{"id":1982,"name":"json","ecosystem":"rubygems","repository_url":"https://github.com/ruby/json","issues_count":2689,"created_at":"2025-06-06T15:01:54.274Z","updated_at":"2025-06-06T15:01:54.274Z","purl":"pkg:gem/json","metadata":{"id":237156,"name":"json","ecosystem":"rubygems","description":"This is a JSON implementation as a Ruby extension in C.","homepage":"https://github.com/ruby/json","licenses":"Ruby","normalized_licenses":["Ruby"],"repository_url":"https://github.com/ruby/json","keywords_array":[],"namespace":null,"versions_count":180,"first_release_published_at":"2009-07-25T18:11:33.000Z","latest_release_published_at":"2025-05-23T09:38:18.679Z","latest_release_number":"2.12.1","last_synced_at":"2025-05-23T09:48:13.320Z","created_at":"2022-04-06T02:16:15.699Z","updated_at":"2025-05-23T09:48:14.407Z","registry_url":"https://rubygems.org/gems/json","install_command":"gem install json -s https://rubygems.org","documentation_url":"http://www.rubydoc.info/gems/json/","metadata":{"funding":null},"repo_metadata":{"id":644899,"uuid":"287024","full_name":"ruby/json","owner":"ruby","description":"JSON implementation for Ruby","archived":false,"fork":false,"pushed_at":"2025-05-17T19:02:41.000Z","size":5103,"stargazers_count":719,"open_issues_count":8,"forks_count":345,"subscribers_count":61,"default_branch":"master","last_synced_at":"2025-05-18T16:06:25.192Z","etag":null,"topics":["json","json-parser","ruby"],"latest_commit_sha":null,"homepage":"https://docs.ruby-lang.org/en/master/JSON.html","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ruby.png","metadata":{"files":{"readme":"README-json-jruby.md","changelog":"CHANGES.md","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2009-08-24T22:21:39.000Z","updated_at":"2025-05-17T19:02:45.000Z","dependencies_parsed_at":"2024-01-06T10:29:55.212Z","dependency_job_id":"33a6e8a1-e9aa-4a1c-ab14-5fd4b310e4f7","html_url":"https://github.com/ruby/json","commit_stats":{"total_commits":1063,"total_committers":103,"mean_commits":"10.320388349514563","dds":0.6095954844778928,"last_synced_commit":"f745ec145ef88f3dfe866001526a1270e49a2e89"},"previous_names":["ruby/json"],"tags_count":82,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ruby","download_url":"https://codeload.github.com/ruby/json/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":255121940,"owners_count":22177373,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"ruby","name":"The Ruby Programming Language","uuid":"210414","kind":"organization","description":"Repositories related to the Ruby Programming language","email":"info@ruby-lang.org","website":"https://www.ruby-lang.org/","location":"Matsue, Japan","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/210414?v=4","repositories_count":171,"last_synced_at":"2023-04-09T03:40:20.875Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/ruby","funding_links":[],"total_stars":41804,"followers":null,"following":null,"created_at":"2022-11-02T16:17:15.462Z","updated_at":"2023-04-09T03:40:20.938Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ruby","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ruby/repositories"},"tags":[{"name":"v2.11.3","sha":"3e025f76d77e323b30f6f6d2d8d06e787d497a0c","kind":"tag","published_at":"2025-04-25T06:02:52.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.11.3","html_url":"https://github.com/ruby/json/releases/tag/v2.11.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.11.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.11.3/manifests"},{"name":"v2.11.2","sha":"c985e8c6ea1b1bfe1e571edce0a32066254c2a11","kind":"commit","published_at":"2025-04-24T16:34:06.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.11.2","html_url":"https://github.com/ruby/json/releases/tag/v2.11.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.11.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.11.2/manifests"},{"name":"v2.11.1","sha":"84443e881df0a2a5f86abf95aaec1e43d5fba957","kind":"tag","published_at":"2025-04-24T13:11:14.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.11.1","html_url":"https://github.com/ruby/json/releases/tag/v2.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.11.1/manifests"},{"name":"v2.11.0","sha":"a6949f8656abd533451491ba9f5c851f5cb5d070","kind":"tag","published_at":"2025-04-24T08:11:32.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.11.0","html_url":"https://github.com/ruby/json/releases/tag/v2.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.11.0/manifests"},{"name":"v2.10.2","sha":"350c1fd154eaf7840f696c623362478a9148166c","kind":"tag","published_at":"2025-03-12T13:06:21.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.10.2","html_url":"https://github.com/ruby/json/releases/tag/v2.10.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.10.2/manifests"},{"name":"v2.10.1","sha":"aa5b7d6acb53a4596750e7d81894d95ee19d92ab","kind":"tag","published_at":"2025-02-10T20:24:20.