate\u003c/code\u003e and \u003ccode\u003edelegate_missing_to\u003c/code\u003e work in BasicObject subclasses.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eRafael Mendonça França\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eActiveSupport::Inflector.humanize\u003c/code\u003e with international characters.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.humanize(\u0026quot;áÉÍÓÚ\u0026quot;)  # =\u0026gt; \u0026quot;Áéíóú\u0026quot;\r\nActiveSupport::Inflector.humanize(\u0026quot;аБВГДЕ\u0026quot;) # =\u0026gt; \u0026quot;Абвгде\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cem\u003eJose Luis Duran\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003einsert_all\u003c/code\u003e and \u003ccode\u003eupsert_all\u003c/code\u003e log message when called on anonymous classes.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eGabriel Sobrinho\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRespect \u003ccode\u003eActiveRecord::SchemaDumper.ignore_tables\u003c/code\u003e when dumping SQLite virtual tables.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eHans Schnedlitz\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRestore previous instrumenter after \u003ccode\u003eexecute_or_skip\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/eb126bb140127d3589ad9be093a845e24fc4f475\"\u003e\u003ccode\u003eeb126bb\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.5 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/f7fe4a5297dac5e1184747ce53e0305c56f487c3\"\u003e\u003ccode\u003ef7fe4a5\u003c/code\u003e\u003c/a\u003e Merge branch '8-0-sec' into 8-0-stable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf\"\u003e\u003ccode\u003e955284d\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348\"\u003e\u003ccode\u003ea290c8a\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e\"\u003e\u003ccode\u003e8fcb934\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d7da4ef03f99035fba5add8828646f1e9173549c\"\u003e\u003ccode\u003ed7da4ef\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5\"\u003e\u003ccode\u003e2cd933c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/3dc1be9084c93d5b5990476bd153c18ae0ba3f4f\"\u003e\u003ccode\u003e3dc1be9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56783\"\u003e#56783\u003c/a\u003e from kudoas/fix-activestorage-blob-content-type-nil\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 8.0.2.1 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.5\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix inflections to better handle overlapping acronyms.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.inflections(:en) do |inflect|\r\n  inflect.acronym \u0026quot;USD\u0026quot;\r\n  inflect.acronym \u0026quot;USDC\u0026quot;\r\nend\r\n\u003cp\u003e\u0026quot;USDC\u0026quot;.underscore # =\u0026gt; \u0026quot;usdc\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSilence Dalli 4.0+ warning when using \u003ccode\u003eActiveSupport::Cache::MemCacheStore\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ezzak\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake \u003ccode\u003edelegate\u003c/code\u003e and \u003ccode\u003edelegate_missing_to\u003c/code\u003e work in BasicObject subclasses.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eRafael Mendonça França\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eActiveSupport::Inflector.humanize\u003c/code\u003e with international characters.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.humanize(\u0026quot;áÉÍÓÚ\u0026quot;)  # =\u0026gt; \u0026quot;Áéíóú\u0026quot;\r\nActiveSupport::Inflector.humanize(\u0026quot;аБВГДЕ\u0026quot;) # =\u0026gt; \u0026quot;Абвгде\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cem\u003eJose Luis Duran\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003einsert_all\u003c/code\u003e and \u003ccode\u003eupsert_all\u003c/code\u003e log message when called on anonymous classes.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eGabriel Sobrinho\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRespect \u003ccode\u003eActiveRecord::SchemaDumper.ignore_tables\u003c/code\u003e when dumping SQLite virtual tables.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eHans Schnedlitz\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRestore previous instrumenter after \u003ccode\u003eexecute_or_skip\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/eb126bb140127d3589ad9be093a845e24fc4f475\"\u003e\u003ccode\u003eeb126bb\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.5 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/f7fe4a5297dac5e1184747ce53e0305c56f487c3\"\u003e\u003ccode\u003ef7fe4a5\u003c/code\u003e\u003c/a\u003e Merge branch '8-0-sec' into 8-0-stable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11\"\u003e\u003ccode\u003e29154f1\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db\"\u003e\u003ccode\u003e6e8a811\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856\"\u003e\u003ccode\u003eee2c59e\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/5b6ad9db89b30b48753cced1fb261781a716fcb4\"\u003e\u003ccode\u003e5b6ad9d\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0b0daad4cf655374fff8d7d7c959a0230079c335\"\u003e\u003ccode\u003e0b0daad\u003c/code\u003e\u003c/a\u003e [DOC] Update CHANGELOG with key overwrite precedence note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/40acbf77827bd8196b25d8fc31abc9d129088d03\"\u003e\u003ccode\u003e40acbf7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56679\"\u003e#56679\u003c/a\u003e from Saidbek/fix-overlapping-acronyms-order\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `css_parser` from 1.21.1 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/premailer/css_parser/blob/master/CHANGELOG.md\"\u003ecss_parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRuby CSS Parser CHANGELOG\u003c/h2\u003e\n\u003ch3\u003eUnreleased\u003c/h3\u003e\n\u003ch3\u003eVersion 2.2.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAccept CSS \u003ccode\u003e\u0026lt;number\u0026gt;\u003c/code\u003e values with an omitted integer part (e.g. \u003ccode\u003e.1\u003c/code\u003e) inside \u003ccode\u003ergb()\u003c/code\u003e/\u003ccode\u003ergba()\u003c/code\u003e/\u003ccode\u003ehsl()\u003c/code\u003e/\u003ccode\u003ehsla()\u003c/code\u003e. Previously \u003ccode\u003eRE_COLOUR_NUMERIC\u003c/code\u003e and \u003ccode\u003eRE_COLOUR_NUMERIC_ALPHA\u003c/code\u003e required at least one digit before the decimal point, which caused colours such as \u003ccode\u003ergba(0,0,0,.1)\u003c/code\u003e to be silently dropped during shorthand expansion (\u003ccode\u003ebackground-color\u003c/code\u003e from \u003ccode\u003ebackground:\u003c/code\u003e, \u003ccode\u003eborder-*-color\u003c/code\u003e from \u003ccode\u003eborder:\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate ssl when pulling files via https\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ruby \u0026lt;3.2, fix a memory leak\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/040895b7e554f4afbbf1a0dbd239eb2b85de7c32\"\u003e\u003ccode\u003e040895b\u003c/code\u003e\u003c/a\u003e v1.22.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/5069b71b4258dc9423db0019848654e8a1ea5c9b\"\u003e\u003ccode\u003e5069b71\u003c/code\u003e\u003c/a\u003e bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/e0c95d5abe91b237becb90ff316531a6547ada18\"\u003e\u003ccode\u003ee0c95d5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/premailer/css_parser/issues/186\"\u003e#186\u003c/a\u003e from premailer/grosser/https\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/premailer/css_parser/compare/v1.21.1...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erb` from 5.0.2 to 6.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease not...\n\n_Description has been truncated_","html_url":"https://github.com/EthanThePhoenix38/openproject/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EthanThePhoenix38%2Fopenproject/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"},{"uuid":"4452555902","node_id":"PR_kwDOPnYUEs7b2G16","number":182,"state":"open","title":"Bump addressable from 2.8.7 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-15T08:45:31.000Z","updated_at":"2026-05-15T09:04:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.7 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/aistomin/aistomin.com/pull/182","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aistomin%2Faistomin.com/issues/182","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/182/packages"},{"uuid":"4444489367","node_id":"PR_kwDOIgEX4M7bca91","number":572,"state":"closed","title":"chore(deps): bump addressable from 2.8.7 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-14T08:45:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T08:41:24.000Z","updated_at":"2026-05-14T08:45:42.000Z","time_to_close":252,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.7 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=addressable\u0026package-manager=bundler\u0026previous-version=2.8.7\u0026new-version=2.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Apadmi-Engineering/Mockzilla/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Apadmi-Engineering/Mockzilla/pull/572","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Apadmi-Engineering%2FMockzilla/issues/572","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/572/packages"},{"uuid":"4425741184","node_id":"PR_kwDOED3WRc7af5hz","number":104,"state":"closed","title":"Bump addressable from 2.8.0 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-12T09:12:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T02:35:06.000Z","updated_at":"2026-05-12T09:12:20.000Z","time_to_close":23832,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"addressable","old_version":"2.8.0","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.0 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.4 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore \u003ccode\u003eAddressable::IDNA.unicode_normalize_kc\u003c/code\u003e as a deprecated method (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/504\"\u003esporkmonger/addressable#504\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.3 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix template expand level 2 hash support for non-string objects (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/499\"\u003e#499\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/498\"\u003e#498\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.0...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=addressable\u0026package-manager=bundler\u0026previous-version=2.8.0\u0026new-version=2.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CalConnect/cc-digital-addresses/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/CalConnect/cc-digital-addresses/pull/104","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/CalConnect%2Fcc-digital-addresses/issues/104","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/104/packages"},{"uuid":"4412315511","node_id":"PR_kwDOOclWfc7Z1g6m","number":37,"state":"open","title":"Bump the bundler group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T11:14:44.000Z","updated_at":"2026-05-09T11:14:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":6,"packages":[{"name":"activesupport","old_version":"7.0.6","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.5","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"faraday","old_version":"2.7.10","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"google-protobuf","old_version":"3.23.4","new_version":"3.25.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"nokogiri","old_version":"1.15.3","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rexml","old_version":"3.2.6","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [activesupport](https://github.com/rails/rails), [addressable](https://github.com/sporkmonger/addressable), [faraday](https://github.com/lostisland/faraday), [google-protobuf](https://github.com/protocolbuffers/protobuf), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rexml](https://github.com/ruby/rexml) to permit the latest version.\nUpdates `activesupport` from 7.0.6 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.0.6...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.5 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.5...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.7.10 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.7.10...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-protobuf` from 3.23.4 to 3.25.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/70e85ae1f994ee91001a18d9b5b4688ac027c03d\"\u003e\u003ccode\u003e70e85ae\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.5-dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/489aba5b55bb994bcd130a43e20cc9be3be04adf\"\u003e\u003ccode\u003e489aba5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15984\"\u003e#15984\u003c/a\u003e from mkruskal-google/staleness-fix-25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/367c7bea8dd5505f817f41e052e50caa694fb0e6\"\u003e\u003ccode\u003e367c7be\u003c/code\u003e\u003c/a\u003e Regen stale files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/bbbd2dea0e508289d45b48612e4659a230708209\"\u003e\u003ccode\u003ebbbd2de\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.4-dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/fc222b9420e19d902e0aee5a6a95274dbbc2fc06\"\u003e\u003ccode\u003efc222b9\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.3-dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ac04475591db12de14e89d3d750519c2ca9a4cc\"\u003e\u003ccode\u003e6ac0447\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.2-dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7f94235e552599141950d7a4a3eaf93bc87d1b22\"\u003e\u003ccode\u003e7f94235\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4b00c75ecbc40389615ddf5482dbabc3a354eea\"\u003e\u003ccode\u003ee4b00c7\u003c/code\u003e\u003c/a\u003e Add support for extensions in CRuby, JRuby, and FFI Ruby (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/14703\"\u003e#14703\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/14756\"\u003e#14756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/2495d4f96bf4edcc4f770ceb27ae98c71a56fcdb\"\u003e\u003ccode\u003e2495d4f\u003c/code\u003e\u003c/a\u003e Add support for options in CRuby, JRuby and FFI (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/14594\"\u003e#14594\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/14739\"\u003e#14739\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6b5d8db01fe47478e8d400f550e797e6230d464e\"\u003e\u003ccode\u003e6b5d8db\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protocolbuffers/protobuf/compare/v3.23.4...v3.25.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.15.3 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.15.3...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.2.6 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.2.6...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/maptimedavis.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/maptimedavis.github.io/pull/37","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Fmaptimedavis.github.io/issues/37","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/37/packages"},{"uuid":"4408412988","node_id":"PR_kwDOPmBpWM7ZouAY","number":8,"state":"closed","title":"Bump the bundler group across 1 directory with 16 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T00:00:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T18:07:18.000Z","updated_at":"2026-05-09T00:00:02.000Z","time_to_close":21162,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":16,"packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"carrierwave","old_version":"1.3.4","new_version":"2.2.6","repository_url":"https://github.com/carrierwaveuploader/carrierwave"},{"name":"aws-sdk-s3","old_version":"1.198.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"actionview","old_version":"8.0.2.1","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activestorage","old_version":"8.0.2.1","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activesupport","old_version":"8.0.2.1","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"css_parser","old_version":"1.21.1","new_version":"1.22.0","repository_url":"https://github.com/premailer/css_parser"},{"name":"erb","old_version":"5.0.2","new_version":"6.0.1.1","repository_url":"https://github.com/ruby/erb"},{"name":"faraday","old_version":"2.13.4","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [addressable](https://github.com/sporkmonger/addressable), [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [carrierwave](https://github.com/carrierwaveuploader/carrierwave), [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby), [actionview](https://github.com/rails/rails), [activestorage](https://github.com/rails/rails), [activesupport](https://github.com/rails/rails), [css_parser](https://github.com/premailer/css_parser), [erb](https://github.com/ruby/erb), [faraday](https://github.com/lostisland/faraday), [net-imap](https://github.com/ruby/net-imap), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml), [uri](https://github.com/ruby/uri) and [yard](https://yardoc.org) to permit the latest version.\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `carrierwave` from 1.3.4 to 2.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/releases\"\u003ecarrierwave's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/blob/v2.2.6/CHANGELOG.md\"\u003ecarrierwave's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6 - 2024-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5 - 2023-11-29\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4 - 2023-06-10\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3 - 2022-11-21\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2 - 2021-05-28\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1 - 2021-03-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0 - 2021-02-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/eb6359e79fee43d1c480b0f50d9a585b3c3b1c1c\"\u003e\u003ccode\u003eeb6359e\u003c/code\u003e\u003c/a\u003e Version 2.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e\u003ccode\u003e4317871\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability remained\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/0fcff94cebce07b856531d6502b11466e8331409\"\u003e\u003ccode\u003e0fcff94\u003c/code\u003e\u003c/a\u003e Version 2.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e\u003ccode\u003e39b282d\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f91bee6487d8e5d8bd2c1a88dd25269a2c1e4d0\"\u003e\u003ccode\u003e2f91bee\u003c/code\u003e\u003c/a\u003e Version 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f2d77a42e9f871ae342920581050cc6669e5c7c\"\u003e\u003ccode\u003e2f2d77a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2665\"\u003e#2665\u003c/a\u003e from SuperTux88/backport-kwargs-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/52237f4992c1dd39dca3bdbac7aa6b242947915d\"\u003e\u003ccode\u003e52237f4\u003c/code\u003e\u003c/a\u003e fix: ruby 2.7 kwarg warning in uploader process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/bdb0be021107a75faabdce4121e493ad3efdcea4\"\u003e\u003ccode\u003ebdb0be0\u003c/code\u003e\u003c/a\u003e File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/ed8c518c8ac0186cb25623895ca40706a65bb7cd\"\u003e\u003ccode\u003eed8c518\u003c/code\u003e\u003c/a\u003e Forward to 1.x changelog for older changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/baf5df7d9acea95f46eaea456743241ef3d644f5\"\u003e\u003ccode\u003ebaf5df7\u003c/code\u003e\u003c/a\u003e Version 2.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/compare/v1.3.4...v2.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.198.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 8.0.2.1 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924\"\u003e\u003ccode\u003ec79a07d\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2f3eb21bd6da9a4935314d4a0663c473c4d33700\"\u003e\u003ccode\u003e2f3eb21\u003c/code\u003e\u003c/a\u003e Sync CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/9ab450a023290ff50ed37c8561880a78dabbf19a\"\u003e\u003ccode\u003e9ab450a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55490\"\u003e#55490\u003c/a\u003e from Earlopain/bump-rubocop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/95bee6a4c8132b4caf53e073f7b01ce5cdeed4a6\"\u003e\u003ccode\u003e95bee6a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55738\"\u003e#55738\u003c/a\u003e from skipkayhil/hm-nkxzsnnrqqlyrotw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6409b24dd20ee4076ec3dbefba9edc3376bf13f1\"\u003e\u003ccode\u003e6409b24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55719\"\u003e#55719\u003c/a\u003e from skipkayhil/hm-fix-label-for-namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0160f42886e2ebeb7a0680f073b870326f14c12a\"\u003e\u003ccode\u003e0160f42\u003c/code\u003e\u003c/a\u003e Sync CHANGELOGs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 8.0.2.1 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf\"\u003e\u003ccode\u003e955284d\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348\"\u003e\u003ccode\u003ea290c8a\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e\"\u003e\u003ccode\u003e8fcb934\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d7da4ef03f99035fba5add8828646f1e9173549c\"\u003e\u003ccode\u003ed7da4ef\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5\"\u003e\u003ccode\u003e2cd933c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/82f2c96c394b0cf2c2208a7cbf8ebb4fa591ebd6\"\u003e\u003ccode\u003e82f2c96\u003c/code\u003e\u003c/a\u003e Disable GCS tests in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 8.0.2.1 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11\"\u003e\u003ccode\u003e29154f1\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db\"\u003e\u003ccode\u003e6e8a811\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856\"\u003e\u003ccode\u003eee2c59e\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/5b6ad9db89b30b48753cced1fb261781a716fcb4\"\u003e\u003ccode\u003e5b6ad9d\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0ddf2c97b27d25aa1e450545d59ff867df31253f\"\u003e\u003ccode\u003e0ddf2c9\u003c/code\u003e\u003c/a\u003e Delete test that now fails with new version of benchmark gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/3c7a8a8208221c3f01bc841a8f7015ea00e86427\"\u003e\u003ccode\u003e3c7a8a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55864\"\u003e#55864\u003c/a\u003e from RicardoTrindade/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/00e1dfa973ce121d767c299a02d05b028caf8b5c\"\u003e\u003ccode\u003e00e1dfa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `css_parser` from 1.21.1 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/premailer/css_parser/blob/master/CHANGELOG.md\"\u003ecss_parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRuby CSS Parser CHANGELOG\u003c/h2\u003e\n\u003ch3\u003eUnreleased\u003c/h3\u003e\n\u003ch3\u003eVersion 2.2.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAccept CSS \u003ccode\u003e\u0026lt;number\u0026gt;\u003c/code\u003e values with an omitted integer part (e.g. \u003ccode\u003e.1\u003c/code\u003e) inside \u003ccode\u003ergb()\u003c/code\u003e/\u003ccode\u003ergba()\u003c/code\u003e/\u003ccode\u003ehsl()\u003c/code\u003e/\u003ccode\u003ehsla()\u003c/code\u003e. Previously \u003ccode\u003eRE_COLOUR_NUMERIC\u003c/code\u003e and \u003ccode\u003eRE_COLOUR_NUMERIC_ALPHA\u003c/code\u003e required at least one digit before the decimal point, which caused colours such as \u003ccode\u003ergba(0,0,0,.1)\u003c/code\u003e to be silently dropped during shorthand expansion (\u003ccode\u003ebackground-color\u003c/code\u003e from \u003ccode\u003ebackground:\u003c/code\u003e, \u003ccode\u003eborder-*-color\u003c/code\u003e from \u003ccode\u003eborder:\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate ssl when pulling files via https\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ruby \u0026lt;3.2, fix a memory leak\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/040895b7e554f4afbbf1a0dbd239eb2b85de7c32\"\u003e\u003ccode\u003e040895b\u003c/code\u003e\u003c/a\u003e v1.22.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/5069b71b4258dc9423db0019848654e8a1ea5c9b\"\u003e\u003ccode\u003e5069b71\u003c/code\u003e\u003c/a\u003e bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/e0c95d5abe91b237becb90ff316531a6547ada18\"\u003e\u003ccode\u003ee0c95d5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/premailer/css_parser/issues/186\"\u003e#186\u003c/a\u003e from premailer/grosser/https\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/premailer/css_parser/compare/v1.21.1...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erb` from 5.0.2 to 6.0.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/releases\"\u003eerb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix typo in changelog by \u003ca href=\"https://github.com/hunchr\"\u003e\u003ccode\u003e@​hunchr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/96\"\u003eruby/erb#96\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/97\"\u003eruby/erb#97\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.13.1 to 2.13.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/98\"\u003eruby/erb#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed by \u003ccode\u003emisspell -w -error -source=text\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/99\"\u003eruby/erb#99\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze ERB::Compiler::TrimScanner::ERB_STAG by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/100\"\u003eruby/erb#100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hunchr\"\u003e\u003ccode\u003e@​hunchr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/96\"\u003eruby/erb#96\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/100\"\u003eruby/erb#100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/ruby/erb/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the latest versions of actions: push-gem.yml by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/90\"\u003eruby/erb#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in documentation by \u003ca href=\"https://github.com/suy\"\u003e\u003ccode\u003e@​suy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/91\"\u003eruby/erb#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag shown in example of ERB expression tag and execution tag by \u003ca href=\"https://github.com/sampart\"\u003e\u003ccode\u003e@​sampart\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/92\"\u003eruby/erb#92\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] Suppress documentation for internals by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/93\"\u003eruby/erb#93\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace Ruby 3.5 with Ruby 4.0 by \u003ca href=\"https://github.com/yahonda\"\u003e\u003ccode\u003e@​yahonda\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/94\"\u003eruby/erb#94\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReapply \u0026quot;Remove safe_level and further positional arguments (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/7\"\u003e#7\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/95\"\u003eruby/erb#95\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/suy\"\u003e\u003ccode\u003e@​suy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/91\"\u003eruby/erb#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sampart\"\u003e\u003ccode\u003e@​sampart\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/92\"\u003eruby/erb#92\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahonda\"\u003e\u003ccode\u003e@​yahonda\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/94\"\u003eruby/erb#94\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v5.1.3...v6.0.0\"\u003ehttps://github.com/ruby/erb/compare/v5.1.3...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v5.1.2...v5.1.3\"\u003ehttps://github.com/ruby/erb/compare/v5.1.2...v5.1.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor html_escape by \u003ca href=\"https://github.com/noteflakes\"\u003e\u003ccode\u003e@​noteflakes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/88\"\u003eruby/erb#88\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echangelog_uri\u003c/code\u003e to spec metadata by \u003ca href=\"https://github.com/jgarber623\"\u003e\u003ccode\u003e@​jgarber623\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/89\"\u003eruby/erb#89\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber623\"\u003e\u003ccode\u003e@​jgarber623\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/89\"\u003eruby/erb#89\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v5.1.1...v5.1.2\"\u003ehttps://github.com/ruby/erb/compare/v5.1.1...v5.1.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/blob/master/NEWS.md\"\u003eerb's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFreeze \u003ccode\u003eERB::Compiler::TrimScanner::ERB_STAG\u003c/code\u003e for Ractor compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003esafe_level\u003c/code\u003e and further positional arguments from \u003ccode\u003eERB.new\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated constant \u003ccode\u003eERB::Revision\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRelease v5.1.2 with trusted publishing for JRuby\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003echangelog_uri\u003c/code\u003e to spec metadata \u003ca href=\"https://redirect.github.com/ruby/erb/pull/89\"\u003eruby/erb#89\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix integer overflow that is introduced at v5.1.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehtml_escape: Avoid buffer allocation for strings with no escapable character \u003ca href=\"https://redirect.github.com/ruby/erb/pull/87\"\u003eruby/erb#87\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate help of erb(1) \u003ca href=\"https://redirect.github.com/ruby/erb/pull/85\"\u003e#85\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/93450765b5319cfb552a3d9719df137e8fbb75e9\"\u003e\u003ccode\u003e9345076\u003c/code\u003e\u003c/a\u003e Version 6.0.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/dd34ce41031327269a5fb83b0bc2c0d852895e9f\"\u003e\u003ccode\u003edd34ce4\u003c/code\u003e\u003c/a\u003e Prohibit def_method on marshal-loaded ERB instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/bbde68fcd562f376b24e17ea7fbfcb0ab6f47261\"\u003e\u003ccode\u003ebbde68f\u003c/code\u003e\u003c/a\u003e Version 6.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/43f087659566d04d283cd05d28ba21ed8c24b1e6\"\u003e\u003ccode\u003e43f0876\u003c/code\u003e\u003c/a\u003e Freeze ERB::Compiler::TrimScanner::ERB_STAG (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/2aa3a6800e51182b1967151919e956d7dcff972d\"\u003e\u003ccode\u003e2aa3a68\u003c/code\u003e\u003c/a\u003e Fixed by \u003ccode\u003emisspell -w -error -source=text\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/99\"\u003e#99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/f91b2600a43af8a89c273bd8922289d873d9e259\"\u003e\u003ccode\u003ef91b260\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.13.1 to 2.13.2 (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/98\"\u003e#98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/543500f238220fdcf414d4a52afc80703bcadf2a\"\u003e\u003ccode\u003e543500f\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/b23452a4796ea2cec9d1f92a93e39b50d5efe9bc\"\u003e\u003ccode\u003eb23452a\u003c/code\u003e\u003c/a\u003e Fix typo in changelog (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/bbaaf1f51bd1b327f6b74931d41d9a24fe769901\"\u003e\u003ccode\u003ebbaaf1f\u003c/code\u003e\u003c/a\u003e Version 6.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/1f83b2578fd58b98a9abb8540f99cf2843d84dd5\"\u003e\u003ccode\u003e1f83b25\u003c/code\u003e\u003c/a\u003e Drop a deprecated constant ERB::Revision\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/erb/compare/v5.0.2...v6.0.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.13.4 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca h...\n\n_Description has been truncated_","html_url":"https://github.com/EthanThePhoenix38/openproject/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EthanThePhoenix38%2Fopenproject/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4407025879","node_id":"PR_kwDOOTp4f87ZkHDn","number":11,"state":"closed","title":"Bump the bundler group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-08T23:56:46.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T14:13:08.000Z","updated_at":"2026-05-08T23:56:48.000Z","time_to_close":35018,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":17,"packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.7","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"carrierwave","old_version":"1.3.4","new_version":"2.2.6","repository_url":"https://github.com/carrierwaveuploader/carrierwave"},{"name":"aws-sdk-s3","old_version":"1.183.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"actionview","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activerecord","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activestorage","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activesupport","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"css_parser","old_version":"1.21.1","new_version":"1.22.0","repository_url":"https://github.com/premailer/css_parser"},{"name":"faraday","old_version":"2.12.2","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [addressable](https://github.com/sporkmonger/addressable), [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [carrierwave](https://github.com/carrierwaveuploader/carrierwave), [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby), [actionview](https://github.com/rails/rails), [activerecord](https://github.com/rails/rails), [activestorage](https://github.com/rails/rails), [activesupport](https://github.com/rails/rails), [css_parser](https://github.com/premailer/css_parser), [faraday](https://github.com/lostisland/faraday), [net-imap](https://github.com/ruby/net-imap), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml), [ruby-saml](https://github.com/saml-toolkits/ruby-saml), [uri](https://github.com/ruby/uri) and [yard](https://yardoc.org) to permit the latest version.\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.7 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.7...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `carrierwave` from 1.3.4 to 2.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/releases\"\u003ecarrierwave's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/blob/v2.2.6/CHANGELOG.md\"\u003ecarrierwave's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6 - 2024-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5 - 2023-11-29\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4 - 2023-06-10\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3 - 2022-11-21\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2 - 2021-05-28\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1 - 2021-03-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0 - 2021-02-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/eb6359e79fee43d1c480b0f50d9a585b3c3b1c1c\"\u003e\u003ccode\u003eeb6359e\u003c/code\u003e\u003c/a\u003e Version 2.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e\u003ccode\u003e4317871\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability remained\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/0fcff94cebce07b856531d6502b11466e8331409\"\u003e\u003ccode\u003e0fcff94\u003c/code\u003e\u003c/a\u003e Version 2.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e\u003ccode\u003e39b282d\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f91bee6487d8e5d8bd2c1a88dd25269a2c1e4d0\"\u003e\u003ccode\u003e2f91bee\u003c/code\u003e\u003c/a\u003e Version 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f2d77a42e9f871ae342920581050cc6669e5c7c\"\u003e\u003ccode\u003e2f2d77a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2665\"\u003e#2665\u003c/a\u003e from SuperTux88/backport-kwargs-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/52237f4992c1dd39dca3bdbac7aa6b242947915d\"\u003e\u003ccode\u003e52237f4\u003c/code\u003e\u003c/a\u003e fix: ruby 2.7 kwarg warning in uploader process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/bdb0be021107a75faabdce4121e493ad3efdcea4\"\u003e\u003ccode\u003ebdb0be0\u003c/code\u003e\u003c/a\u003e File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/ed8c518c8ac0186cb25623895ca40706a65bb7cd\"\u003e\u003ccode\u003eed8c518\u003c/code\u003e\u003c/a\u003e Forward to 1.x changelog for older changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/baf5df7d9acea95f46eaea456743241ef3d644f5\"\u003e\u003ccode\u003ebaf5df7\u003c/code\u003e\u003c/a\u003e Version 2.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/compare/v1.3.4...v2.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.183.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924\"\u003e\u003ccode\u003ec79a07d\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2f3eb21bd6da9a4935314d4a0663c473c4d33700\"\u003e\u003ccode\u003e2f3eb21\u003c/code\u003e\u003c/a\u003e Sync CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/9ab450a023290ff50ed37c8561880a78dabbf19a\"\u003e\u003ccode\u003e9ab450a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55490\"\u003e#55490\u003c/a\u003e from Earlopain/bump-rubocop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/95bee6a4c8132b4caf53e073f7b01ce5cdeed4a6\"\u003e\u003ccode\u003e95bee6a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55738\"\u003e#55738\u003c/a\u003e from skipkayhil/hm-nkxzsnnrqqlyrotw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6409b24dd20ee4076ec3dbefba9edc3376bf13f1\"\u003e\u003ccode\u003e6409b24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55719\"\u003e#55719\u003c/a\u003e from skipkayhil/hm-fix-label-for-namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0160f42886e2ebeb7a0680f073b870326f14c12a\"\u003e\u003ccode\u003e0160f42\u003c/code\u003e\u003c/a\u003e Sync CHANGELOGs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activerecord` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactiverecord's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2f3eb21bd6da9a4935314d4a0663c473c4d33700\"\u003e\u003ccode\u003e2f3eb21\u003c/code\u003e\u003c/a\u003e Sync CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6981fd2fbeadc8bc7db6547604cf2df13cb18a40\"\u003e\u003ccode\u003e6981fd2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55969\"\u003e#55969\u003c/a\u003e from rails/fix-explain-tests-mysql-9.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/52347e0467445b350f482838da5bb503c155eb72\"\u003e\u003ccode\u003e52347e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55938\"\u003e#55938\u003c/a\u003e from aidanharan/truthy-condition-mssql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d2826215f9c9c1fe2f1c91e292171a042be1e9c5\"\u003e\u003ccode\u003ed282621\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55925\"\u003e#55925\u003c/a\u003e from flavorjones/flavorjones/shard-swap-prohibition...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/511dbf2665746e54240c07b93b0d0ddc184873f9\"\u003e\u003ccode\u003e511dbf2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55907\"\u003e#55907\u003c/a\u003e from ruyrocha/fix/sqlite3-data-loss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bf9219d62aed746260e853cebe98503c8c27cdd5\"\u003e\u003ccode\u003ebf9219d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55918\"\u003e#55918\u003c/a\u003e from baarde/with-bound-sql-literals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/865bc776d039645bd4b7f2c826ab4e0aaadf51b6\"\u003e\u003ccode\u003e865bc77\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55332\"\u003e#55332\u003c/a\u003e from zzak/re-54882\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/dee79c4a74723ce8016b2e96e3d6d5723f673aa6\"\u003e\u003ccode\u003edee79c4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55778\"\u003e#55778\u003c/a\u003e from ianterrell/ianterrell/fix-autosave-changed-via...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf\"\u003e\u003ccode\u003e955284d\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348\"\u003e\u003ccode\u003ea290c8a\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e\"\u003e\u003ccode\u003e8fcb934\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d7da4ef03f99035fba5add8828646f1e9173549c\"\u003e\u003ccode\u003ed7da4ef\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5\"\u003e\u003ccode\u003e2cd933c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/82f2c96c394b0cf2c2208a7cbf8ebb4fa591ebd6\"\u003e\u003ccode\u003e82f2c96\u003c/code\u003e\u003c/a\u003e Disable GCS tests in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11\"\u003e\u003ccode\u003e29154f1\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db\"\u003e\u003ccode\u003e6e8a811\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856\"\u003e\u003ccode\u003eee2c59e\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/5b6ad9db89b30b48753cced1fb261781a716fcb4\"\u003e\u003ccode\u003e5b6ad9d\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0ddf2c97b27d25aa1e450545d59ff867df31253f\"\u003e\u003ccode\u003e0ddf2c9\u003c/code\u003e\u003c/a\u003e Delete test that now fails with new version of benchmark gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/3c7a8a8208221c3f01bc841a8f7015ea00e86427\"\u003e\u003ccode\u003e3c7a8a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55864\"\u003e#55864\u003c/a\u003e from RicardoTrindade/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/00e1dfa973ce121d767c299a02d05b028caf8b5c\"\u003e\u003ccode\u003e00e1dfa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `css_parser` from 1.21.1 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/premailer/css_parser/blob/master/CHANGELOG.md\"\u003ecss_parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRuby CSS Parser CHANGELOG\u003c/h2\u003e\n\u003ch3\u003eUnreleased\u003c/h3\u003e\n\u003ch3\u003eVersion 2.2.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAccept CSS \u003ccode\u003e\u0026lt;number\u0026gt;\u003c/code\u003e values with an omitted integer part (e.g. \u003ccode\u003e.1\u003c/code\u003e) inside \u003ccode\u003ergb()\u003c/code\u003e/\u003ccode\u003ergba()\u003c/code\u003e/\u003ccode\u003ehsl()\u003c/code\u003e/\u003ccode\u003ehsla()\u003c/code\u003e. Previously \u003ccode\u003eRE_COLOUR_NUMERIC\u003c/code\u003e and \u003ccode\u003eRE_COLOUR_NUMERIC_ALPHA\u003c/code\u003e required at least one digit before the decimal point, which caused colours such as \u003ccode\u003ergba(0,0,0,.1)\u003c/code\u003e to be silently dropped during shorthand expansion (\u003ccode\u003ebackground-color\u003c/code\u003e from \u003ccode\u003ebackground:\u003c/code\u003e, \u003ccode\u003eborder-*-color\u003c/code\u003e from \u003ccode\u003eborder:\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate ssl when pulling files via https\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ruby \u0026lt;3.2, fix a memory leak\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/040895b7e554f4afbbf1a0dbd239eb2b85de7c32\"\u003e\u003ccode\u003e040895b\u003c/code\u003e\u003c/a\u003e v1.22.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/5069b71b4258dc9423db0019848654e8a1ea5c9b\"\u003e\u003ccode\u003e5069b71\u003c/code\u003e\u003c/a\u003e bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/e0c95d5abe91b237becb90ff316531a6547ada18\"\u003e\u003ccode\u003ee0c95d5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/premailer/css_parser/issues/186\"\u003e#186\u003c/a\u003e from premailer/grosser/https\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/premailer/css_parser/compare/v1.21.1...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.12.2 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent ...\n\n_Description has been truncated_","html_url":"https://github.com/LelandParker/openproject/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/LelandParker%2Fopenproject/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"},{"uuid":"4397358819","node_id":"PR_kwDOLTgSI87ZEe49","number":175,"state":"open","title":"Bump the bundler group across 2 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-07T08:42:01.000Z","updated_at":"2026-05-07T08:42:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":5,"packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"net-imap","old_version":"0.6.3","new_version":"0.6.4","repository_url":"https://github.com/ruby/net-imap"},{"name":"nokogiri","old_version":"1.19.2","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the /examples/stacks/jekyll/myblog directory: [addressable](https://github.com/sporkmonger/addressable) and [rexml](https://github.com/ruby/rexml).\nBumps the bundler group with 4 updates in the /examples/stacks/rails/blog directory: [addressable](https://github.com/sporkmonger/addressable), [net-imap](https://github.com/ruby/net-imap), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `net-imap` from 0.6.3 to 0.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/net-imap/releases\"\u003enet-imap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e🔒 Security\u003c/h3\u003e\n\u003cp\u003eThis release contains fixes for \u003cstrong\u003emultiple vulnerabilities\u003c/strong\u003e concerning \u003cem\u003e\u003cstrong\u003e\u003ccode\u003eSTARTTLS\u003c/code\u003e stripping\u003c/strong\u003e\u003c/em\u003e, argument validation, and denial of service attacks.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/664\"\u003eruby/net-imap#664\u003c/a\u003e fixes a \u003ccode\u003eSTARTTLS\u003c/code\u003e stripping vulnerability (GHSA-vcgp-9326-pqcp).\nWithout this fix, a man-in-the-middle attacker can cause \u003ccode\u003eNet::IMAP#starttls\u003c/code\u003e to return \u0026quot;successfully\u0026quot;, \u003cstrong\u003e\u003cem\u003ewithout starting TLS\u003c/em\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nArgument validation is significantly improved.  Several injection vulnerabilities have been fixed:\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/657\"\u003eruby/net-imap#657\u003c/a\u003e fixes CRLF/command/argument injection via Symbol arguments (GHSA-75xq-5h9v-w6px).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/658\"\u003eruby/net-imap#658\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003eattr\u003c/code\u003e argument to \u003ccode\u003e#store\u003c/code\u003e/\u003ccode\u003e#uid_store\u003c/code\u003e (GHSA-hm49-wcqc-g2xg)\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/659\"\u003eruby/net-imap#659\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003estorage_limit\u003c/code\u003e argument to \u003ccode\u003e#setquota\u003c/code\u003e (GHSA-hm49-wcqc-g2xg).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/660\"\u003eruby/net-imap#660\u003c/a\u003e fixes CRLF/command injection via \u003ccode\u003eRawData\u003c/code\u003e (GHSA-hm49-wcqc-g2xg):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#search\u003c/code\u003e and \u003ccode\u003e#uid_search\u003c/code\u003e send \u003ccode\u003ecriteria\u003c/code\u003e as raw data, when it is a String\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e#fetch\u003c/code\u003e and \u003ccode\u003e#uid_fetch\u003c/code\u003e send \u003ccode\u003eattr\u003c/code\u003e as raw data, when it is a String.\nWhen \u003ccode\u003eattr\u003c/code\u003e is an Array, its String members are sent as raw data.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!CAUTION]\n\u003ccode\u003eRawData\u003c/code\u003e does not defend against \u003cem\u003eother\u003c/em\u003e forms of argument injection!  It is an intentionally low-level API.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nTwo denial of service vulnerabilities have been addressed.\nThese are generally only relevant when connecting to an \u003cem\u003euntrusted hostile server\u003c/em\u003e (or without TLS).\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003eruby/net-imap#642\u003c/a\u003e fixes quadratic time complexity when reading large responses containing many string literals (GHSA-q2mw-fvj9-vvcw).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/654\"\u003eruby/net-imap#654\u003c/a\u003e adds a configurable \u003ccode\u003emax_iterations\u003c/code\u003e count for \u003ccode\u003eSCRAM-*\u003c/code\u003e authentication (GHSA-87pf-fpwv-p7m7).\u003c/p\u003e\n\u003cp\u003eThe default \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e is \u003ccode\u003e2**31 - 1\u003c/code\u003e (max 32-bit signed int), which was already OpenSSL's maximum value.  \u003cem\u003eIt provides no protection\u003c/em\u003e against hostile servers unless it is explicitly set to a lower value by the user.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⚡ \u003ccode\u003eResponseReader\u003c/code\u003e memoizes \u003ccode\u003eConfig#max_response_size\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003eruby/net-imap#642\u003c/a\u003e.\nChanges to \u003ccode\u003e#max_response_size\u003c/code\u003e now take effect once per response, not on every \u003ccode\u003eIO#read\u003c/code\u003e.\n\u003cem\u003eNOTE: It is not expected that this will affect any current usage.\u003c/em\u003e  See \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003ethe PR\u003c/a\u003e for details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Support \u003ccode\u003eBINARY\u003c/code\u003e extention to \u003ccode\u003e#append\u003c/code\u003e (RFC3516)  by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/616\"\u003eruby/net-imap#616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ Support \u003ccode\u003eLITERAL+\u003c/code\u003e and \u003ccode\u003eLITERAL-\u003c/code\u003e non-synchronizing literals (RFC7888) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/649\"\u003eruby/net-imap#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔒 Add \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/654\"\u003eruby/net-imap#654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🏷️ Add \u003ccode\u003enumber64\u003c/code\u003e and \u003ccode\u003enz-number64\u003c/code\u003e to NumValidator by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/625\"\u003eruby/net-imap#625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e♻️ Add \u003ccode\u003eMailboxQuota#quota_root\u003c/code\u003e alias by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/636\"\u003eruby/net-imap#636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔍 Simplify \u003ccode\u003eNet::IMAP#inspect\u003c/code\u003e with basic state by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/612\"\u003eruby/net-imap#612\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🥅 Add \u003ccode\u003eResponseParseError#parser_methods\u003c/code\u003e (and override \u003ccode\u003e#==\u003c/code\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/615\"\u003eruby/net-imap#615\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/3e490673dca65d0cfeeeb3fbf1fdaa188d6f27c4\"\u003e\u003ccode\u003e3e49067\u003c/code\u003e\u003c/a\u003e 🔖 Bump version to 0.6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618\"\u003e\u003ccode\u003e0ede4c4\u003c/code\u003e\u003c/a\u003e 🔀 Merge pull request \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e from ruby/security/STARTTLS-stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/51ae3604cabe1e8cfeeb888ff5ef6b9215fe1a65\"\u003e\u003ccode\u003e51ae360\u003c/code\u003e\u003c/a\u003e ♻️ Add command response handler before command is sent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/24d5c773d1bb76ca1cd0a26b2218195011c16969\"\u003e\u003ccode\u003e24d5c77\u003c/code\u003e\u003c/a\u003e 🔒🥅 Handle tagged \u0026quot;OK\u0026quot; to incomplete command\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/62eea6ffe1e390060065169474f97edbc42bd2b2\"\u003e\u003ccode\u003e62eea6f\u003c/code\u003e\u003c/a\u003e 🔒🥅 Ensure STARTTLS tagged response was handled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/46636cae8af68a4080c434b853fba1738c7c2587\"\u003e\u003ccode\u003e46636ca\u003c/code\u003e\u003c/a\u003e ❌🔒 Add failing test for STARTTLS stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/e3b010509109eb4acc1d7e4365624e848ef0b45b\"\u003e\u003ccode\u003ee3b0105\u003c/code\u003e\u003c/a\u003e ✅♻️ Inline current STARTLS stripping test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/be32e712eb2ee90a0a2c78752bf19196582ed4d8\"\u003e\u003ccode\u003ebe32e71\u003c/code\u003e\u003c/a\u003e 📚 Improve documentation of RawData arguments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f\"\u003e\u003ccode\u003e47c7218\u003c/code\u003e\u003c/a\u003e 🐛 Validate RawData and wait to continue literals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974\"\u003e\u003ccode\u003e0ec4fd3\u003c/code\u003e\u003c/a\u003e 🥅 Validate \u003ccode\u003e#setquota\u003c/code\u003e storage limit argument\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/net-imap/compare/v0.6.3...v0.