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.10.1","html_url":"https://github.com/ruby/json/releases/tag/v2.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.10.1/manifests"},{"name":"v2.10.0","sha":"8b56d472549c76d6599550656a4a7e87baf3d2ef","kind":"tag","published_at":"2025-02-10T11:04:04.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.10.0","html_url":"https://github.com/ruby/json/releases/tag/v2.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.10.0/manifests"},{"name":"v2.9.1","sha":"72f43d452b05eee9b747261efc72e21ad72d31f4","kind":"commit","published_at":"2024-12-18T16:57:02.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.9.1","html_url":"https://github.com/ruby/json/releases/tag/v2.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.9.1/manifests"},{"name":"v2.9.0","sha":"20b501a31d824449148c97385eb064f6f62ba127","kind":"commit","published_at":"2024-12-03T08:17:40.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.9.0","html_url":"https://github.com/ruby/json/releases/tag/v2.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.9.0/manifests"},{"name":"v2.8.2","sha":"d5e4a6e3fd10d4707a5bd0d5c1e8dcc771724ccf","kind":"commit","published_at":"2024-11-14T13:54:13.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.8.2","html_url":"https://github.com/ruby/json/releases/tag/v2.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.8.2/manifests"},{"name":"v2.8.1","sha":"49650f7312e86e7a108d3238fae412625c6a7cc0","kind":"commit","published_at":"2024-11-06T17:35:26.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.8.1","html_url":"https://github.com/ruby/json/releases/tag/v2.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.8.1/manifests"},{"name":"v2.8.0","sha":"b9c8024b46590ca71e82dc36163f9bff888b4f86","kind":"commit","published_at":"2024-11-06T16:02:55.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.8.0","html_url":"https://github.com/ruby/json/releases/tag/v2.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.8.0/manifests"},{"name":"v2.7.6","sha":"e3a36954eb2cdca6020938ff0b6d8067ab30546b","kind":"commit","published_at":"2024-11-04T13:16:11.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.7.6","html_url":"https://github.com/ruby/json/releases/tag/v2.7.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.6/manifests"},{"name":"v2.7.5","sha":"9d711865da1ee4fe90e91e692e320d5ed5eb4fa2","kind":"commit","published_at":"2024-10-28T07:48:53.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.7.5","html_url":"https://github.com/ruby/json/releases/tag/v2.7.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.5/manifests"},{"name":"v2.7.4","sha":"9e9b749576dc7a195241f46305cdb7ed80e3e445","kind":"commit","published_at":"2024-10-25T10:52:47.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.7.4","html_url":"https://github.com/ruby/json/releases/tag/v2.7.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.4/manifests"},{"name":"v2.7.3","sha":"7a3b482013eef93dd266db0928b931a28adcf408","kind":"commit","published_at":"2024-10-24T08:18:09.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.7.3","html_url":"https://github.com/ruby/json/releases/tag/v2.7.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.3/manifests"},{"name":"v2.7.3.rc1","sha":"d48f7ff1767fc3fd7bcfdd13e2836fb32a3cb6bd","kind":"commit","published_at":"2024-10-23T08:22:18.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.7.3.rc1","html_url":"https://github.com/ruby/json/releases/tag/v2.7.3.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.3.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.3.rc1/manifests"},{"name":"v2.7.2","sha":"036944acc6a02f40c8e74c4564b53e867a331373","kind":"commit","published_at":"2024-04-04T03:29:00.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.7.2","html_url":"https://github.com/ruby/json/releases/tag/v2.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.2/manifests"},{"name":"v2.7.1","sha":"a1af7a308cdd199a8958537d8abfb7e3a899c936","kind":"commit","published_at":"2023-12-05T04:01:26.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.7.1","html_url":"https://github.com/ruby/json/releases/tag/v2.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.1/manifests"},{"name":"v2.7.0","sha":"63b074ae1681a896bfeb54441475dce03a2bb43b","kind":"commit","published_at":"2023-12-01T06:33:13.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.7.0","html_url":"https://github.com/ruby/json/releases/tag/v2.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.7.0/manifests"},{"name":"v2.6.3","sha":"63bc6ae289a419195ff9bcab0f0fc58e2ace372a","kind":"commit","published_at":"2022-12-05T11:08:36.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.6.3","html_url":"https://github.com/ruby/json/releases/tag/v2.