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.19.2 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.2...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SherfeyInv/devbox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SherfeyInv/devbox/pull/175","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Fdevbox/issues/175","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/175/packages"},{"uuid":"4387807225","node_id":"PR_kwDOAhkQOM7YlWQ6","number":3,"state":"closed","title":"Bump addressable from 2.8.0 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-06T00:10:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-05T23:55:34.000Z","updated_at":"2026-05-06T00:10:20.000Z","time_to_close":884,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"addressable","old_version":"2.8.0","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.0 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.4 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore \u003ccode\u003eAddressable::IDNA.unicode_normalize_kc\u003c/code\u003e as a deprecated method (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/504\"\u003esporkmonger/addressable#504\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.3 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix template expand level 2 hash support for non-string objects (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/499\"\u003e#499\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/498\"\u003e#498\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.0...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=addressable\u0026package-manager=bundler\u0026previous-version=2.8.0\u0026new-version=2.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alexasiu/alexasiu.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/alexasiu/alexasiu.github.io/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexasiu%2Falexasiu.github.io/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4370306288","node_id":"PR_kwDOAuX_M87XtAae","number":30,"state":"closed","title":"build(deps-dev): bump the bundler group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-02T23:10:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-02T22:57:58.000Z","updated_at":"2026-05-02T23:10:53.000Z","time_to_close":773,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev): bump","group_name":"bundler","update_count":4,"packages":[{"name":"activesupport","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"faraday","old_version":"2.13.4","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 4 updates in the / directory: [activesupport](https://github.com/rails/rails), [addressable](https://github.com/sporkmonger/addressable), [faraday](https://github.com/lostisland/faraday) and [nokogiri](https://github.com/sparklemotion/nokogiri).\n\nUpdates `activesupport` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11\"\u003e\u003ccode\u003e29154f1\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db\"\u003e\u003ccode\u003e6e8a811\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856\"\u003e\u003ccode\u003eee2c59e\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/5b6ad9db89b30b48753cced1fb261781a716fcb4\"\u003e\u003ccode\u003e5b6ad9d\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0ddf2c97b27d25aa1e450545d59ff867df31253f\"\u003e\u003ccode\u003e0ddf2c9\u003c/code\u003e\u003c/a\u003e Delete test that now fails with new version of benchmark gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/3c7a8a8208221c3f01bc841a8f7015ea00e86427\"\u003e\u003ccode\u003e3c7a8a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55864\"\u003e#55864\u003c/a\u003e from RicardoTrindade/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/00e1dfa973ce121d767c299a02d05b028caf8b5c\"\u003e\u003ccode\u003e00e1dfa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.13.4 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Kaurin/kaurin.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Kaurin/kaurin.github.io/pull/30","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kaurin%2Fkaurin.github.io/issues/30","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/30/packages"},{"uuid":"4369977883","node_id":"PR_kwDOMoa2087XsAnD","number":42,"state":"closed","title":"chore(deps-dev): bump addressable from 2.8.9 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-02T20:57:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-02T20:43:45.000Z","updated_at":"2026-05-02T20:57:40.000Z","time_to_close":834,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev)","packages":[{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.9 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.9...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/gormus/discourse-notification-banners/pull/42","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gormus%2Fdiscourse-notification-banners/issues/42","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/42/packages"},{"uuid":"4341314366","node_id":"PR_kwDOAAXsEc7WPO92","number":2038,"state":"open","title":"Bump addressable from 2.8.7 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T07:21:10.000Z","updated_at":"2026-05-01T03:57:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.7 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/openaustralia/planningalerts/pull/2038","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/openaustralia%2Fplanningalerts/issues/2038","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2038/packages"},{"uuid":"4339431823","node_id":"PR_kwDOKtvoEc7WJMB9","number":3,"state":"open","title":"chore(deps): bump addressable from 2.8.5 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-27T23:18:44.000Z","updated_at":"2026-04-27T23:19:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"addressable","old_version":"2.8.5","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.5 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.5...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=addressable\u0026package-manager=bundler\u0026previous-version=2.8.5\u0026new-version=2.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ajnx/AlanOnTheInternet.com/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ajnx/AlanOnTheInternet.com/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajnx%2FAlanOnTheInternet.com/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4324215707","node_id":"PR_kwDOHjM3g87VZfyP","number":65,"state":"closed","title":"build(deps): bump the bundler group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-02T08:02:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-24T16:18:08.000Z","updated_at":"2026-05-02T08:02:06.000Z","time_to_close":661437,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"bundler","update_count":3,"packages":[{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"erb","old_version":"6.0.2","new_version":"6.0.4","repository_url":"https://github.com/ruby/erb"},{"name":"yard","old_version":"0.9.38","new_version":"0.9.42"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 3 updates in the / directory: [addressable](https://github.com/sporkmonger/addressable), [erb](https://github.com/ruby/erb) and [yard](https://yardoc.org).\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.9...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erb` from 6.0.2 to 6.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/releases\"\u003eerb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.3...v6.0.4\"\u003ehttps://github.com/ruby/erb/compare/v6.0.3...v6.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude dependabot updates from release note by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/101\"\u003eruby/erb#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: rename BDSL to BSDL by \u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze src in initialize by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse tag instead of branch with lewagon/wait-on-check-action by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/107\"\u003eruby/erb#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: exclude some files from published gem by \u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.3\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/blob/master/NEWS.md\"\u003eerb's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude some files from published gem \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/4d2b45e140044f464794c0463d838d5cb4bba96c\"\u003e\u003ccode\u003e4d2b45e\u003c/code\u003e\u003c/a\u003e Version 6.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9d017be4e375cdd058650ce528ee6adfead20cac\"\u003e\u003ccode\u003e9d017be\u003c/code\u003e\u003c/a\u003e Prohibit def_method on marshal-loaded ERB instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9c8fa8a339605c6edf058805cc549a6afa70cb31\"\u003e\u003ccode\u003e9c8fa8a\u003c/code\u003e\u003c/a\u003e Version 6.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/0ebc6aef1caeb7c8df2e5e4b821d3eb539b5a166\"\u003e\u003ccode\u003e0ebc6ae\u003c/code\u003e\u003c/a\u003e Bump rubygems/release-gem from 1.1.2 to 1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/25a729a9985378a029b7df23f0b2795bf47c47e4\"\u003e\u003ccode\u003e25a729a\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.15.0 to 2.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9820802399770bc56b986ee65510ae93fd20103a\"\u003e\u003ccode\u003e9820802\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/261136602a4e9079360575b805180df2c6877eb6\"\u003e\u003ccode\u003e2611366\u003c/code\u003e\u003c/a\u003e Bump lewagon/wait-on-check-action from 1.5.0 to 1.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/890d87f02d18be5735f18d817c7f6dc49f62dd4a\"\u003e\u003ccode\u003e890d87f\u003c/code\u003e\u003c/a\u003e Use github.token instead of missing MATZBOT_DEPENDABOT_MERGE_TOKEN secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/afc32b6dd1a6b2c41a15e6ac10ac3f6899de42f9\"\u003e\u003ccode\u003eafc32b6\u003c/code\u003e\u003c/a\u003e Fix dependabot auto-merge by using GH_TOKEN env var\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/2fd0a6b71c0db9d5b0b14aaaab4d1768d54e7600\"\u003e\u003ccode\u003e2fd0a6b\u003c/code\u003e\u003c/a\u003e fix: exclude some files from published gem (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.2...v6.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yard` from 0.9.38 to 0.9.42\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cbroult/erb-processor/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/cbroult/erb-processor/pull/65","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cbroult%2Ferb-processor/issues/65","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/65/packages"}],"issue_packages":[{"old_version":"2.8.0","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-06-23T18:34:35.000Z","version_change":"2.8.0 → 2.9.0","issue":{"uuid":"4728543465","node_id":"PR_kwDOCsb_Ws7pyLna","number":115,"state":"open","title":"Bump the bundler group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-23T18:34:35.000Z","updated_at":"2026-06-23T18:34:45.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":2,"packages":[{"name":"addressable","old_version":"2.8.0","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"concurrent-ruby","old_version":"1.1.6","new_version":"1.3.7","repository_url":"https://github.com/ruby-concurrency/concurrent-ruby"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the / directory: [addressable](https://github.com/sporkmonger/addressable) and [concurrent-ruby](https://github.com/ruby-concurrency/concurrent-ruby).\n\nUpdates `addressable` from 2.8.0 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.4 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore \u003ccode\u003eAddressable::IDNA.unicode_normalize_kc\u003c/code\u003e as a deprecated method (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/504\"\u003esporkmonger/addressable#504\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.3 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix template expand level 2 hash support for non-string objects (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/499\"\u003e#499\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/498\"\u003e#498\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.0...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `concurrent-ruby` from 1.1.6 to 1.3.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/releases\"\u003econcurrent-ruby's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.7\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eThere are 3 security fixes in this release, so updating is recommended.\nThese security vulnerabilities are not very likely to be hit in practice and have a corresponding \u003ccode\u003eLow\u003c/code\u003e severity score.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-h8w8-99g7-qmvj\"\u003eCVE-2026-54904\u003c/a\u003e \u003ccode\u003eAtomicReference#update\u003c/code\u003e livelocks when the stored value is \u003ccode\u003eFloat::NAN\u003c/code\u003e. Fix by \u003ca href=\"https://github.com/joshuay03\"\u003e\u003ccode\u003e@​joshuay03\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/eregon\"\u003e\u003ccode\u003e@​eregon\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-wv3x-4vxv-whpp\"\u003eCVE-2026-54905\u003c/a\u003e \u003ccode\u003eReentrantReadWriteLock\u003c/code\u003e read-count overflow grants a write lock without exclusivity. Fix by \u003ca href=\"https://github.com/joshuay03\"\u003e\u003ccode\u003e@​joshuay03\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-6wx8-w4f5-wwcr\"\u003eCVE-2026-54906\u003c/a\u003e \u003ccode\u003eReadWriteLock\u003c/code\u003e allows wrong-thread write release and stray read-release counter corruption. Fix by \u003ca href=\"https://github.com/joshuay03\"\u003e\u003ccode\u003e@​joshuay03\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003econcurrent-ruby-ext: fix build on Darwin 32-bit by \u003ca href=\"https://github.com/barracuda156\"\u003e\u003ccode\u003e@​barracuda156\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1064\"\u003eruby-concurrency/concurrent-ruby#1064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SECURITY.md by \u003ca href=\"https://github.com/eregon\"\u003e\u003ccode\u003e@​eregon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1104\"\u003eruby-concurrency/concurrent-ruby#1104\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Ruby 4.0 in CI by \u003ca href=\"https://github.com/eregon\"\u003e\u003ccode\u003e@​eregon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1106\"\u003eruby-concurrency/concurrent-ruby#1106\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/barracuda156\"\u003e\u003ccode\u003e@​barracuda156\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1064\"\u003eruby-concurrency/concurrent-ruby#1064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.3.6...v1.3.7\"\u003ehttps://github.com/ruby-concurrency/concurrent-ruby/compare/v1.3.6...v1.3.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.3.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRun tests without the C extension in CI by \u003ca href=\"https://github.com/eregon\"\u003e\u003ccode\u003e@​eregon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1081\"\u003eruby-concurrency/concurrent-ruby#1081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Promise docs by \u003ca href=\"https://github.com/danieldiekmeier\"\u003e\u003ccode\u003e@​danieldiekmeier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1083\"\u003eruby-concurrency/concurrent-ruby#1083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect word in readme by \u003ca href=\"https://github.com/wwahammy\"\u003e\u003ccode\u003e@​wwahammy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1084\"\u003eruby-concurrency/concurrent-ruby#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix mistakes in MVar documentation by \u003ca href=\"https://github.com/trinistr\"\u003e\u003ccode\u003e@​trinistr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1087\"\u003eruby-concurrency/concurrent-ruby#1087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix multi require concurrent/executor/cached_thread_pool by \u003ca href=\"https://github.com/OuYangJinTing\"\u003e\u003ccode\u003e@​OuYangJinTing\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1085\"\u003eruby-concurrency/concurrent-ruby#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse typed data APIs by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1096\"\u003eruby-concurrency/concurrent-ruby#1096\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Joshua Young to the list of maintainers by \u003ca href=\"https://github.com/eregon\"\u003e\u003ccode\u003e@​eregon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1097\"\u003eruby-concurrency/concurrent-ruby#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAsynchronous pruning for RubyThreadPoolExecutor by \u003ca href=\"https://github.com/joshuay03\"\u003e\u003ccode\u003e@​joshuay03\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1082\"\u003eruby-concurrency/concurrent-ruby#1082\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark RubySingleThreadExecutor as a SerialExecutorService by \u003ca href=\"https://github.com/meineerde\"\u003e\u003ccode\u003e@​meineerde\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1070\"\u003eruby-concurrency/concurrent-ruby#1070\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow TimerTask to be safely restarted after shutdown and avoid duplicate tasks by \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1001\"\u003eruby-concurrency/concurrent-ruby#1001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFlaky test fix: allow ThreadPool to shutdown before asserting completed_task_count by \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1098\"\u003eruby-concurrency/concurrent-ruby#1098\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eThreadPoolExecutor#kill\u003c/code\u003e will \u003ccode\u003ewait_for_termination\u003c/code\u003e in JRuby; ensure \u003ccode\u003eTimerSet\u003c/code\u003e timer thread shuts down cleanly by \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1044\"\u003eruby-concurrency/concurrent-ruby#1044\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danieldiekmeier\"\u003e\u003ccode\u003e@​danieldiekmeier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1083\"\u003eruby-concurrency/concurrent-ruby#1083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wwahammy\"\u003e\u003ccode\u003e@​wwahammy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1084\"\u003eruby-concurrency/concurrent-ruby#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trinistr\"\u003e\u003ccode\u003e@​trinistr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1087\"\u003eruby-concurrency/concurrent-ruby#1087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OuYangJinTing\"\u003e\u003ccode\u003e@​OuYangJinTing\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1085\"\u003eruby-concurrency/concurrent-ruby#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1096\"\u003eruby-concurrency/concurrent-ruby#1096\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joshuay03\"\u003e\u003ccode\u003e@​joshuay03\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/pull/1082\"\u003eruby-concurrency/concurrent-ruby#1082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.3.5...v1.3.6\"\u003ehttps://github.com/ruby-concurrency/concurrent-ruby/compare/v1.3.5...v1.3.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md\"\u003econcurrent-ruby's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.3.7 (16 June 2026)\u003c/h2\u003e\n\u003cp\u003econcurrent-ruby:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSee the \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/releases/tag/v1.3.7\"\u003erelease notes on GitHub\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.6 (13 December 2025)\u003c/h2\u003e\n\u003cp\u003econcurrent-ruby:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSee the \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/releases/tag/v1.3.6\"\u003erelease notes on GitHub\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.5, edge v0.7.2 (15 January 2025)\u003c/h2\u003e\n\u003cp\u003econcurrent-ruby:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1062\"\u003e#1062\u003c/a\u003e) Remove dependency on logger.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003econcurrent-ruby-edge:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1062\"\u003e#1062\u003c/a\u003e) Remove dependency on logger.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.4 (10 August 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1060\"\u003e#1060\u003c/a\u003e) Fix bug with return value of \u003ccode\u003eConcurrent.available_processor_count\u003c/code\u003e when \u003ccode\u003ecpu.cfs_quota_us\u003c/code\u003e is -1.\u003c/li\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1058\"\u003e#1058\u003c/a\u003e) Add \u003ccode\u003eConcurrent.cpu_shares\u003c/code\u003e that is cgroups aware.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.3 (9 June 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1053\"\u003e#1053\u003c/a\u003e) Improve the speed of \u003ccode\u003eConcurrent.physical_processor_count\u003c/code\u003e on Windows.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.2, edge v0.7.1 (7 June 2024)\u003c/h2\u003e\n\u003cp\u003econcurrent-ruby:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1051\"\u003e#1051\u003c/a\u003e) Remove dependency on \u003ccode\u003ewin32ole\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003econcurrent-ruby-edge:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1052\"\u003e#1052\u003c/a\u003e) Fix dependency on \u003ccode\u003econcurrent-ruby\u003c/code\u003e to allow the latest release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.1 (29 May 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 1.3.0 was broken when pushed to RubyGems. 1.3.1 is a packaging fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.3.0 (28 May 2024)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1042\"\u003e#1042\u003c/a\u003e) Align Java Executor Service behavior for \u003ccode\u003eshuttingdown?\u003c/code\u003e, \u003ccode\u003eshutdown?\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1038\"\u003e#1038\u003c/a\u003e) Add \u003ccode\u003eConcurrent.available_processor_count\u003c/code\u003e that is cgroups aware.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/4c8fc28ab6bb9bd8258a4c0c2fa6d35ebe77b3cb\"\u003e\u003ccode\u003e4c8fc28\u003c/code\u003e\u003c/a\u003e Release 1.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/d91ca9426cb819d6cc63f1bd64bfe54644d0beca\"\u003e\u003ccode\u003ed91ca94\u003c/code\u003e\u003c/a\u003e Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/7e4d711bacf7a1dac3ef6bda44004387be2dc7e6\"\u003e\u003ccode\u003e7e4d711\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eReentrantReadWriteLock\u003c/code\u003e read hold overflow into write-lock bit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/6e37e0644b83b182971dc540d2e4bee38df61386\"\u003e\u003ccode\u003e6e37e06\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eAtomicReference#update\u003c/code\u003e livelock when stored value is \u003ccode\u003eFloat::NAN\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/2825cfa12cb708b76557803957f76862eb1151a2\"\u003e\u003ccode\u003e2825cfa\u003c/code\u003e\u003c/a\u003e Cleanup spec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/3fd493283ca5f84f0ef4e84aabd43ad68df4626b\"\u003e\u003ccode\u003e3fd4932\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eReadWriteLock\u003c/code\u003e wrong-thread write release and stray read release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/1974b4772efc034ee8eaa562b4370343f4c5c54b\"\u003e\u003ccode\u003e1974b47\u003c/code\u003e\u003c/a\u003e Add Ruby 4.0 in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/df8706d40c483d76bbb0b3a35a633c68fa9e17be\"\u003e\u003ccode\u003edf8706d\u003c/code\u003e\u003c/a\u003e Add SECURITY.md (\u003ca href=\"https://redirect.github.com/ruby-concurrency/concurrent-ruby/issues/1104\"\u003e#1104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/7a1b78941c081106c20a9ca0144ac73a48d254ab\"\u003e\u003ccode\u003e7a1b789\u003c/code\u003e\u003c/a\u003e Bump actions/upload-pages-artifact from 4 to 5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/commit/9b2dbf712896a638a73d2fa221206961c8d6484d\"\u003e\u003ccode\u003e9b2dbf7\u003c/code\u003e\u003c/a\u003e Bump actions/deploy-pages from 4 to 5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby-concurrency/concurrent-ruby/compare/v1.1.6...v1.3.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/geolonia/docs.geolonia.com/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/geolonia/docs.geolonia.com/pull/115","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/geolonia%2Fdocs.geolonia.com/issues/115","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/115/packages"}},{"old_version":"2.8.0","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-06-09T02:42:19.000Z","version_change":"2.8.0 → 2.9.0","issue":{"uuid":"4618295616","node_id":"PR_kwDOI1T9787kLusn","number":3,"state":"closed","title":"Bump addressable from 2.8.0 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T02:46:09.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-09T02:42:19.000Z","updated_at":"2026-06-09T02:46:16.000Z","time_to_close":230,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"addressable","old_version":"2.8.0","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.0 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.4 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore \u003ccode\u003eAddressable::IDNA.unicode_normalize_kc\u003c/code\u003e as a deprecated method (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/504\"\u003esporkmonger/addressable#504\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.3 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix template expand level 2 hash support for non-string objects (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/499\"\u003e#499\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/498\"\u003e#498\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.0...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/netzzi/digitalgarden/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/netzzi%2Fdigitalgarden/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"2.8.8","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-06-09T01:24:58.000Z","version_change":"2.8.8 → 2.9.0","issue":{"uuid":"4617939687","node_id":"PR_kwDOQU7yX87kKkkc","number":217,"state":"closed","title":"Bump the bundler group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-13T10:47:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-09T01:24:58.000Z","updated_at":"2026-06-13T10:47:57.000Z","time_to_close":379369,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":18,"packages":[{"name":"puma","old_version":"7.2.0","new_version":"7.2.1","repository_url":"https://github.com/puma/puma"},{"name":"devise","old_version":"4.9.4","new_version":"5.0.4","repository_url":"https://github.com/heartcombo/devise"},{"name":"faraday","old_version":"2.14.1","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"},{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"},{"name":"actionview","old_version":"7.2.3","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.8","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"mcp","old_version":"0.8.0","new_version":"0.9.2","repository_url":"https://github.com/modelcontextprotocol/ruby-sdk"},{"name":"net-imap","old_version":"0.5.12","new_version":"0.5.14","repository_url":"https://github.com/ruby/net-imap"},{"name":"yard","old_version":"0.9.38","new_version":"0.9.42"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [puma](https://github.com/puma/puma) | `7.2.0` | `7.2.1` |\n| [devise](https://github.com/heartcombo/devise) | `4.9.4` | `5.0.4` |\n| [faraday](https://github.com/lostisland/faraday) | `2.14.1` | `2.14.2` |\n| [jwt](https://github.com/jwt/ruby-jwt) | `3.1.2` | `3.2.0` |\n| [actionview](https://github.com/rails/rails) | `7.2.3` | `7.2.3.1` |\n| [addressable](https://github.com/sporkmonger/addressable) | `2.8.8` | `2.9.0` |\n| [mcp](https://github.com/modelcontextprotocol/ruby-sdk) | `0.8.0` | `0.9.2` |\n| [net-imap](https://github.com/ruby/net-imap) | `0.5.12` | `0.5.14` |\n| [yard](https://yardoc.org) | `0.9.38` | `0.9.42` |\n\n\nUpdates `puma` from 7.2.0 to 7.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBugfixes\n\u003cul\u003e\n\u003cli\u003eLimit and anchor PROXY protocol v1 parsing to prevent abuse via crafted inputs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eParse PROXY protocol only once per connection to prevent injection on keep-alive requests (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/security/advisories/GHSA-qpgp-93vx-g8v8\"\u003eCVE-2026-47736 / GHSA-qpgp-93vx-g8v8\u003c/a\u003e: Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/security/advisories/GHSA-2vqw-3mp8-cgmx\"\u003eCVE-2026-47737 / GHSA-2vqw-3mp8-cgmx\u003c/a\u003e: Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.1 / 2026-05-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBugfixes\n\u003cul\u003e\n\u003cli\u003eLimit and anchor PROXY protocol v1 parsing to prevent abuse via crafted inputs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eParse PROXY protocol only once per connection to prevent injection on keep-alive requests (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/92754ace040db67622f0e6406dea0b47c94d0139\"\u003e\u003ccode\u003e92754ac\u003c/code\u003e\u003c/a\u003e Release v7.2.1 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3948\"\u003e#3948\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/ebe9db3929ab8299d19c8f5b41e8ef4f4b22fa58\"\u003e\u003ccode\u003eebe9db3\u003c/code\u003e\u003c/a\u003e 7.2.1 backport (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/puma/puma/compare/v7.2.0...v7.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devise` from 4.9.4 to 5.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/releases\"\u003edevise's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.4/CHANGELOG.md#504---2026-05-08\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.4/CHANGELOG.md#504---2026-05-08\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.2\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0.rc\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/blob/main/CHANGELOG.md\"\u003edevise's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e5.0.4 - 2026-05-08\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix open redirect in \u003ccode\u003eFailureApp\u003c/code\u003e via unvalidated \u003ccode\u003eReferer\u003c/code\u003e header on non-GET session timeout. CVE-2026-40295 \u003ca href=\"https://github.com/heartcombo/devise/security/advisories/GHSA-jp94-3292-c3xv\"\u003eGHSA-jp94-3292-c3xv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3 - 2026-03-16\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix race condition vulnerability on confirmable \u0026quot;change email\u0026quot; which would allow confirming an email they don't own CVE-2026-32700 \u003ca href=\"https://github.com/heartcombo/devise/security/advisories/GHSA-57hq-95w6-v4fc\"\u003eGHSA-57hq-95w6-v4fc\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5783\"\u003e#5783\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5784\"\u003e#5784\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2 - 2026-02-18\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eenhancements\n\u003cul\u003e\n\u003cli\u003eAllow resource class scopes to override the global configuration for \u003ccode\u003esign_in_after_change_password\u003c/code\u003e behaviour. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5825\"\u003e#5825\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eNote\u003c/em\u003e: some users ran into an issue with this change because \u003ccode\u003eRegistrationsController\u003c/code\u003e now relies on a setting from the \u003ccode\u003e:registerable\u003c/code\u003e module. These users were configuring their own routes pointing to the \u003ccode\u003eRegistrationsController\u003c/code\u003e for resource edit/update actions mostly, without relying on the other registration actions (e.g. user sign up.), so they omitted \u003ccode\u003e:registerable\u003c/code\u003e from the model declaration. While using just a portion of the controller functionality is a valid use for \u003ccode\u003e:registerable\u003c/code\u003e (or any module really), the module must still be declared in the model, much like the other modules must be declared if you plan on using just a portion of their behavior. Please check \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5828#issuecomment-3926822788\"\u003ethis issue\u003c/a\u003e for more info.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esign_in_after_reset_password?\u003c/code\u003e check hook to passwords controller, to allow it to be customized by users. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5826\"\u003e#5826\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1 - 2026-02-13\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebug fixes\n\u003cul\u003e\n\u003cli\u003eFix translation issue with German \u003ccode\u003eE-Mail\u003c/code\u003e on invalid authentication messages caused by previous fix for incorrect grammar \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5822\"\u003e#5822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0 - 2026-01-23\u003c/h3\u003e\n\u003cp\u003eno changes\u003c/p\u003e\n\u003ch3\u003e5.0.0.rc - 2025-12-31\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Ruby \u0026lt; 2.7\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Rails \u0026lt; 7.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003e:bypass\u003c/code\u003e option from \u003ccode\u003esign_in\u003c/code\u003e helper, use \u003ccode\u003ebypass_sign_in\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003edevise_error_messages!\u003c/code\u003e helper, use \u003ccode\u003erender \u0026quot;devise/shared/error_messages\u0026quot;, resource: resource\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003escope\u003c/code\u003e second argument from \u003ccode\u003esign_in(resource, :admin)\u003c/code\u003e controller test helper, use \u003ccode\u003esign_in(resource, scope: :admin)\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::TestHelpers\u003c/code\u003e, use \u003ccode\u003eDevise::Test::ControllerHelpers\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5598\"\u003e#5598\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise.activerecord51?\u003c/code\u003e method.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove \u003ccode\u003eSecretKeyFinder\u003c/code\u003e and use \u003ccode\u003eapp.secret_key_base\u003c/code\u003e as the default secret key for \u003ccode\u003eDevise.secret_key\u003c/code\u003e if a custom \u003ccode\u003eDevise.secret_key\u003c/code\u003e is not provided.\u003c/p\u003e\n\u003cp\u003eThis is potentially a breaking change because Devise previously used the following order to find a secret key:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eapp.credentials.secret_key_base \u0026gt; app.secrets.secret_key_base \u0026gt; application.config.secret_key_base \u0026gt; application.secret_key_base\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow, it always uses \u003ccode\u003eapplication.secret_key_base\u003c/code\u003e. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for \u003ccode\u003erecoverable\u003c/code\u003e, \u003ccode\u003elockable\u003c/code\u003e, and \u003ccode\u003econfirmable\u003c/code\u003e will be invalid.\n\u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5645\"\u003e#5645\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange password instructions button label on devise view from \u003ccode\u003eSend me reset password instructions\u003c/code\u003e to \u003ccode\u003eSend me password reset instructions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5515\"\u003e#5515\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange \u003ccode\u003e\u0026lt;br\u0026gt;\u003c/code\u003e tags separating form elements to wrapping them in \u003ccode\u003e\u0026lt;p\u0026gt;\u003c/code\u003e tags \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5494\"\u003e#5494\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReplace \u003ccode\u003e[data-turbo-cache=false]\u003c/code\u003e with \u003ccode\u003e[data-turbo-temporary]\u003c/code\u003e on \u003ccode\u003edevise/shared/error_messages\u003c/code\u003e partial. This has been \u003ca href=\"https://github.com/hotwired/turbo/releases/tag/v7.3.0\"\u003edeprecated by Turbo since v7.3.0 (released on Mar 1, 2023)\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/9ea459de9aec5f1217ad738c58e0d23fb9f5beaa\"\u003e\u003ccode\u003e9ea459d\u003c/code\u003e\u003c/a\u003e Release v5.0.4 with sec fix for timeoutable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/025fe2124f9928766fc46520e999633b598d0360\"\u003e\u003ccode\u003e025fe21\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/7ca7ed9c174525a4d36167441b35af4a0991b6af\"\u003e\u003ccode\u003e7ca7ed9\u003c/code\u003e\u003c/a\u003e Add GHSA link to the v5.0.3 sec fix changelog entry [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/605de86174c26b9f5b2618470249db2c225327d4\"\u003e\u003ccode\u003e605de86\u003c/code\u003e\u003c/a\u003e Update links to https [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/5e3a8bf3a01cc556185dbde47ecf3bb20c41b150\"\u003e\u003ccode\u003e5e3a8bf\u003c/code\u003e\u003c/a\u003e Bundle update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/5d202775d75ccee8c36a9ed72062f627202e29e2\"\u003e\u003ccode\u003e5d20277\u003c/code\u003e\u003c/a\u003e Cleanup old Rails.version check for db migration path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/4ffb0b7e88b627ac0575e475b279e0cc474b4ded\"\u003e\u003ccode\u003e4ffb0b7\u003c/code\u003e\u003c/a\u003e Fix Gemfile for Rails 7.2, incorrectly testing against 7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/2f809205b2a9112767e68e1a5666c649a42609c6\"\u003e\u003ccode\u003e2f80920\u003c/code\u003e\u003c/a\u003e Release v5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/53347074021b38590653b95523f9b7113e5dcfdc\"\u003e\u003ccode\u003e5334707\u003c/code\u003e\u003c/a\u003e Add CVE to changelog [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/02527772bd9adbc3357d9c62fbc16e73e438121d\"\u003e\u003ccode\u003e0252777\u003c/code\u003e\u003c/a\u003e Fix race condition vulnerability, by ensuring the \u003ccode\u003eunconfirmed_email\u003c/code\u003e is alwa...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/heartcombo/devise/compare/v4.9.4...v5.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.14.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/2ecd5e05388303087c3f6872ef7f98f260e9560f\"\u003e\u003ccode\u003e2ecd5e0\u003c/code\u003e\u003c/a\u003e Update version.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3f1280c69e93297d574e85a2d462d05ebadf1d09\"\u003e\u003ccode\u003e3f1280c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/81dc1688742ad30fa747daba5a82592a1e4df8a8\"\u003e\u003ccode\u003e81dc168\u003c/code\u003e\u003c/a\u003e Upgrade package.json packages using audit fix (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/8b4d1fd06fd47dd33f3720794d4df38498c240ec\"\u003e\u003ccode\u003e8b4d1fd\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a01039c948d3e9e41e03d152aed7244f0fb4d5ca\"\u003e\u003ccode\u003ea01039c\u003c/code\u003e\u003c/a\u003e fix(docs): fix incorrect link label in request-options and remove dead link i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/7df3f24bc32d309136c67d94a9f5e4679085af0d\"\u003e\u003ccode\u003e7df3f24\u003c/code\u003e\u003c/a\u003e Lint: Style/OneClassPerFile (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1668\"\u003e#1668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/c6988a840738760fae1a40d653fa2ccd0da425b9\"\u003e\u003ccode\u003ec6988a8\u003c/code\u003e\u003c/a\u003e Modernize RuboCop configuration and fix offenses (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/32e010f1c3d5cf0f854fd52df553adf9b29985f4\"\u003e\u003ccode\u003e32e010f\u003c/code\u003e\u003c/a\u003e Add Ruby 4 to CI (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jwt` from 3.1.2 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c\"\u003e\u003ccode\u003e0b6f800\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fa19073546360856e9f4dab221fc2c5d73a45e82\"\u003e\u003ccode\u003efa19073\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c\"\u003e\u003ccode\u003e4933c1e\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53\"\u003e\u003ccode\u003e707c0f1\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b8a1665824a43d71cd6406cf9adcae842ceb1c22\"\u003e\u003ccode\u003eb8a1665\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b\"\u003e\u003ccode\u003e8159a9c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.8 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.8...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erb` from 6.0.1 to 6.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/releases\"\u003eerb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.3...v6.0.4\"\u003ehttps://github.com/ruby/erb/compare/v6.0.3...v6.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude dependabot updates from release note by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/101\"\u003eruby/erb#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: rename BDSL to BSDL by \u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze src in initialize by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse tag instead of branch with lewagon/wait-on-check-action by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/107\"\u003eruby/erb#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: exclude some files from published gem by \u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.3\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude dependabot updates from release note by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/101\"\u003eruby/erb#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: rename BDSL to BSDL by \u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze src in initialize by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/blob/master/NEWS.md\"\u003eerb's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude some files from published gem \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFreeze \u003ccode\u003esrc\u003c/code\u003e in \u003ccode\u003eERB#initialize\u003c/code\u003e for Ractor compatibility \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/4d2b45e140044f464794c0463d838d5cb4bba96c\"\u003e\u003ccode\u003e4d2b45e\u003c/code\u003e\u003c/a\u003e Version 6.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9d017be4e375cdd058650ce528ee6adfead20cac\"\u003e\u003ccode\u003e9d017be\u003c/code\u003e\u003c/a\u003e Prohibit def_method on marshal-loaded ERB instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9c8fa8a339605c6edf058805cc549a6afa70cb31\"\u003e\u003ccode\u003e9c8fa8a\u003c/code\u003e\u003c/a\u003e Version 6.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/0ebc6aef1caeb7c8df2e5e4b821d3eb539b5a166\"\u003e\u003ccode\u003e0ebc6ae\u003c/code\u003e\u003c/a\u003e Bump rubygems/release-gem from 1.1.2 to 1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/25a729a9985378a029b7df23f0b2795bf47c47e4\"\u003e\u003ccode\u003e25a729a\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.15.0 to 2.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9820802399770bc56b986ee65510ae93fd20103a\"\u003e\u003ccode\u003e9820802\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/261136602a4e9079360575b805180df2c6877eb6\"\u003e\u003ccode\u003e2611366\u003c/code\u003e\u003c/a\u003e Bump lewagon/wait-on-check-action from 1.5.0 to 1.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/890d87f02d18be5735f18d817c7f6dc49f62dd4a\"\u003e\u003ccode\u003e890d87f\u003c/code\u003e\u003c/a\u003e Use github.token instead of missing MATZBOT_DEPENDABOT_MERGE_TOKEN secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/afc32b6dd1a6b2c41a15e6ac10ac3f6899de42f9\"\u003e\u003ccode\u003eafc32b6\u003c/code\u003e\u003c/a\u003e Fix dependabot auto-merge by using GH_TOKEN env var\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/2fd0a6b71c0db9d5b0b14aaaab4d1768d54e7600\"\u003e\u003ccode\u003e2fd0a6b\u003c/code\u003e\u003c/a\u003e fix: exclude some files from published gem (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json` from 2.19.1 to 2.19.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-06-03 (2.19.8)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5233dd9b851a4924f793aec1a1658ed8b66a34c7\"\u003e\u003ccode\u003e5233dd9\u003c/code\u003e\u003c/a\u003e Release 2.19.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/3f44b26cf34f37e97065ff37f5eaecac69d5f28e\"\u003e\u003ccode\u003e3f44b26\u003c/code\u003e\u003c/a\u003e Prevent buffer over-read when generating EOF error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/be8d068a8eb1124fdc2273e102dc986edf1140f7\"\u003e\u003ccode\u003ebe8d068\u003c/code\u003e\u003c/a\u003e Handle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/59501c07de4257714d94a2d5bd44f08fad1a4a4c\"\u003e\u003ccode\u003e59501c0\u003c/code\u003e\u003c/a\u003e Get rid of all_images gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c7a7b2be6f20e52439f4fdc5263e9b539fc6ad6c\"\u003e\u003ccode\u003ec7a7b2b\u003c/code\u003e\u003c/a\u003e Add a security note in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `loofah` from 2.25.0 to 2.25.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/flavorjones/loofah/releases\"\u003eloofah's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.25.1 / 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003eLoofah::HTML5::Scrub.allowed_uri?\u003c/code\u003e recognizes unescaped whitespace entities and rejects schemas containing them. See \u003ca href=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-46fp-8f5p-pf2m\"\u003eGHSA-46fp-8f5p-pf2m\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md\"\u003eloofah's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.25.1 / 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003eLoofah::HTML5::Scrub.allowed_uri?\u003c/code\u003e recognizes unescaped whitespace entities and rejects schemas containing them. See \u003ca href=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-46fp-8f5p-pf2m\"\u003eGHSA-46fp-8f5p-pf2m\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/c895c8b2ac9c7255ca10c4e3083b8f0b019b7189\"\u003e\u003ccode\u003ec895c8b\u003c/code\u003e\u003c/a\u003e version bump to v2.25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/f4ebc9c5193dde759a57541062e490e86fc7c068\"\u003e\u003ccode\u003ef4ebc9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e from flavorjones/flavorjones/better-allowed-uri\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/9f4e5dbd79f63775b3ad6196fa391f8e807da156\"\u003e\u003ccode\u003e9f4e5db\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003eallowed_uri?\u003c/code\u003e to handle unescaped whitespace entities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/e6f47515f642b1868f9025e85429301fa6f8bb20\"\u003e\u003ccode\u003ee6f4751\u003c/code\u003e\u003c/a\u003e doc: Move security reporting to Github\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/flavorjones/loofah/compare/v2.25.0...v2.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 0.8.0 to 0.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.9.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_delete\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eMCP::Client::Stdio\u003c/code\u003e transport (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProgress notifications per MCP specification (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAutomatic \u003ccode\u003e_meta\u003c/code\u003e parameter extraction support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCORS and Accept wildcard support for browser-based MCP clients (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eautoload\u003c/code\u003e to defer loading of unused subsystems (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce release package size (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse mutex-protected \u003ccode\u003esession_exists?\u003c/code\u003e in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/blob/main/CHANGELOG.md\"\u003emcp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.9.2] - 2026-03-27\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.9.1] - 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_delete\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.9.0] - 2026-03-20\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eMCP::Client::Stdio\u003c/code\u003e transport (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProgress notifications per MCP specification (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAutomatic \u003ccode\u003e_meta\u003c/code\u003e parameter extraction support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCORS and Accept wildcard support for browser-based MCP clients (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eautoload\u003c/code\u003e to defer loading of unused subsystems (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce release package size (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse mutex-protected \u003ccode\u003esession_exists?\u003c/code\u003e in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/3fc7bcd2683d2200d42f79ab46752dc65f896db1\"\u003e\u003ccode\u003e3fc7bcd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/272\"\u003e#272\u003c/a\u003e from koic/release_0_9_2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/8fbc2b46313479cdbf5afbb44045583f94e813e3\"\u003e\u003ccode\u003e8fbc2b4\u003c/code\u003e\u003c/a\u003e Release 0.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/6b092797c90183099b88f86ada44b27dea340d6f\"\u003e\u003ccode\u003e6b09279\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e from koic/use_accessor_in_server_context_with_meta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/a2575b24e5f48943f4f0b66b6632b917fe803116\"\u003e\u003ccode\u003ea2575b2\u003c/code\u003e\u003c/a\u003e Use accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/e189d7852a80d63c00bd488fe5f58420673aaa87\"\u003e\u003ccode\u003ee189d78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/db40143402d65b4fb6923cec42d2d72cb89b3874\"\u003e\u003ccode\u003edb40143\u003c/code\u003e\u003c/a\u003e Reject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/3b1fc72fb50dfe3685e5d5387820b86d25f60e94\"\u003e\u003ccode\u003e3b1fc72\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/267\"\u003e#267\u003c/a\u003e from koic/release_0_9_1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/f29259c0b1f540c56acd977ed17f938c3388b641\"\u003e\u003ccode\u003ef29259c\u003c/code\u003e\u003c/a\u003e Release 0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/ccddd87e96f66ddd00884fda906a08634303fa05\"\u003e\u003ccode\u003eccddd87\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e from koic/allow_client_call_tool_to_accept_a_tool_name\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/73070f1fd7e8e69658c5f13e10212d537ffc3799\"\u003e\u003ccode\u003e73070f1\u003c/code\u003e\u003c/a\u003e Allow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/compare/v0.8.0...v0.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `net-imap` from 0.5.12 to 0.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/net-imap/releases\"\u003enet-imap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e🔒 Security\u003c/h3\u003e\n\u003cp\u003eThis release contains fixes for \u003cstrong\u003emultiple vulnerabilities\u003c/strong\u003e concerning \u003cem\u003e\u003cstrong\u003e\u003ccode\u003eSTARTTLS\u003c/code\u003e stripping\u003c/strong\u003e\u003c/em\u003e, argument validation, and denial of service attacks.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/665\"\u003eruby/net-imap#665\u003c/a\u003e fixes a \u003ccode\u003eSTARTTLS\u003c/code\u003e stripping vulnerability (GHSA-vcgp-9326-pqcp).\nWithout this fix, a man-in-the-middle attacker can cause \u003ccode\u003eNet::IMAP#starttls\u003c/code\u003e to return \u0026quot;successfully\u0026quot;, \u003cstrong\u003e\u003cem\u003ewithout starting TLS\u003c/em\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nArgument validation is significantly improved.  Several command injection vulnerabilities have been fixed:\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via Symbol arguments (GHSA-75xq-5h9v-w6px).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003eattr\u003c/code\u003e argument to \u003ccode\u003e#store\u003c/code\u003e/\u003ccode\u003e#uid_store\u003c/code\u003e (GHSA-hm49-wcqc-g2xg)\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003estorage_limit\u003c/code\u003e argument to \u003ccode\u003e#setquota\u003c/code\u003e (GHSA-hm49-wcqc-g2xg).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command injection via \u003ccode\u003eRawData\u003c/code\u003e (GHSA-hm49-wcqc-g2xg):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#search\u003c/code\u003e and \u003ccode\u003e#uid_search\u003c/code\u003e send \u003ccode\u003ecriteria\u003c/code\u003e as raw data, when it is a String\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e#fetch\u003c/code\u003e and \u003ccode\u003e#uid_fetch\u003c/code\u003e send \u003ccode\u003eattr\u003c/code\u003e as raw data, when it is a String.\nWhen \u003ccode\u003eattr\u003c/code\u003e is an Array, its String members are sent as raw data.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!CAUTION]\n\u003ccode\u003eRawData\u003c/code\u003e does not defend against \u003cem\u003eother\u003c/em\u003e forms of argument injection!  It is an intentionally low-level API.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nTwo denial of service vulnerabilities have been addressed.\nThese are generally only relevant when connecting to an \u003cem\u003euntrusted hostile server\u003c/em\u003e (or without TLS).\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/650\"\u003eruby/net-imap#650\u003c/a\u003e fixes quadratic time complexity when reading large responses containing many string literals (GHSA-q2mw-fvj9-vvcw).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/656\"\u003eruby/net-imap#656\u003c/a\u003e adds a configurable \u003ccode\u003emax_iterations\u003c/code\u003e count for \u003ccode\u003eSCRAM-*\u003c/code\u003e authentication (GHSA-87pf-fpwv-p7m7).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 Add \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/654\"\u003e#654\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/656\"\u003eruby/net-imap#656\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 Fix STARTTLS stripping vulnerability (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/665\"\u003eruby/net-imap#665\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔒 Fix CRLF injection vulnerabilities (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/657\"\u003e#657\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/658\"\u003e#658\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/659\"\u003e#659\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/660\"\u003e#660\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/636\"\u003e#636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/661\"\u003e#661\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e, reported by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e⚡ Much faster ResponseReader performance (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/642\"\u003e#642\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/650\"\u003eruby/net-imap#650\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 Config \u003ccode\u003eversion_defaults\u003c/code\u003e should be attr_reader (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/594\"\u003e#594\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/631\"\u003eruby/net-imap#631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 Wait to continue RawData literals (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/660\"\u003e#660\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️  Improve internal literal sending (partially backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/616\"\u003e#616\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/649\"\u003e#649\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/652\"\u003eruby/net-imap#652\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Fix Data polyfill tests for ruby 4.1 by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/632\"\u003eruby/net-imap#632\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/net-imap/compare/v0.5.13...v0.5.14\"\u003ehttps://github.com/ruby/net-imap/compare/v0.5.13...v0.5.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/4063bc1d1d3e21046544ed7a2c131e5f886bab01\"\u003e\u003ccode\u003e4063bc1\u003c/code\u003e\u003c/a\u003e 🔖 Bump version to 0.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da\"\u003e\u003ccode\u003ef79d35b\u003c/code\u003e\u003c/a\u003e 🔀 Merge pull request \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/665\"\u003e#665\u003c/a\u003e from ruby/backport/v0.5/STARTTLS-stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/b3ad198bdecd7f8f1342bf2f0191bc5261130383\"\u003e\u003ccode\u003eb3ad198\u003c/code\u003e\u003c/a\u003e 🍒 pick 24d5c773d: 🔒🥅 Handle tagged \u0026quot;OK\u0026quot; to incomplete command [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/7a233c57fdf319ad8f238072a60c27948dd44e89\"\u003e\u003ccode\u003e7a233c5\u003c/code\u003e\u003c/a\u003e 🍒 pick 62eea6ffe: 🔒🥅 Ensure STARTTLS tagged response was handled [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/a530fa7d0efba9e02aa88ea9b9835e4d5e58f308\"\u003e\u003ccode\u003ea530fa7\u003c/code\u003e\u003c/a\u003e 🍒 pick 46636cae8: ❌🔒 Add failing test for STARTTLS stripping [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/6...\n\n_Description has been truncated_","html_url":"https://github.com/yuuki2014/shiroichizu/pull/217","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuuki2014%2Fshiroichizu/issues/217","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/217/packages"}},{"old_version":"2.8.7","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-06-02T22:28:47.000Z","version_change":"2.8.7 → 2.9.0","issue":{"uuid":"4575412978","node_id":"PR_kwDOQp4dK87h_fBe","number":3,"state":"open","title":"chore(deps): bump the bundler group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:28:47.000Z","updated_at":"2026-06-02T22:29:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"bundler","update_count":7,"packages":[{"name":"activesupport","old_version":"7.2.2.1","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"aws-sdk-s3","old_version":"1.181.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"faraday","old_version":"1.10.4","new_version":"1.10.5","repository_url":"https://github.com/lostisland/faraday"},{"name":"json","old_version":"2.10.1","new_version":"2.10.2","repository_url":"https://github.com/ruby/json"},{"name":"jwt","old_version":"2.10.1","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"},{"name":"rexml","old_version":"3.4.1","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [activesupport](https://github.com/rails/rails) | `7.2.2.1` | `7.2.3.1` |\n| [addressable](https://github.com/sporkmonger/addressable) | `2.8.7` | `2.9.0` |\n| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.181.0` | `1.208.0` |\n| [faraday](https://github.com/lostisland/faraday) | `1.10.4` | `1.10.5` |\n| [json](https://github.com/ruby/json) | `2.10.1` | `2.10.2` |\n| [jwt](https://github.com/jwt/ruby-jwt) | `2.10.1` | `2.10.3` |\n| [rexml](https://github.com/ruby/rexml) | `3.4.1` | `3.4.2` |\n\n\nUpdates `activesupport` from 7.2.2.1 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.2.1...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.181.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 1.10.4 to 1.10.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport CVE-2026-25765 by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1665\"\u003elostisland/faraday#1665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ehttps://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/5c1d68aae6020c7a5398147356e5a42ca205bf80\"\u003e\u003ccode\u003e5c1d68a\u003c/code\u003e\u003c/a\u003e Version bump to 1.10.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/ea02c0ecbcd7ecc5553767f0cd97ec94eae6142b\"\u003e\u003ccode\u003eea02c0e\u003c/code\u003e\u003c/a\u003e Update rubocop complexity thresholds for security fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d0fc049beb0b0e4e3bd4a52711189130bba7c5f4\"\u003e\u003ccode\u003ed0fc049\u003c/code\u003e\u003c/a\u003e Backport security fix for CVE-2026-25765 to 1.x branch (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1665\"\u003e#1665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json` from 2.10.1 to 2.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e unadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/ruby/json/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2025-03-12 (2.10.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e inadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/350c1fd154eaf7840f696c623362478a9148166c\"\u003e\u003ccode\u003e350c1fd\u003c/code\u003e\u003c/a\u003e Release 2.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf\"\u003e\u003ccode\u003ec56db31\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cf242d89a0523bacd5238a59c77b33411b8c3208\"\u003e\u003ccode\u003ecf242d8\u003c/code\u003e\u003c/a\u003e Fix potential out of bound read in \u003ccode\u003ejson_string_unescape\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/57911f1ecf065c36cf36e6bc46fd037c675ceb55\"\u003e\u003ccode\u003e57911f1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/762\"\u003e#762\u003c/a\u003e from byroot/invalid-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7d0637b9e6e0269c88418b142cb9a1ef2799587d\"\u003e\u003ccode\u003e7d0637b\u003c/code\u003e\u003c/a\u003e Raise a ParserError on all incomplete unicode escape sequence.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c079793b7655b749a4d85f5c8e6bd2649fd31c0c\"\u003e\u003ccode\u003ec079793\u003c/code\u003e\u003c/a\u003e Avoid fast-path IO writes when IO has ext enc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ac30b69c06a2e4d21cca4875a7265c24f6ede5ed\"\u003e\u003ccode\u003eac30b69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/757\"\u003e#757\u003c/a\u003e from rahim/fix-generator-error-no-method-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/2e015ff839ed2044ead0fd27b63a912766270a1b\"\u003e\u003ccode\u003e2e015ff\u003c/code\u003e\u003c/a\u003e Fix JSON::GeneratorError#detailed_message with Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f3e113654fb61cb670ab70f2470dc26183c369e1\"\u003e\u003ccode\u003ef3e1136\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/756\"\u003e#756\u003c/a\u003e from byroot/utf8-snippets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e144793b7226c2df75c414749d6f87ab7fcf4dce\"\u003e\u003ccode\u003ee144793\u003c/code\u003e\u003c/a\u003e Ensure parser error snippets are valid UTF-8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jwt` from 2.10.1 to 2.10.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.1\"\u003ev3.2.1\u003c/a\u003e (NEXT)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.2.0...v3.2.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eYour contribution here\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix rejection of unknown algorithms from JWKs for RFC compliance and pquip \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/728\"\u003e#728\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/658275c3f20156df0656cf25d3e2129fa0fd2322\"\u003e\u003ccode\u003e658275c\u003c/code\u003e\u003c/a\u003e Version 2.10.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/67dc9d344ece2c18ff1f25621e10f5a692503191\"\u003e\u003ccode\u003e67dc9d3\u003c/code\u003e\u003c/a\u003e Backport: Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/c73c286901b88bd7c73ec72c5154da74b8533ba1\"\u003e\u003ccode\u003ec73c286\u003c/code\u003e\u003c/a\u003e Simplify CI on 2.10 branch (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7ff5f070ce696ed31d361238fda221d429786187\"\u003e\u003ccode\u003e7ff5f07\u003c/code\u003e\u003c/a\u003e Fix deprecation messages\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.4.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.4.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/EmilynnJ/jitsi-meet/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade Bundler dependencies to pick up security fixes and SDK improvements. Bumps `activesupport`, `addressable`, `aws-sdk-s3`, `faraday`, `json`, `jwt`, and `rexml` with no app code changes.\n\n- **Dependencies**\n  - `activesupport` 7.2.3.1 — security fixes and minor perf updates\n  - `addressable` 2.9.0 — fixes ReDoS in Template#match\n  - `aws-sdk-s3` 1.208.0 — SDK updates incl. encryption and checksum behavior\n  - `faraday` 1.10.5 — security fix\n  - `json` 2.10.2 — parser stability fixes\n  - `jwt` 2.10.3 — reject nil/empty HMAC keys (security)\n  - `rexml` 3.4.2 — performance and parsing improvements\n\n\u003csup\u003eWritten for commit 9f6a056a79f5089917c2f9c93714eabeea5fc4ce. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/jitsi-meet/pull/3?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 7 bundler dependencies in Gemfile.lock\n\u003e Updates the Ruby bundler lockfile with 7 dependency version bumps. No application logic changes are included.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 9f6a056.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/jitsi-meet/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fjitsi-meet/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"2.8.8","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-26T13:35:38.000Z","version_change":"2.8.8 → 2.9.0","issue":{"uuid":"4524547044","node_id":"PR_kwDOC0W56M7fbO48","number":22,"state":"open","title":"Bump the bundler group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T13:35:38.000Z","updated_at":"2026-05-26T13:36:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":3,"packages":[{"name":"addressable","old_version":"2.8.8","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"faraday","old_version":"2.14.1","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"},{"name":"nokogiri","old_version":"1.19.1","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 3 updates in the / directory: [addressable](https://github.com/sporkmonger/addressable), [faraday](https://github.com/lostisland/faraday) and [nokogiri](https://github.com/sparklemotion/nokogiri).\n\nUpdates `addressable` from 2.8.8 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.8...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.14.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/2ecd5e05388303087c3f6872ef7f98f260e9560f\"\u003e\u003ccode\u003e2ecd5e0\u003c/code\u003e\u003c/a\u003e Update version.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3f1280c69e93297d574e85a2d462d05ebadf1d09\"\u003e\u003ccode\u003e3f1280c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/81dc1688742ad30fa747daba5a82592a1e4df8a8\"\u003e\u003ccode\u003e81dc168\u003c/code\u003e\u003c/a\u003e Upgrade package.json packages using audit fix (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/8b4d1fd06fd47dd33f3720794d4df38498c240ec\"\u003e\u003ccode\u003e8b4d1fd\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a01039c948d3e9e41e03d152aed7244f0fb4d5ca\"\u003e\u003ccode\u003ea01039c\u003c/code\u003e\u003c/a\u003e fix(docs): fix incorrect link label in request-options and remove dead link i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/7df3f24bc32d309136c67d94a9f5e4679085af0d\"\u003e\u003ccode\u003e7df3f24\u003c/code\u003e\u003c/a\u003e Lint: Style/OneClassPerFile (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1668\"\u003e#1668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/c6988a840738760fae1a40d653fa2ccd0da425b9\"\u003e\u003ccode\u003ec6988a8\u003c/code\u003e\u003c/a\u003e Modernize RuboCop configuration and fix offenses (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/32e010f1c3d5cf0f854fd52df553adf9b29985f4\"\u003e\u003ccode\u003e32e010f\u003c/code\u003e\u003c/a\u003e Add Ruby 4 to CI (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.19.1 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/carlowahlstedt/carlowahlstedt.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/carlowahlstedt/carlowahlstedt.github.io/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlowahlstedt%2Fcarlowahlstedt.github.io/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"}},{"old_version":"2.8.4","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-18T19:37:07.000Z","version_change":"2.8.4 → 2.9.0","issue":{"uuid":"4472017836","node_id":"PR_kwDOPKm1Fs7cy_dL","number":34,"state":"closed","title":"Bump the bundler group across 9 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T20:32:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T19:37:07.000Z","updated_at":"2026-06-09T20:32:08.000Z","time_to_close":1904099,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":6,"packages":[{"name":"nokogiri","old_version":"1.13.8","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.4","new_version":"2.2.23","repository_url":"https://github.com/rack/rack"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"addressable","old_version":"2.8.4","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"faraday","old_version":"2.13.1","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"},{"name":"rack","old_version":"3.1.14","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"},{"name":"faraday","old_version":"2.11.0","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack), [addressable](https://github.com/sporkmonger/addressable), [faraday](https://github.com/lostisland/faraday), [rack-session](https://github.com/rack/rack-session) and [jwt](https://github.com/jwt/ruby-jwt) to permit the latest version.\nUpdates `nokogiri` from 1.13.8 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.13.8...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 2.2.4 to 2.2.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.4 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.4...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.13.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/2ecd5e05388303087c3f6872ef7f98f260e9560f\"\u003e\u003ccode\u003e2ecd5e0\u003c/code\u003e\u003c/a\u003e Update version.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3f1280c69e93297d574e85a2d462d05ebadf1d09\"\u003e\u003ccode\u003e3f1280c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/81dc1688742ad30fa747daba5a82592a1e4df8a8\"\u003e\u003ccode\u003e81dc168\u003c/code\u003e\u003c/a\u003e Upgrade package.json packages using audit fix (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/8b4d1fd06fd47dd33f3720794d4df38498c240ec\"\u003e\u003ccode\u003e8b4d1fd\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a01039c948d3e9e41e03d152aed7244f0fb4d5ca\"\u003e\u003ccode\u003ea01039c\u003c/code\u003e\u003c/a\u003e fix(docs): fix incorrect link label in request-options and remove dead link i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/7df3f24bc32d309136c67d94a9f5e4679085af0d\"\u003e\u003ccode\u003e7df3f24\u003c/code\u003e\u003c/a\u003e Lint: Style/OneClassPerFile (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1668\"\u003e#1668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/c6988a840738760fae1a40d653fa2ccd0da425b9\"\u003e\u003ccode\u003ec6988a8\u003c/code\u003e\u003c/a\u003e Modernize RuboCop configuration and fix offenses (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/32e010f1c3d5cf0f854fd52df553adf9b29985f4\"\u003e\u003ccode\u003e32e010f\u003c/code\u003e\u003c/a\u003e Add Ruby 4 to CI (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.14 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.4...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/releases\"\u003erack-session's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.11.0 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"ht...\n\n_Description has been truncated_","html_url":"https://github.com/useplato/gitlabhq/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/useplato%2Fgitlabhq/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"}},{"old_version":"2.8.7","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-18T18:35:05.000Z","version_change":"2.8.7 → 2.9.0","issue":{"uuid":"4471611584","node_id":"PR_kwDOPmBpWM7cxqM-","number":11,"state":"closed","title":"Bump the bundler group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T00:18:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T18:35:05.000Z","updated_at":"2026-05-27T00:18:24.000Z","time_to_close":711797,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":18,"packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"carrierwave","old_version":"1.3.4","new_version":"2.2.6","repository_url":"https://github.com/carrierwaveuploader/carrierwave"},{"name":"aws-sdk-s3","old_version":"1.198.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"view_component","old_version":"3.23.2","new_version":"4.11.0","repository_url":"https://github.com/viewcomponent/view_component"},{"name":"actionview","old_version":"8.0.2.1","new_version":"8.0.5","repository_url":"https://github.com/rails/rails"},{"name":"activestorage","old_version":"8.0.2.1","new_version":"8.0.5","repository_url":"https://github.com/rails/rails"},{"name":"activesupport","old_version":"8.0.2.1","new_version":"8.0.5","repository_url":"https://github.com/rails/rails"},{"name":"css_parser","old_version":"1.21.1","new_version":"1.22.0","repository_url":"https://github.com/premailer/css_parser"},{"name":"erb","old_version":"5.0.2","new_version":"6.0.4","repository_url":"https://github.com/ruby/erb"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [addressable](https://github.com/sporkmonger/addressable), [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [carrierwave](https://github.com/carrierwaveuploader/carrierwave), [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby), [view_component](https://github.com/viewcomponent/view_component), [actionview](https://github.com/rails/rails), [activestorage](https://github.com/rails/rails), [activesupport](https://github.com/rails/rails), [css_parser](https://github.com/premailer/css_parser), [erb](https://github.com/ruby/erb), [faraday](https://github.com/lostisland/faraday), [jwt](https://github.com/jwt/ruby-jwt), [net-imap](https://github.com/ruby/net-imap), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml), [uri](https://github.com/ruby/uri) and [yard](https://yardoc.org) to permit the latest version.\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `carrierwave` from 1.3.4 to 2.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/releases\"\u003ecarrierwave's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/blob/v2.2.6/CHANGELOG.md\"\u003ecarrierwave's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6 - 2024-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5 - 2023-11-29\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4 - 2023-06-10\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3 - 2022-11-21\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2 - 2021-05-28\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1 - 2021-03-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0 - 2021-02-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/eb6359e79fee43d1c480b0f50d9a585b3c3b1c1c\"\u003e\u003ccode\u003eeb6359e\u003c/code\u003e\u003c/a\u003e Version 2.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e\u003ccode\u003e4317871\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability remained\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/0fcff94cebce07b856531d6502b11466e8331409\"\u003e\u003ccode\u003e0fcff94\u003c/code\u003e\u003c/a\u003e Version 2.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e\u003ccode\u003e39b282d\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f91bee6487d8e5d8bd2c1a88dd25269a2c1e4d0\"\u003e\u003ccode\u003e2f91bee\u003c/code\u003e\u003c/a\u003e Version 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f2d77a42e9f871ae342920581050cc6669e5c7c\"\u003e\u003ccode\u003e2f2d77a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2665\"\u003e#2665\u003c/a\u003e from SuperTux88/backport-kwargs-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/52237f4992c1dd39dca3bdbac7aa6b242947915d\"\u003e\u003ccode\u003e52237f4\u003c/code\u003e\u003c/a\u003e fix: ruby 2.7 kwarg warning in uploader process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/bdb0be021107a75faabdce4121e493ad3efdcea4\"\u003e\u003ccode\u003ebdb0be0\u003c/code\u003e\u003c/a\u003e File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/ed8c518c8ac0186cb25623895ca40706a65bb7cd\"\u003e\u003ccode\u003eed8c518\u003c/code\u003e\u003c/a\u003e Forward to 1.x changelog for older changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/baf5df7d9acea95f46eaea456743241ef3d644f5\"\u003e\u003ccode\u003ebaf5df7\u003c/code\u003e\u003c/a\u003e Version 2.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/compare/v1.3.4...v2.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.198.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `view_component` from 3.23.2 to 4.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/viewcomponent/view_component/releases\"\u003eview_component's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erender_in\u003c/code\u003e signature to accept \u003ccode\u003e**_\u003c/code\u003e for compatibility with Rails \u003ca href=\"https://redirect.github.com/rails/rails/pull/50623\"\u003e#50623\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix translation scope resolution in nested lambda-backed slots. Relative \u003ccode\u003et(\u0026quot;.key\u0026quot;)\u003c/code\u003e calls inside lambda-backed slots were resolving against an intermediate component's scope instead of the original partial's scope where the block was defined.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eArtin Boghosian\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNameError: uninitialized constant ViewComponent::SystemTestControllerNefariousPathError\u003c/code\u003e when booting in the test environment with \u003ccode\u003eeager_load = true\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix yielded content rendered at wrong location when using form helpers.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e, \u003cem\u003eMarkus\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix path traversal vulnerability in \u003ccode\u003eViewComponentsSystemTestController\u003c/code\u003e where sibling directories sharing a string prefix with the allowed temp directory could bypass the path containment check. The \u003ccode\u003estart_with?\u003c/code\u003e check has been replaced with a separator-aware prefix check, and nefarious path errors now return a 404 instead of an unhandled exception.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix preview route vulnerability where inherited methods on \u003ccode\u003eViewComponent::Preview\u003c/code\u003e (such as \u003ccode\u003erender_with_template\u003c/code\u003e) could be invoked via the preview URL, allowing arbitrary internal Rails templates to be rendered with attacker-controlled locals and request parameters. \u003ccode\u003erender_args\u003c/code\u003e now raises \u003ccode\u003eAbstractController::ActionNotFound\u003c/code\u003e for any example not explicitly declared on the preview subclass.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eyard-lint\u003c/code\u003e to CI.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003ecompile.view_component\u003c/code\u003e ActiveSupport::Notifications event for eager compilation at boot time.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e, \u003cem\u003eGitHub Copilot\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix stale content cache when slots are accessed before \u003ccode\u003erender_in\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJared Armstrong\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd rubocop-view_component to resources.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eAndy Waite\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix bug where inheritance of components with formatless templates improperly raised a NoMethodError.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eGitHub Copilot\u003c/em\u003e, \u003cem\u003eJoel Hawksley\u003c/em\u003e, \u003cem\u003eCameron Dutro\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.6.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ViewComponent/view_component/blob/main/docs/CHANGELOG.md\"\u003eview_component's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003erender_in\u003c/code\u003e signature to accept \u003ccode\u003e**_\u003c/code\u003e for compatibility with Rails \u003ca href=\"https://redirect.github.com/rails/rails/pull/50623\"\u003e#50623\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix translation scope resolution in nested lambda-backed slots. Relative \u003ccode\u003et(\u0026quot;.key\u0026quot;)\u003c/code\u003e calls inside lambda-backed slots were resolving against an intermediate component's scope instead of the original partial's scope where the block was defined.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eArtin Boghosian\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNameError: uninitialized constant ViewComponent::SystemTestControllerNefariousPathError\u003c/code\u003e when booting in the test environment with \u003ccode\u003eeager_load = true\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix yielded content rendered at wrong location when using form helpers.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e, \u003cem\u003eMarkus\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix path traversal vulnerability in \u003ccode\u003eViewComponentsSystemTestController\u003c/code\u003e where sibling directories sharing a string prefix with the allowed temp directory could bypass the path containment check. The \u003ccode\u003estart_with?\u003c/code\u003e check has been replaced with a separator-aware prefix check, and nefarious path errors now return a 404 instead of an unhandled exception.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix preview route vulnerability where inherited methods on \u003ccode\u003eViewComponent::Preview\u003c/code\u003e (such as \u003ccode\u003erender_with_template\u003c/code\u003e) could be invoked via the preview URL, allowing arbitrary internal Rails templates to be rendered with attacker-controlled locals and request parameters. \u003ccode\u003erender_args\u003c/code\u003e now raises \u003ccode\u003eAbstractController::ActionNotFound\u003c/code\u003e for any example not explicitly declared on the preview subclass.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eyard-lint\u003c/code\u003e to CI.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003ecompile.view_component\u003c/code\u003e ActiveSupport::Notifications event for eager compilation at boot time.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJoel Hawksley\u003c/em\u003e, \u003cem\u003eGitHub Copilot\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix stale content cache when slots are accessed before \u003ccode\u003erender_in\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJared Armstrong\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd rubocop-view_component to resources.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eAndy Waite\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/b1f6917f3fe02589873c4ae95f7794e0bcb3b0ef\"\u003e\u003ccode\u003eb1f6917\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/viewcomponent/view_component/issues/2640\"\u003e#2640\u003c/a\u003e from ViewComponent/release-4-11-0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/f54b15a7b4cd9b27d9dd45e6907a9ef57d91b918\"\u003e\u003ccode\u003ef54b15a\u003c/code\u003e\u003c/a\u003e bump allocations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/49b66854d2d24fff1e3e3c4822cade917a1ea837\"\u003e\u003ccode\u003e49b6685\u003c/code\u003e\u003c/a\u003e release 4.11.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/e94672a5e27e52c793a8d1ddf68f60e2c5fd1afe\"\u003e\u003ccode\u003ee94672a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/viewcomponent/view_component/issues/2636\"\u003e#2636\u003c/a\u003e from ViewComponent/render_in_api\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/9360f6a1483b28fcfe9ae391543f61070e41937a\"\u003e\u003ccode\u003e9360f6a\u003c/code\u003e\u003c/a\u003e Fix appraisal naming consistency: use underscores throughout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/5b6e7320ab1dbba18f9066cc685a319142818ae5\"\u003e\u003ccode\u003e5b6e732\u003c/code\u003e\u003c/a\u003e whitespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/8a8e8c031eaef4bc52ec3eabf2bf7c615004a3a1\"\u003e\u003ccode\u003e8a8e8c0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/viewcomponent/view_component/issues/2634\"\u003e#2634\u003c/a\u003e from ViewComponent/dependabot/bundler/selenium-webdr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/346937739f4288a6defff13572bb58369d2fe874\"\u003e\u003ccode\u003e3469377\u003c/code\u003e\u003c/a\u003e Rename rails_main-head gemfile to use underscore for appraisal compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/da30a8f7d762e4ec1f4d316de782d5e2f1900c58\"\u003e\u003ccode\u003eda30a8f\u003c/code\u003e\u003c/a\u003e Fix Rails main compatibility issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ViewComponent/view_component/commit/635645d172cd395f9ca574d0d3edf7c456f43495\"\u003e\u003ccode\u003e635645d\u003c/code\u003e\u003c/a\u003e fix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/viewcomponent/view_component/compare/v3.23.2...v4.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 8.0.2.1 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.5\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix inflections to better handle overlapping acronyms.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.inflections(:en) do |inflect|\r\n  inflect.acronym \u0026quot;USD\u0026quot;\r\n  inflect.acronym \u0026quot;USDC\u0026quot;\r\nend\r\n\u003cp\u003e\u0026quot;USDC\u0026quot;.underscore # =\u0026gt; \u0026quot;usdc\u0026quot;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSilence Dalli 4.0+ warning when using \u003ccode\u003eActiveSupport::Cache::MemCacheStore\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ezzak\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake \u003ccode\u003edelegate\u003c/code\u003e and \u003ccode\u003edelegate_missing_to\u003c/code\u003e work in BasicObject subclasses.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eRafael Mendonça França\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eActiveSupport::Inflector.humanize\u003c/code\u003e with international characters.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.humanize(\u0026quot;áÉÍÓÚ\u0026quot;)  # =\u0026gt; \u0026quot;Áéíóú\u0026quot;\r\nActiveSupport::Inflector.humanize(\u0026quot;аБВГДЕ\u0026quot;) # =\u0026gt; \u0026quot;Абвгде\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cem\u003eJose Luis Duran\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003einsert_all\u003c/code\u003e and \u003ccode\u003eupsert_all\u003c/code\u003e log message when called on anonymous classes.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eGabriel Sobrinho\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRespect \u003ccode\u003eActiveRecord::SchemaDumper.ignore_tables\u003c/code\u003e when dumping SQLite virtual tables.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eHans Schnedlitz\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRestore previous instrumenter after \u003ccode\u003eexecute_or_skip\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/eb126bb140127d3589ad9be093a845e24fc4f475\"\u003e\u003ccode\u003eeb126bb\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.5 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/f7fe4a5297dac5e1184747ce53e0305c56f487c3\"\u003e\u003ccode\u003ef7fe4a5\u003c/code\u003e\u003c/a\u003e Merge branch '8-0-sec' into 8-0-stable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924\"\u003e\u003ccode\u003ec79a07d\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/853e56de62dcdec036228e56414b49049da5b83a\"\u003e\u003ccode\u003e853e56d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56906\"\u003e#56906\u003c/a\u003e from kataokatsuki/fix-strict-locals-non-ascii-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/f64c3d09ace91c011e0628c9d8cf6ea9874ffe9f\"\u003e\u003ccode\u003ef64c3d0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56891\"\u003e#56891\u003c/a\u003e from pietervisser/fix-collection-caching-to-preserv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0a8792a661211963068f76bdc5f158b873979927\"\u003e\u003ccode\u003e0a8792a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56389\"\u003e#56389\u003c/a\u003e from bogdan/semantic-file-input-accept\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ea29cee26f240ad46051be4ddf47d0351fce1a18\"\u003e\u003ccode\u003eea29cee\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56316\"\u003e#56316\u003c/a\u003e from shivabhusal/support-closing_parenthesis-in-nex...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/950d80c33c462f16897344f0293039b12fbb54ab\"\u003e\u003ccode\u003e950d80c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56270\"\u003e#56270\u003c/a\u003e from Saidbek/fix-multiline-strict-locals-parsing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 8.0.2.1 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.5\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix inflections to better handle overlapping acronyms.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.inflections(:en) do |inflect|\r\n  inflect.acronym \u0026quot;USD\u0026quot;\r\n  inflect.acronym \u0026quot;USDC\u0026quot;\r\nend\r\n\u003cp\u003e\u0026quot;USDC\u0026quot;.underscore # =\u0026gt; \u0026quot;usdc\u0026quot;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSilence Dalli 4.0+ warning when using \u003ccode\u003eActiveSupport::Cache::MemCacheStore\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ezzak\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake \u003ccode\u003edelegate\u003c/code\u003e and \u003ccode\u003edelegate_missing_to\u003c/code\u003e work in BasicObject subclasses.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eRafael Mendonça França\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eActiveSupport::Inflector.humanize\u003c/code\u003e with international characters.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.humanize(\u0026quot;áÉÍÓÚ\u0026quot;)  # =\u0026gt; \u0026quot;Áéíóú\u0026quot;\r\nActiveSupport::Inflector.humanize(\u0026quot;аБВГДЕ\u0026quot;) # =\u0026gt; \u0026quot;Абвгде\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cem\u003eJose Luis Duran\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003einsert_all\u003c/code\u003e and \u003ccode\u003eupsert_all\u003c/code\u003e log message when called on anonymous classes.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eGabriel Sobrinho\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRespect \u003ccode\u003eActiveRecord::SchemaDumper.ignore_tables\u003c/code\u003e when dumping SQLite virtual tables.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eHans Schnedlitz\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRestore previous instrumenter after \u003ccode\u003eexecute_or_skip\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/eb126bb140127d3589ad9be093a845e24fc4f475\"\u003e\u003ccode\u003eeb126bb\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.5 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/f7fe4a5297dac5e1184747ce53e0305c56f487c3\"\u003e\u003ccode\u003ef7fe4a5\u003c/code\u003e\u003c/a\u003e Merge branch '8-0-sec' into 8-0-stable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf\"\u003e\u003ccode\u003e955284d\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348\"\u003e\u003ccode\u003ea290c8a\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e\"\u003e\u003ccode\u003e8fcb934\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d7da4ef03f99035fba5add8828646f1e9173549c\"\u003e\u003ccode\u003ed7da4ef\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5\"\u003e\u003ccode\u003e2cd933c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/3dc1be9084c93d5b5990476bd153c18ae0ba3f4f\"\u003e\u003ccode\u003e3dc1be9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56783\"\u003e#56783\u003c/a\u003e from kudoas/fix-activestorage-blob-content-type-nil\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 8.0.2.1 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.5\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix inflections to better handle overlapping acronyms.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.inflections(:en) do |inflect|\r\n  inflect.acronym \u0026quot;USD\u0026quot;\r\n  inflect.acronym \u0026quot;USDC\u0026quot;\r\nend\r\n\u003cp\u003e\u0026quot;USDC\u0026quot;.underscore # =\u0026gt; \u0026quot;usdc\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSilence Dalli 4.0+ warning when using \u003ccode\u003eActiveSupport::Cache::MemCacheStore\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ezzak\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake \u003ccode\u003edelegate\u003c/code\u003e and \u003ccode\u003edelegate_missing_to\u003c/code\u003e work in BasicObject subclasses.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eRafael Mendonça França\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eActiveSupport::Inflector.humanize\u003c/code\u003e with international characters.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.humanize(\u0026quot;áÉÍÓÚ\u0026quot;)  # =\u0026gt; \u0026quot;Áéíóú\u0026quot;\r\nActiveSupport::Inflector.humanize(\u0026quot;аБВГДЕ\u0026quot;) # =\u0026gt; \u0026quot;Абвгде\u0026quot;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cem\u003eJose Luis Duran\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003einsert_all\u003c/code\u003e and \u003ccode\u003eupsert_all\u003c/code\u003e log message when called on anonymous classes.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eGabriel Sobrinho\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRespect \u003ccode\u003eActiveRecord::SchemaDumper.ignore_tables\u003c/code\u003e when dumping SQLite virtual tables.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eHans Schnedlitz\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRestore previous instrumenter after \u003ccode\u003eexecute_or_skip\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/eb126bb140127d3589ad9be093a845e24fc4f475\"\u003e\u003ccode\u003eeb126bb\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.5 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/f7fe4a5297dac5e1184747ce53e0305c56f487c3\"\u003e\u003ccode\u003ef7fe4a5\u003c/code\u003e\u003c/a\u003e Merge branch '8-0-sec' into 8-0-stable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11\"\u003e\u003ccode\u003e29154f1\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db\"\u003e\u003ccode\u003e6e8a811\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856\"\u003e\u003ccode\u003eee2c59e\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/5b6ad9db89b30b48753cced1fb261781a716fcb4\"\u003e\u003ccode\u003e5b6ad9d\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0b0daad4cf655374fff8d7d7c959a0230079c335\"\u003e\u003ccode\u003e0b0daad\u003c/code\u003e\u003c/a\u003e [DOC] Update CHANGELOG with key overwrite precedence note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/40acbf77827bd8196b25d8fc31abc9d129088d03\"\u003e\u003ccode\u003e40acbf7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56679\"\u003e#56679\u003c/a\u003e from Saidbek/fix-overlapping-acronyms-order\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `css_parser` from 1.21.1 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/premailer/css_parser/blob/master/CHANGELOG.md\"\u003ecss_parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRuby CSS Parser CHANGELOG\u003c/h2\u003e\n\u003ch3\u003eUnreleased\u003c/h3\u003e\n\u003ch3\u003eVersion 2.2.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAccept CSS \u003ccode\u003e\u0026lt;number\u0026gt;\u003c/code\u003e values with an omitted integer part (e.g. \u003ccode\u003e.1\u003c/code\u003e) inside \u003ccode\u003ergb()\u003c/code\u003e/\u003ccode\u003ergba()\u003c/code\u003e/\u003ccode\u003ehsl()\u003c/code\u003e/\u003ccode\u003ehsla()\u003c/code\u003e. Previously \u003ccode\u003eRE_COLOUR_NUMERIC\u003c/code\u003e and \u003ccode\u003eRE_COLOUR_NUMERIC_ALPHA\u003c/code\u003e required at least one digit before the decimal point, which caused colours such as \u003ccode\u003ergba(0,0,0,.1)\u003c/code\u003e to be silently dropped during shorthand expansion (\u003ccode\u003ebackground-color\u003c/code\u003e from \u003ccode\u003ebackground:\u003c/code\u003e, \u003ccode\u003eborder-*-color\u003c/code\u003e from \u003ccode\u003eborder:\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate ssl when pulling files via https\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ruby \u0026lt;3.2, fix a memory leak\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/040895b7e554f4afbbf1a0dbd239eb2b85de7c32\"\u003e\u003ccode\u003e040895b\u003c/code\u003e\u003c/a\u003e v1.22.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/5069b71b4258dc9423db0019848654e8a1ea5c9b\"\u003e\u003ccode\u003e5069b71\u003c/code\u003e\u003c/a\u003e bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/e0c95d5abe91b237becb90ff316531a6547ada18\"\u003e\u003ccode\u003ee0c95d5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/premailer/css_parser/issues/186\"\u003e#186\u003c/a\u003e from premailer/grosser/https\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/premailer/css_parser/compare/v1.21.1...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erb` from 5.0.2 to 6.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease not...\n\n_Description has been truncated_","html_url":"https://github.com/EthanThePhoenix38/openproject/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EthanThePhoenix38%2Fopenproject/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"}},{"old_version":"2.8.7","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-15T08:45:31.000Z","version_change":"2.8.7 → 2.9.0","issue":{"uuid":"4452555902","node_id":"PR_kwDOPnYUEs7b2G16","number":182,"state":"open","title":"Bump addressable from 2.8.7 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-15T08:45:31.000Z","updated_at":"2026-05-15T09:04:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.7 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/aistomin/aistomin.com/pull/182","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aistomin%2Faistomin.com/issues/182","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/182/packages"}},{"old_version":"2.8.7","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-14T08:41:24.000Z","version_change":"2.8.7 → 2.9.0","issue":{"uuid":"4444489367","node_id":"PR_kwDOIgEX4M7bca91","number":572,"state":"closed","title":"chore(deps): bump addressable from 2.8.7 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-14T08:45:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T08:41:24.000Z","updated_at":"2026-05-14T08:45:42.000Z","time_to_close":252,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.7 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=addressable\u0026package-manager=bundler\u0026previous-version=2.8.7\u0026new-version=2.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Apadmi-Engineering/Mockzilla/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Apadmi-Engineering/Mockzilla/pull/572","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Apadmi-Engineering%2FMockzilla/issues/572","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/572/packages"}},{"old_version":"2.8.0","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-12T02:35:06.000Z","version_change":"2.8.0 → 2.9.0","issue":{"uuid":"4425741184","node_id":"PR_kwDOED3WRc7af5hz","number":104,"state":"closed","title":"Bump addressable from 2.8.0 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-12T09:12:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T02:35:06.000Z","updated_at":"2026-05-12T09:12:20.000Z","time_to_close":23832,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"addressable","old_version":"2.8.0","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.0 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.4 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore \u003ccode\u003eAddressable::IDNA.unicode_normalize_kc\u003c/code\u003e as a deprecated method (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/504\"\u003esporkmonger/addressable#504\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.3 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix template expand level 2 hash support for non-string objects (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/499\"\u003e#499\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/498\"\u003e#498\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.0...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=addressable\u0026package-manager=bundler\u0026previous-version=2.8.0\u0026new-version=2.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CalConnect/cc-digital-addresses/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/CalConnect/cc-digital-addresses/pull/104","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/CalConnect%2Fcc-digital-addresses/issues/104","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/104/packages"}},{"old_version":"2.8.5","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-09T11:14:44.000Z","version_change":"2.8.5 → 2.9.0","issue":{"uuid":"4412315511","node_id":"PR_kwDOOclWfc7Z1g6m","number":37,"state":"open","title":"Bump the bundler group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T11:14:44.000Z","updated_at":"2026-05-09T11:14:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":6,"packages":[{"name":"activesupport","old_version":"7.0.6","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.5","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"faraday","old_version":"2.7.10","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"google-protobuf","old_version":"3.23.4","new_version":"3.25.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"nokogiri","old_version":"1.15.3","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rexml","old_version":"3.2.6","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [activesupport](https://github.com/rails/rails), [addressable](https://github.com/sporkmonger/addressable), [faraday](https://github.com/lostisland/faraday), [google-protobuf](https://github.com/protocolbuffers/protobuf), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rexml](https://github.com/ruby/rexml) to permit the latest version.\nUpdates `activesupport` from 7.0.6 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.0.6...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.5 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.5...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.7.10 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.7.10...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-protobuf` from 3.23.4 to 3.25.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/70e85ae1f994ee91001a18d9b5b4688ac027c03d\"\u003e\u003ccode\u003e70e85ae\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.5-dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/489aba5b55bb994bcd130a43e20cc9be3be04adf\"\u003e\u003ccode\u003e489aba5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15984\"\u003e#15984\u003c/a\u003e from mkruskal-google/staleness-fix-25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/367c7bea8dd5505f817f41e052e50caa694fb0e6\"\u003e\u003ccode\u003e367c7be\u003c/code\u003e\u003c/a\u003e Regen stale files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/bbbd2dea0e508289d45b48612e4659a230708209\"\u003e\u003ccode\u003ebbbd2de\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.4-dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/fc222b9420e19d902e0aee5a6a95274dbbc2fc06\"\u003e\u003ccode\u003efc222b9\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.3-dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ac04475591db12de14e89d3d750519c2ca9a4cc\"\u003e\u003ccode\u003e6ac0447\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.2-dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7f94235e552599141950d7a4a3eaf93bc87d1b22\"\u003e\u003ccode\u003e7f94235\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4b00c75ecbc40389615ddf5482dbabc3a354eea\"\u003e\u003ccode\u003ee4b00c7\u003c/code\u003e\u003c/a\u003e Add support for extensions in CRuby, JRuby, and FFI Ruby (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/14703\"\u003e#14703\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/14756\"\u003e#14756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/2495d4f96bf4edcc4f770ceb27ae98c71a56fcdb\"\u003e\u003ccode\u003e2495d4f\u003c/code\u003e\u003c/a\u003e Add support for options in CRuby, JRuby and FFI (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/14594\"\u003e#14594\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/14739\"\u003e#14739\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6b5d8db01fe47478e8d400f550e797e6230d464e\"\u003e\u003ccode\u003e6b5d8db\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protocolbuffers/protobuf/compare/v3.23.4...v3.25.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.15.3 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.15.3...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.2.6 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.2.6...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/maptimedavis.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/maptimedavis.github.io/pull/37","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Fmaptimedavis.github.io/issues/37","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/37/packages"}},{"old_version":"2.8.7","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-08T18:07:18.000Z","version_change":"2.8.7 → 2.9.0","issue":{"uuid":"4408412988","node_id":"PR_kwDOPmBpWM7ZouAY","number":8,"state":"closed","title":"Bump the bundler group across 1 directory with 16 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T00:00:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T18:07:18.000Z","updated_at":"2026-05-09T00:00:02.000Z","time_to_close":21162,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":16,"packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"carrierwave","old_version":"1.3.4","new_version":"2.2.6","repository_url":"https://github.com/carrierwaveuploader/carrierwave"},{"name":"aws-sdk-s3","old_version":"1.198.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"actionview","old_version":"8.0.2.1","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activestorage","old_version":"8.0.2.1","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activesupport","old_version":"8.0.2.1","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"css_parser","old_version":"1.21.1","new_version":"1.22.0","repository_url":"https://github.com/premailer/css_parser"},{"name":"erb","old_version":"5.0.2","new_version":"6.0.1.1","repository_url":"https://github.com/ruby/erb"},{"name":"faraday","old_version":"2.13.4","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [addressable](https://github.com/sporkmonger/addressable), [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [carrierwave](https://github.com/carrierwaveuploader/carrierwave), [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby), [actionview](https://github.com/rails/rails), [activestorage](https://github.com/rails/rails), [activesupport](https://github.com/rails/rails), [css_parser](https://github.com/premailer/css_parser), [erb](https://github.com/ruby/erb), [faraday](https://github.com/lostisland/faraday), [net-imap](https://github.com/ruby/net-imap), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml), [uri](https://github.com/ruby/uri) and [yard](https://yardoc.org) to permit the latest version.\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `carrierwave` from 1.3.4 to 2.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/releases\"\u003ecarrierwave's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/blob/v2.2.6/CHANGELOG.md\"\u003ecarrierwave's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6 - 2024-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5 - 2023-11-29\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4 - 2023-06-10\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3 - 2022-11-21\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2 - 2021-05-28\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1 - 2021-03-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0 - 2021-02-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/eb6359e79fee43d1c480b0f50d9a585b3c3b1c1c\"\u003e\u003ccode\u003eeb6359e\u003c/code\u003e\u003c/a\u003e Version 2.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e\u003ccode\u003e4317871\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability remained\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/0fcff94cebce07b856531d6502b11466e8331409\"\u003e\u003ccode\u003e0fcff94\u003c/code\u003e\u003c/a\u003e Version 2.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e\u003ccode\u003e39b282d\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f91bee6487d8e5d8bd2c1a88dd25269a2c1e4d0\"\u003e\u003ccode\u003e2f91bee\u003c/code\u003e\u003c/a\u003e Version 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f2d77a42e9f871ae342920581050cc6669e5c7c\"\u003e\u003ccode\u003e2f2d77a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2665\"\u003e#2665\u003c/a\u003e from SuperTux88/backport-kwargs-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/52237f4992c1dd39dca3bdbac7aa6b242947915d\"\u003e\u003ccode\u003e52237f4\u003c/code\u003e\u003c/a\u003e fix: ruby 2.7 kwarg warning in uploader process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/bdb0be021107a75faabdce4121e493ad3efdcea4\"\u003e\u003ccode\u003ebdb0be0\u003c/code\u003e\u003c/a\u003e File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/ed8c518c8ac0186cb25623895ca40706a65bb7cd\"\u003e\u003ccode\u003eed8c518\u003c/code\u003e\u003c/a\u003e Forward to 1.x changelog for older changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/baf5df7d9acea95f46eaea456743241ef3d644f5\"\u003e\u003ccode\u003ebaf5df7\u003c/code\u003e\u003c/a\u003e Version 2.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/compare/v1.3.4...v2.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.198.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 8.0.2.1 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924\"\u003e\u003ccode\u003ec79a07d\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2f3eb21bd6da9a4935314d4a0663c473c4d33700\"\u003e\u003ccode\u003e2f3eb21\u003c/code\u003e\u003c/a\u003e Sync CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/9ab450a023290ff50ed37c8561880a78dabbf19a\"\u003e\u003ccode\u003e9ab450a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55490\"\u003e#55490\u003c/a\u003e from Earlopain/bump-rubocop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/95bee6a4c8132b4caf53e073f7b01ce5cdeed4a6\"\u003e\u003ccode\u003e95bee6a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55738\"\u003e#55738\u003c/a\u003e from skipkayhil/hm-nkxzsnnrqqlyrotw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6409b24dd20ee4076ec3dbefba9edc3376bf13f1\"\u003e\u003ccode\u003e6409b24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55719\"\u003e#55719\u003c/a\u003e from skipkayhil/hm-fix-label-for-namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0160f42886e2ebeb7a0680f073b870326f14c12a\"\u003e\u003ccode\u003e0160f42\u003c/code\u003e\u003c/a\u003e Sync CHANGELOGs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 8.0.2.1 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf\"\u003e\u003ccode\u003e955284d\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348\"\u003e\u003ccode\u003ea290c8a\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e\"\u003e\u003ccode\u003e8fcb934\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d7da4ef03f99035fba5add8828646f1e9173549c\"\u003e\u003ccode\u003ed7da4ef\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5\"\u003e\u003ccode\u003e2cd933c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/82f2c96c394b0cf2c2208a7cbf8ebb4fa591ebd6\"\u003e\u003ccode\u003e82f2c96\u003c/code\u003e\u003c/a\u003e Disable GCS tests in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 8.0.2.1 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11\"\u003e\u003ccode\u003e29154f1\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db\"\u003e\u003ccode\u003e6e8a811\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856\"\u003e\u003ccode\u003eee2c59e\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/5b6ad9db89b30b48753cced1fb261781a716fcb4\"\u003e\u003ccode\u003e5b6ad9d\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0ddf2c97b27d25aa1e450545d59ff867df31253f\"\u003e\u003ccode\u003e0ddf2c9\u003c/code\u003e\u003c/a\u003e Delete test that now fails with new version of benchmark gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/3c7a8a8208221c3f01bc841a8f7015ea00e86427\"\u003e\u003ccode\u003e3c7a8a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55864\"\u003e#55864\u003c/a\u003e from RicardoTrindade/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/00e1dfa973ce121d767c299a02d05b028caf8b5c\"\u003e\u003ccode\u003e00e1dfa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2.1...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `css_parser` from 1.21.1 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/premailer/css_parser/blob/master/CHANGELOG.md\"\u003ecss_parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRuby CSS Parser CHANGELOG\u003c/h2\u003e\n\u003ch3\u003eUnreleased\u003c/h3\u003e\n\u003ch3\u003eVersion 2.2.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAccept CSS \u003ccode\u003e\u0026lt;number\u0026gt;\u003c/code\u003e values with an omitted integer part (e.g. \u003ccode\u003e.1\u003c/code\u003e) inside \u003ccode\u003ergb()\u003c/code\u003e/\u003ccode\u003ergba()\u003c/code\u003e/\u003ccode\u003ehsl()\u003c/code\u003e/\u003ccode\u003ehsla()\u003c/code\u003e. Previously \u003ccode\u003eRE_COLOUR_NUMERIC\u003c/code\u003e and \u003ccode\u003eRE_COLOUR_NUMERIC_ALPHA\u003c/code\u003e required at least one digit before the decimal point, which caused colours such as \u003ccode\u003ergba(0,0,0,.1)\u003c/code\u003e to be silently dropped during shorthand expansion (\u003ccode\u003ebackground-color\u003c/code\u003e from \u003ccode\u003ebackground:\u003c/code\u003e, \u003ccode\u003eborder-*-color\u003c/code\u003e from \u003ccode\u003eborder:\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate ssl when pulling files via https\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ruby \u0026lt;3.2, fix a memory leak\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/040895b7e554f4afbbf1a0dbd239eb2b85de7c32\"\u003e\u003ccode\u003e040895b\u003c/code\u003e\u003c/a\u003e v1.22.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/5069b71b4258dc9423db0019848654e8a1ea5c9b\"\u003e\u003ccode\u003e5069b71\u003c/code\u003e\u003c/a\u003e bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/e0c95d5abe91b237becb90ff316531a6547ada18\"\u003e\u003ccode\u003ee0c95d5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/premailer/css_parser/issues/186\"\u003e#186\u003c/a\u003e from premailer/grosser/https\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/premailer/css_parser/compare/v1.21.1...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erb` from 5.0.2 to 6.0.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/releases\"\u003eerb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix typo in changelog by \u003ca href=\"https://github.com/hunchr\"\u003e\u003ccode\u003e@​hunchr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/96\"\u003eruby/erb#96\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/97\"\u003eruby/erb#97\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.13.1 to 2.13.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/98\"\u003eruby/erb#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed by \u003ccode\u003emisspell -w -error -source=text\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/99\"\u003eruby/erb#99\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze ERB::Compiler::TrimScanner::ERB_STAG by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/100\"\u003eruby/erb#100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hunchr\"\u003e\u003ccode\u003e@​hunchr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/96\"\u003eruby/erb#96\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/100\"\u003eruby/erb#100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/ruby/erb/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the latest versions of actions: push-gem.yml by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/90\"\u003eruby/erb#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in documentation by \u003ca href=\"https://github.com/suy\"\u003e\u003ccode\u003e@​suy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/91\"\u003eruby/erb#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag shown in example of ERB expression tag and execution tag by \u003ca href=\"https://github.com/sampart\"\u003e\u003ccode\u003e@​sampart\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/92\"\u003eruby/erb#92\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] Suppress documentation for internals by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/93\"\u003eruby/erb#93\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace Ruby 3.5 with Ruby 4.0 by \u003ca href=\"https://github.com/yahonda\"\u003e\u003ccode\u003e@​yahonda\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/94\"\u003eruby/erb#94\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReapply \u0026quot;Remove safe_level and further positional arguments (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/7\"\u003e#7\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/95\"\u003eruby/erb#95\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/suy\"\u003e\u003ccode\u003e@​suy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/91\"\u003eruby/erb#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sampart\"\u003e\u003ccode\u003e@​sampart\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/92\"\u003eruby/erb#92\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahonda\"\u003e\u003ccode\u003e@​yahonda\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/94\"\u003eruby/erb#94\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v5.1.3...v6.0.0\"\u003ehttps://github.com/ruby/erb/compare/v5.1.3...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v5.1.2...v5.1.3\"\u003ehttps://github.com/ruby/erb/compare/v5.1.2...v5.1.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor html_escape by \u003ca href=\"https://github.com/noteflakes\"\u003e\u003ccode\u003e@​noteflakes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/88\"\u003eruby/erb#88\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echangelog_uri\u003c/code\u003e to spec metadata by \u003ca href=\"https://github.com/jgarber623\"\u003e\u003ccode\u003e@​jgarber623\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/89\"\u003eruby/erb#89\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber623\"\u003e\u003ccode\u003e@​jgarber623\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/89\"\u003eruby/erb#89\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v5.1.1...v5.1.2\"\u003ehttps://github.com/ruby/erb/compare/v5.1.1...v5.1.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/blob/master/NEWS.md\"\u003eerb's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFreeze \u003ccode\u003eERB::Compiler::TrimScanner::ERB_STAG\u003c/code\u003e for Ractor compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003esafe_level\u003c/code\u003e and further positional arguments from \u003ccode\u003eERB.new\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated constant \u003ccode\u003eERB::Revision\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRelease v5.1.2 with trusted publishing for JRuby\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003echangelog_uri\u003c/code\u003e to spec metadata \u003ca href=\"https://redirect.github.com/ruby/erb/pull/89\"\u003eruby/erb#89\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix integer overflow that is introduced at v5.1.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehtml_escape: Avoid buffer allocation for strings with no escapable character \u003ca href=\"https://redirect.github.com/ruby/erb/pull/87\"\u003eruby/erb#87\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate help of erb(1) \u003ca href=\"https://redirect.github.com/ruby/erb/pull/85\"\u003e#85\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/93450765b5319cfb552a3d9719df137e8fbb75e9\"\u003e\u003ccode\u003e9345076\u003c/code\u003e\u003c/a\u003e Version 6.0.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/dd34ce41031327269a5fb83b0bc2c0d852895e9f\"\u003e\u003ccode\u003edd34ce4\u003c/code\u003e\u003c/a\u003e Prohibit def_method on marshal-loaded ERB instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/bbde68fcd562f376b24e17ea7fbfcb0ab6f47261\"\u003e\u003ccode\u003ebbde68f\u003c/code\u003e\u003c/a\u003e Version 6.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/43f087659566d04d283cd05d28ba21ed8c24b1e6\"\u003e\u003ccode\u003e43f0876\u003c/code\u003e\u003c/a\u003e Freeze ERB::Compiler::TrimScanner::ERB_STAG (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/2aa3a6800e51182b1967151919e956d7dcff972d\"\u003e\u003ccode\u003e2aa3a68\u003c/code\u003e\u003c/a\u003e Fixed by \u003ccode\u003emisspell -w -error -source=text\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/99\"\u003e#99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/f91b2600a43af8a89c273bd8922289d873d9e259\"\u003e\u003ccode\u003ef91b260\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.13.1 to 2.13.2 (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/98\"\u003e#98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/543500f238220fdcf414d4a52afc80703bcadf2a\"\u003e\u003ccode\u003e543500f\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/b23452a4796ea2cec9d1f92a93e39b50d5efe9bc\"\u003e\u003ccode\u003eb23452a\u003c/code\u003e\u003c/a\u003e Fix typo in changelog (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/bbaaf1f51bd1b327f6b74931d41d9a24fe769901\"\u003e\u003ccode\u003ebbaaf1f\u003c/code\u003e\u003c/a\u003e Version 6.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/1f83b2578fd58b98a9abb8540f99cf2843d84dd5\"\u003e\u003ccode\u003e1f83b25\u003c/code\u003e\u003c/a\u003e Drop a deprecated constant ERB::Revision\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/erb/compare/v5.0.2...v6.0.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.13.4 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca h...\n\n_Description has been truncated_","html_url":"https://github.com/EthanThePhoenix38/openproject/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EthanThePhoenix38%2Fopenproject/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"2.8.7","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-08T14:13:08.000Z","version_change":"2.8.7 → 2.9.0","issue":{"uuid":"4407025879","node_id":"PR_kwDOOTp4f87ZkHDn","number":11,"state":"closed","title":"Bump the bundler group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-08T23:56:46.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T14:13:08.000Z","updated_at":"2026-05-08T23:56:48.000Z","time_to_close":35018,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":17,"packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.7","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"carrierwave","old_version":"1.3.4","new_version":"2.2.6","repository_url":"https://github.com/carrierwaveuploader/carrierwave"},{"name":"aws-sdk-s3","old_version":"1.183.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"actionview","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activerecord","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activestorage","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activesupport","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"css_parser","old_version":"1.21.1","new_version":"1.22.0","repository_url":"https://github.com/premailer/css_parser"},{"name":"faraday","old_version":"2.12.2","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [addressable](https://github.com/sporkmonger/addressable), [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [carrierwave](https://github.com/carrierwaveuploader/carrierwave), [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby), [actionview](https://github.com/rails/rails), [activerecord](https://github.com/rails/rails), [activestorage](https://github.com/rails/rails), [activesupport](https://github.com/rails/rails), [css_parser](https://github.com/premailer/css_parser), [faraday](https://github.com/lostisland/faraday), [net-imap](https://github.com/ruby/net-imap), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml), [ruby-saml](https://github.com/saml-toolkits/ruby-saml), [uri](https://github.com/ruby/uri) and [yard](https://yardoc.org) to permit the latest version.\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.7 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.7...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `carrierwave` from 1.3.4 to 2.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/releases\"\u003ecarrierwave's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/blob/v2.2.6/CHANGELOG.md\"\u003ecarrierwave's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6 - 2024-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5 - 2023-11-29\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4 - 2023-06-10\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3 - 2022-11-21\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2 - 2021-05-28\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1 - 2021-03-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0 - 2021-02-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/eb6359e79fee43d1c480b0f50d9a585b3c3b1c1c\"\u003e\u003ccode\u003eeb6359e\u003c/code\u003e\u003c/a\u003e Version 2.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e\u003ccode\u003e4317871\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability remained\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/0fcff94cebce07b856531d6502b11466e8331409\"\u003e\u003ccode\u003e0fcff94\u003c/code\u003e\u003c/a\u003e Version 2.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e\u003ccode\u003e39b282d\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f91bee6487d8e5d8bd2c1a88dd25269a2c1e4d0\"\u003e\u003ccode\u003e2f91bee\u003c/code\u003e\u003c/a\u003e Version 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f2d77a42e9f871ae342920581050cc6669e5c7c\"\u003e\u003ccode\u003e2f2d77a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2665\"\u003e#2665\u003c/a\u003e from SuperTux88/backport-kwargs-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/52237f4992c1dd39dca3bdbac7aa6b242947915d\"\u003e\u003ccode\u003e52237f4\u003c/code\u003e\u003c/a\u003e fix: ruby 2.7 kwarg warning in uploader process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/bdb0be021107a75faabdce4121e493ad3efdcea4\"\u003e\u003ccode\u003ebdb0be0\u003c/code\u003e\u003c/a\u003e File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/ed8c518c8ac0186cb25623895ca40706a65bb7cd\"\u003e\u003ccode\u003eed8c518\u003c/code\u003e\u003c/a\u003e Forward to 1.x changelog for older changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/baf5df7d9acea95f46eaea456743241ef3d644f5\"\u003e\u003ccode\u003ebaf5df7\u003c/code\u003e\u003c/a\u003e Version 2.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/compare/v1.3.4...v2.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.183.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924\"\u003e\u003ccode\u003ec79a07d\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2f3eb21bd6da9a4935314d4a0663c473c4d33700\"\u003e\u003ccode\u003e2f3eb21\u003c/code\u003e\u003c/a\u003e Sync CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/9ab450a023290ff50ed37c8561880a78dabbf19a\"\u003e\u003ccode\u003e9ab450a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55490\"\u003e#55490\u003c/a\u003e from Earlopain/bump-rubocop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/95bee6a4c8132b4caf53e073f7b01ce5cdeed4a6\"\u003e\u003ccode\u003e95bee6a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55738\"\u003e#55738\u003c/a\u003e from skipkayhil/hm-nkxzsnnrqqlyrotw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6409b24dd20ee4076ec3dbefba9edc3376bf13f1\"\u003e\u003ccode\u003e6409b24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55719\"\u003e#55719\u003c/a\u003e from skipkayhil/hm-fix-label-for-namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0160f42886e2ebeb7a0680f073b870326f14c12a\"\u003e\u003ccode\u003e0160f42\u003c/code\u003e\u003c/a\u003e Sync CHANGELOGs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activerecord` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactiverecord's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2f3eb21bd6da9a4935314d4a0663c473c4d33700\"\u003e\u003ccode\u003e2f3eb21\u003c/code\u003e\u003c/a\u003e Sync CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6981fd2fbeadc8bc7db6547604cf2df13cb18a40\"\u003e\u003ccode\u003e6981fd2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55969\"\u003e#55969\u003c/a\u003e from rails/fix-explain-tests-mysql-9.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/52347e0467445b350f482838da5bb503c155eb72\"\u003e\u003ccode\u003e52347e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55938\"\u003e#55938\u003c/a\u003e from aidanharan/truthy-condition-mssql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d2826215f9c9c1fe2f1c91e292171a042be1e9c5\"\u003e\u003ccode\u003ed282621\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55925\"\u003e#55925\u003c/a\u003e from flavorjones/flavorjones/shard-swap-prohibition...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/511dbf2665746e54240c07b93b0d0ddc184873f9\"\u003e\u003ccode\u003e511dbf2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55907\"\u003e#55907\u003c/a\u003e from ruyrocha/fix/sqlite3-data-loss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bf9219d62aed746260e853cebe98503c8c27cdd5\"\u003e\u003ccode\u003ebf9219d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55918\"\u003e#55918\u003c/a\u003e from baarde/with-bound-sql-literals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/865bc776d039645bd4b7f2c826ab4e0aaadf51b6\"\u003e\u003ccode\u003e865bc77\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55332\"\u003e#55332\u003c/a\u003e from zzak/re-54882\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/dee79c4a74723ce8016b2e96e3d6d5723f673aa6\"\u003e\u003ccode\u003edee79c4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55778\"\u003e#55778\u003c/a\u003e from ianterrell/ianterrell/fix-autosave-changed-via...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf\"\u003e\u003ccode\u003e955284d\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348\"\u003e\u003ccode\u003ea290c8a\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e\"\u003e\u003ccode\u003e8fcb934\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d7da4ef03f99035fba5add8828646f1e9173549c\"\u003e\u003ccode\u003ed7da4ef\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5\"\u003e\u003ccode\u003e2cd933c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/82f2c96c394b0cf2c2208a7cbf8ebb4fa591ebd6\"\u003e\u003ccode\u003e82f2c96\u003c/code\u003e\u003c/a\u003e Disable GCS tests in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11\"\u003e\u003ccode\u003e29154f1\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db\"\u003e\u003ccode\u003e6e8a811\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856\"\u003e\u003ccode\u003eee2c59e\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/5b6ad9db89b30b48753cced1fb261781a716fcb4\"\u003e\u003ccode\u003e5b6ad9d\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0ddf2c97b27d25aa1e450545d59ff867df31253f\"\u003e\u003ccode\u003e0ddf2c9\u003c/code\u003e\u003c/a\u003e Delete test that now fails with new version of benchmark gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/3c7a8a8208221c3f01bc841a8f7015ea00e86427\"\u003e\u003ccode\u003e3c7a8a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55864\"\u003e#55864\u003c/a\u003e from RicardoTrindade/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/00e1dfa973ce121d767c299a02d05b028caf8b5c\"\u003e\u003ccode\u003e00e1dfa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `css_parser` from 1.21.1 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/premailer/css_parser/blob/master/CHANGELOG.md\"\u003ecss_parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRuby CSS Parser CHANGELOG\u003c/h2\u003e\n\u003ch3\u003eUnreleased\u003c/h3\u003e\n\u003ch3\u003eVersion 2.2.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAccept CSS \u003ccode\u003e\u0026lt;number\u0026gt;\u003c/code\u003e values with an omitted integer part (e.g. \u003ccode\u003e.1\u003c/code\u003e) inside \u003ccode\u003ergb()\u003c/code\u003e/\u003ccode\u003ergba()\u003c/code\u003e/\u003ccode\u003ehsl()\u003c/code\u003e/\u003ccode\u003ehsla()\u003c/code\u003e. Previously \u003ccode\u003eRE_COLOUR_NUMERIC\u003c/code\u003e and \u003ccode\u003eRE_COLOUR_NUMERIC_ALPHA\u003c/code\u003e required at least one digit before the decimal point, which caused colours such as \u003ccode\u003ergba(0,0,0,.1)\u003c/code\u003e to be silently dropped during shorthand expansion (\u003ccode\u003ebackground-color\u003c/code\u003e from \u003ccode\u003ebackground:\u003c/code\u003e, \u003ccode\u003eborder-*-color\u003c/code\u003e from \u003ccode\u003eborder:\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate ssl when pulling files via https\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion 2.0.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop ruby \u0026lt;3.2, fix a memory leak\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/040895b7e554f4afbbf1a0dbd239eb2b85de7c32\"\u003e\u003ccode\u003e040895b\u003c/code\u003e\u003c/a\u003e v1.22.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/5069b71b4258dc9423db0019848654e8a1ea5c9b\"\u003e\u003ccode\u003e5069b71\u003c/code\u003e\u003c/a\u003e bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/premailer/css_parser/commit/e0c95d5abe91b237becb90ff316531a6547ada18\"\u003e\u003ccode\u003ee0c95d5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/premailer/css_parser/issues/186\"\u003e#186\u003c/a\u003e from premailer/grosser/https\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/premailer/css_parser/compare/v1.21.1...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.12.2 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent ...\n\n_Description has been truncated_","html_url":"https://github.com/LelandParker/openproject/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/LelandParker%2Fopenproject/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"}},{"old_version":"2.8.7","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-07T08:42:01.000Z","version_change":"2.8.7 → 2.9.0","issue":{"uuid":"4397358819","node_id":"PR_kwDOLTgSI87ZEe49","number":175,"state":"open","title":"Bump the bundler group across 2 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-07T08:42:01.000Z","updated_at":"2026-05-07T08:42:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":5,"packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"net-imap","old_version":"0.6.3","new_version":"0.6.4","repository_url":"https://github.com/ruby/net-imap"},{"name":"nokogiri","old_version":"1.19.2","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the /examples/stacks/jekyll/myblog directory: [addressable](https://github.com/sporkmonger/addressable) and [rexml](https://github.com/ruby/rexml).\nBumps the bundler group with 4 updates in the /examples/stacks/rails/blog directory: [addressable](https://github.com/sporkmonger/addressable), [net-imap](https://github.com/ruby/net-imap), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `net-imap` from 0.6.3 to 0.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/net-imap/releases\"\u003enet-imap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e🔒 Security\u003c/h3\u003e\n\u003cp\u003eThis release contains fixes for \u003cstrong\u003emultiple vulnerabilities\u003c/strong\u003e concerning \u003cem\u003e\u003cstrong\u003e\u003ccode\u003eSTARTTLS\u003c/code\u003e stripping\u003c/strong\u003e\u003c/em\u003e, argument validation, and denial of service attacks.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/664\"\u003eruby/net-imap#664\u003c/a\u003e fixes a \u003ccode\u003eSTARTTLS\u003c/code\u003e stripping vulnerability (GHSA-vcgp-9326-pqcp).\nWithout this fix, a man-in-the-middle attacker can cause \u003ccode\u003eNet::IMAP#starttls\u003c/code\u003e to return \u0026quot;successfully\u0026quot;, \u003cstrong\u003e\u003cem\u003ewithout starting TLS\u003c/em\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nArgument validation is significantly improved.  Several injection vulnerabilities have been fixed:\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/657\"\u003eruby/net-imap#657\u003c/a\u003e fixes CRLF/command/argument injection via Symbol arguments (GHSA-75xq-5h9v-w6px).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/658\"\u003eruby/net-imap#658\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003eattr\u003c/code\u003e argument to \u003ccode\u003e#store\u003c/code\u003e/\u003ccode\u003e#uid_store\u003c/code\u003e (GHSA-hm49-wcqc-g2xg)\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/659\"\u003eruby/net-imap#659\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003estorage_limit\u003c/code\u003e argument to \u003ccode\u003e#setquota\u003c/code\u003e (GHSA-hm49-wcqc-g2xg).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/660\"\u003eruby/net-imap#660\u003c/a\u003e fixes CRLF/command injection via \u003ccode\u003eRawData\u003c/code\u003e (GHSA-hm49-wcqc-g2xg):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#search\u003c/code\u003e and \u003ccode\u003e#uid_search\u003c/code\u003e send \u003ccode\u003ecriteria\u003c/code\u003e as raw data, when it is a String\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e#fetch\u003c/code\u003e and \u003ccode\u003e#uid_fetch\u003c/code\u003e send \u003ccode\u003eattr\u003c/code\u003e as raw data, when it is a String.\nWhen \u003ccode\u003eattr\u003c/code\u003e is an Array, its String members are sent as raw data.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!CAUTION]\n\u003ccode\u003eRawData\u003c/code\u003e does not defend against \u003cem\u003eother\u003c/em\u003e forms of argument injection!  It is an intentionally low-level API.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nTwo denial of service vulnerabilities have been addressed.\nThese are generally only relevant when connecting to an \u003cem\u003euntrusted hostile server\u003c/em\u003e (or without TLS).\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003eruby/net-imap#642\u003c/a\u003e fixes quadratic time complexity when reading large responses containing many string literals (GHSA-q2mw-fvj9-vvcw).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/654\"\u003eruby/net-imap#654\u003c/a\u003e adds a configurable \u003ccode\u003emax_iterations\u003c/code\u003e count for \u003ccode\u003eSCRAM-*\u003c/code\u003e authentication (GHSA-87pf-fpwv-p7m7).\u003c/p\u003e\n\u003cp\u003eThe default \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e is \u003ccode\u003e2**31 - 1\u003c/code\u003e (max 32-bit signed int), which was already OpenSSL's maximum value.  \u003cem\u003eIt provides no protection\u003c/em\u003e against hostile servers unless it is explicitly set to a lower value by the user.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⚡ \u003ccode\u003eResponseReader\u003c/code\u003e memoizes \u003ccode\u003eConfig#max_response_size\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003eruby/net-imap#642\u003c/a\u003e.\nChanges to \u003ccode\u003e#max_response_size\u003c/code\u003e now take effect once per response, not on every \u003ccode\u003eIO#read\u003c/code\u003e.\n\u003cem\u003eNOTE: It is not expected that this will affect any current usage.\u003c/em\u003e  See \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003ethe PR\u003c/a\u003e for details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Support \u003ccode\u003eBINARY\u003c/code\u003e extention to \u003ccode\u003e#append\u003c/code\u003e (RFC3516)  by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/616\"\u003eruby/net-imap#616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ Support \u003ccode\u003eLITERAL+\u003c/code\u003e and \u003ccode\u003eLITERAL-\u003c/code\u003e non-synchronizing literals (RFC7888) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/649\"\u003eruby/net-imap#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔒 Add \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/654\"\u003eruby/net-imap#654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🏷️ Add \u003ccode\u003enumber64\u003c/code\u003e and \u003ccode\u003enz-number64\u003c/code\u003e to NumValidator by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/625\"\u003eruby/net-imap#625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e♻️ Add \u003ccode\u003eMailboxQuota#quota_root\u003c/code\u003e alias by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/636\"\u003eruby/net-imap#636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔍 Simplify \u003ccode\u003eNet::IMAP#inspect\u003c/code\u003e with basic state by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/612\"\u003eruby/net-imap#612\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🥅 Add \u003ccode\u003eResponseParseError#parser_methods\u003c/code\u003e (and override \u003ccode\u003e#==\u003c/code\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/615\"\u003eruby/net-imap#615\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/3e490673dca65d0cfeeeb3fbf1fdaa188d6f27c4\"\u003e\u003ccode\u003e3e49067\u003c/code\u003e\u003c/a\u003e 🔖 Bump version to 0.6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618\"\u003e\u003ccode\u003e0ede4c4\u003c/code\u003e\u003c/a\u003e 🔀 Merge pull request \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e from ruby/security/STARTTLS-stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/51ae3604cabe1e8cfeeb888ff5ef6b9215fe1a65\"\u003e\u003ccode\u003e51ae360\u003c/code\u003e\u003c/a\u003e ♻️ Add command response handler before command is sent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/24d5c773d1bb76ca1cd0a26b2218195011c16969\"\u003e\u003ccode\u003e24d5c77\u003c/code\u003e\u003c/a\u003e 🔒🥅 Handle tagged \u0026quot;OK\u0026quot; to incomplete command\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/62eea6ffe1e390060065169474f97edbc42bd2b2\"\u003e\u003ccode\u003e62eea6f\u003c/code\u003e\u003c/a\u003e 🔒🥅 Ensure STARTTLS tagged response was handled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/46636cae8af68a4080c434b853fba1738c7c2587\"\u003e\u003ccode\u003e46636ca\u003c/code\u003e\u003c/a\u003e ❌🔒 Add failing test for STARTTLS stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/e3b010509109eb4acc1d7e4365624e848ef0b45b\"\u003e\u003ccode\u003ee3b0105\u003c/code\u003e\u003c/a\u003e ✅♻️ Inline current STARTLS stripping test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/be32e712eb2ee90a0a2c78752bf19196582ed4d8\"\u003e\u003ccode\u003ebe32e71\u003c/code\u003e\u003c/a\u003e 📚 Improve documentation of RawData arguments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f\"\u003e\u003ccode\u003e47c7218\u003c/code\u003e\u003c/a\u003e 🐛 Validate RawData and wait to continue literals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974\"\u003e\u003ccode\u003e0ec4fd3\u003c/code\u003e\u003c/a\u003e 🥅 Validate \u003ccode\u003e#setquota\u003c/code\u003e storage limit argument\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/net-imap/compare/v0.6.3...v0.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.19.2 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.2...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SherfeyInv/devbox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SherfeyInv/devbox/pull/175","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Fdevbox/issues/175","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/175/packages"}},{"old_version":"2.8.0","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-05T23:55:34.000Z","version_change":"2.8.0 → 2.9.0","issue":{"uuid":"4387807225","node_id":"PR_kwDOAhkQOM7YlWQ6","number":3,"state":"closed","title":"Bump addressable from 2.8.0 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-06T00:10:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-05T23:55:34.000Z","updated_at":"2026-05-06T00:10:20.000Z","time_to_close":884,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"addressable","old_version":"2.8.0","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.0 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.4 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore \u003ccode\u003eAddressable::IDNA.unicode_normalize_kc\u003c/code\u003e as a deprecated method (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/504\"\u003e#504\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/504\"\u003esporkmonger/addressable#504\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.3 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix template expand level 2 hash support for non-string objects (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/499\"\u003e#499\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/498\"\u003e#498\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.0...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=addressable\u0026package-manager=bundler\u0026previous-version=2.8.0\u0026new-version=2.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alexasiu/alexasiu.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/alexasiu/alexasiu.github.io/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexasiu%2Falexasiu.github.io/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"2.8.7","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-02T22:57:58.000Z","version_change":"2.8.7 → 2.9.0","issue":{"uuid":"4370306288","node_id":"PR_kwDOAuX_M87XtAae","number":30,"state":"closed","title":"build(deps-dev): bump the bundler group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-02T23:10:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-02T22:57:58.000Z","updated_at":"2026-05-02T23:10:53.000Z","time_to_close":773,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev): bump","group_name":"bundler","update_count":4,"packages":[{"name":"activesupport","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"faraday","old_version":"2.13.4","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 4 updates in the / directory: [activesupport](https://github.com/rails/rails), [addressable](https://github.com/sporkmonger/addressable), [faraday](https://github.com/lostisland/faraday) and [nokogiri](https://github.com/sparklemotion/nokogiri).\n\nUpdates `activesupport` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11\"\u003e\u003ccode\u003e29154f1\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db\"\u003e\u003ccode\u003e6e8a811\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856\"\u003e\u003ccode\u003eee2c59e\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/5b6ad9db89b30b48753cced1fb261781a716fcb4\"\u003e\u003ccode\u003e5b6ad9d\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0ddf2c97b27d25aa1e450545d59ff867df31253f\"\u003e\u003ccode\u003e0ddf2c9\u003c/code\u003e\u003c/a\u003e Delete test that now fails with new version of benchmark gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/3c7a8a8208221c3f01bc841a8f7015ea00e86427\"\u003e\u003ccode\u003e3c7a8a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55864\"\u003e#55864\u003c/a\u003e from RicardoTrindade/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/00e1dfa973ce121d767c299a02d05b028caf8b5c\"\u003e\u003ccode\u003e00e1dfa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.13.4 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Kaurin/kaurin.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Kaurin/kaurin.github.io/pull/30","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kaurin%2Fkaurin.github.io/issues/30","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/30/packages"}},{"old_version":"2.8.9","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-02T20:43:45.000Z","version_change":"2.8.9 → 2.9.0","issue":{"uuid":"4369977883","node_id":"PR_kwDOMoa2087XsAnD","number":42,"state":"closed","title":"chore(deps-dev): bump addressable from 2.8.9 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-02T20:57:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-02T20:43:45.000Z","updated_at":"2026-05-02T20:57:40.000Z","time_to_close":834,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev)","packages":[{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.9 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.9...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/gormus/discourse-notification-banners/pull/42","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gormus%2Fdiscourse-notification-banners/issues/42","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/42/packages"}},{"old_version":"2.8.7","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-04-28T07:21:10.000Z","version_change":"2.8.7 → 2.9.0","issue":{"uuid":"4341314366","node_id":"PR_kwDOAAXsEc7WPO92","number":2038,"state":"open","title":"Bump addressable from 2.8.7 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T07:21:10.000Z","updated_at":"2026-05-01T03:57:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.7 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/openaustralia/planningalerts/pull/2038","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/openaustralia%2Fplanningalerts/issues/2038","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2038/packages"}},{"old_version":"2.8.5","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-04-27T23:18:44.000Z","version_change":"2.8.5 → 2.9.0","issue":{"uuid":"4339431823","node_id":"PR_kwDOKtvoEc7WJMB9","number":3,"state":"open","title":"chore(deps): bump addressable from 2.8.5 to 2.9.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-27T23:18:44.000Z","updated_at":"2026-04-27T23:19:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"addressable","old_version":"2.8.5","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.5 to 2.9.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.5...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=addressable\u0026package-manager=bundler\u0026previous-version=2.8.5\u0026new-version=2.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ajnx/AlanOnTheInternet.com/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ajnx/AlanOnTheInternet.com/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajnx%2FAlanOnTheInternet.com/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"2.8.9","new_version":"2.9.0","update_type":"minor","path":null,"pr_created_at":"2026-04-24T16:18:08.000Z","version_change":"2.8.9 → 2.9.0","issue":{"uuid":"4324215707","node_id":"PR_kwDOHjM3g87VZfyP","number":65,"state":"closed","title":"build(deps): bump the bundler group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-02T08:02:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-24T16:18:08.000Z","updated_at":"2026-05-02T08:02:06.000Z","time_to_close":661437,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"bundler","update_count":3,"packages":[{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"erb","old_version":"6.0.2","new_version":"6.0.4","repository_url":"https://github.com/ruby/erb"},{"name":"yard","old_version":"0.9.38","new_version":"0.9.42"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 3 updates in the / directory: [addressable](https://github.com/sporkmonger/addressable), [erb](https://github.com/ruby/erb) and [yard](https://yardoc.org).\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.9...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erb` from 6.0.2 to 6.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/releases\"\u003eerb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.3...v6.0.4\"\u003ehttps://github.com/ruby/erb/compare/v6.0.3...v6.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude dependabot updates from release note by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/101\"\u003eruby/erb#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: rename BDSL to BSDL by \u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze src in initialize by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse tag instead of branch with lewagon/wait-on-check-action by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/107\"\u003eruby/erb#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: exclude some files from published gem by \u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.3\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/blob/master/NEWS.md\"\u003eerb's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude some files from published gem \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/4d2b45e140044f464794c0463d838d5cb4bba96c\"\u003e\u003ccode\u003e4d2b45e\u003c/code\u003e\u003c/a\u003e Version 6.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9d017be4e375cdd058650ce528ee6adfead20cac\"\u003e\u003ccode\u003e9d017be\u003c/code\u003e\u003c/a\u003e Prohibit def_method on marshal-loaded ERB instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9c8fa8a339605c6edf058805cc549a6afa70cb31\"\u003e\u003ccode\u003e9c8fa8a\u003c/code\u003e\u003c/a\u003e Version 6.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/0ebc6aef1caeb7c8df2e5e4b821d3eb539b5a166\"\u003e\u003ccode\u003e0ebc6ae\u003c/code\u003e\u003c/a\u003e Bump rubygems/release-gem from 1.1.2 to 1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/25a729a9985378a029b7df23f0b2795bf47c47e4\"\u003e\u003ccode\u003e25a729a\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.15.0 to 2.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9820802399770bc56b986ee65510ae93fd20103a\"\u003e\u003ccode\u003e9820802\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/261136602a4e9079360575b805180df2c6877eb6\"\u003e\u003ccode\u003e2611366\u003c/code\u003e\u003c/a\u003e Bump lewagon/wait-on-check-action from 1.5.0 to 1.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/890d87f02d18be5735f18d817c7f6dc49f62dd4a\"\u003e\u003ccode\u003e890d87f\u003c/code\u003e\u003c/a\u003e Use github.token instead of missing MATZBOT_DEPENDABOT_MERGE_TOKEN secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/afc32b6dd1a6b2c41a15e6ac10ac3f6899de42f9\"\u003e\u003ccode\u003eafc32b6\u003c/code\u003e\u003c/a\u003e Fix dependabot auto-merge by using GH_TOKEN env var\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/2fd0a6b71c0db9d5b0b14aaaab4d1768d54e7600\"\u003e\u003ccode\u003e2fd0a6b\u003c/code\u003e\u003c/a\u003e fix: exclude some files from published gem (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.2...v6.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yard` from 0.9.38 to 0.9.42\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cbroult/erb-processor/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/cbroult/erb-processor/pull/65","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cbroult%2Ferb-processor/issues/65","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/65/packages"}}]}