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.6.3/manifests"},{"name":"v2.6.2","sha":"5d9d8f3799f2f65ebaa7b485fd6078ce5c79818c","kind":"commit","published_at":"2022-05-16T12:33:21.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.6.2","html_url":"https://github.com/ruby/json/releases/tag/v2.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.6.2/manifests"},{"name":"v2.6.1","sha":"2db5894cfa7322b00e24ad21a76ea584b0b22f5a","kind":"commit","published_at":"2021-10-24T00:21:02.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.6.1","html_url":"https://github.com/ruby/json/releases/tag/v2.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.6.1/manifests"},{"name":"v2.6.0","sha":"1942689b6719af1371f54814999d25307696f71c","kind":"commit","published_at":"2021-10-14T07:44:36.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.6.0","html_url":"https://github.com/ruby/json/releases/tag/v2.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.6.0/manifests"},{"name":"v2.5.1","sha":"9dc86f903bb07ca3c4e1f654eefc86e1d0dda400","kind":"commit","published_at":"2020-12-22T12:48:50.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.5.1","html_url":"https://github.com/ruby/json/releases/tag/v2.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.5.1/manifests"},{"name":"v2.5.0","sha":"ea58503ee5ea96dece5abe0d582c258a6a11840e","kind":"commit","published_at":"2020-12-22T09:16:29.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.5.0","html_url":"https://github.com/ruby/json/releases/tag/v2.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.5.0/manifests"},{"name":"v2.4.1","sha":"398ec004c666d330d03a0c2f7afa2868c553b1f6","kind":"commit","published_at":"2020-12-17T05:02:37.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.4.1","html_url":"https://github.com/ruby/json/releases/tag/v2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.4.1/manifests"},{"name":"v2.4.0","sha":"885ab0ee5898397ed5440210cca20dc5d3a1f73e","kind":"commit","published_at":"2020-12-15T08:58:35.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.4.0","html_url":"https://github.com/ruby/json/releases/tag/v2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.4.0/manifests"},{"name":"v2.3.1","sha":"0a76a1f509d78b948da59df51b2253f63b05ef2a","kind":"commit","published_at":"2020-07-01T00:45:46.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.3.1","html_url":"https://github.com/ruby/json/releases/tag/v2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.3.1/manifests"},{"name":"v2.3.0","sha":"92cf5c451a6ec0f3a00e291eb909e57cf38fbea4","kind":"commit","published_at":"2019-12-11T17:24:15.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.3.0","html_url":"https://github.com/ruby/json/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.3.0/manifests"},{"name":"v2.2.0","sha":"6550c427e1e9b1e5e4f1c85346f7e319c647a876","kind":"commit","published_at":"2019-02-21T22:14:13.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.2.0","html_url":"https://github.com/ruby/json/releases/tag/v2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.2.0/manifests"},{"name":"v2.1.0","sha":"4688035c424a26a8d943c261170988f1b788fa56","kind":"commit","published_at":"2017-04-18T09:16:28.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.1.0","html_url":"https://github.com/ruby/json/releases/tag/v2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.1.0/manifests"},{"name":"v2.0.4","sha":"09fabeb03e73ed88dc8ce8f19d76ac59e51dae20","kind":"commit","published_at":"2017-04-11T10:28:44.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.0.4","html_url":"https://github.com/ruby/json/releases/tag/v2.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.0.4/manifests"},{"name":"v1.8.6","sha":"7f4cfd853f2c919d854fb95548a19980feff17e8","kind":"commit","published_at":"2017-01-13T11:05:07.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.8.6","html_url":"https://github.com/ruby/json/releases/tag/v1.8.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.6/manifests"},{"name":"v2.0.3","sha":"44b392b5ede944f73cfbdf65afb9d4dd972e23f5","kind":"commit","published_at":"2017-01-12T14:16:37.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.0.3","html_url":"https://github.com/ruby/json/releases/tag/v2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.0.3/manifests"},{"name":"v1.8.5","sha":"4cf6c6270f52888997ec1b626b9f557db4f26f2e","kind":"commit","published_at":"2017-01-12T11:42:50.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.8.5","html_url":"https://github.com/ruby/json/releases/tag/v1.8.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.5/manifests"},{"name":"v2.0.2","sha":"f1ca4fed316ad416ae718544623865aca4231a08","kind":"commit","published_at":"2016-07-26T11:11:16.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.0.2","html_url":"https://github.com/ruby/json/releases/tag/v2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.0.2/manifests"},{"name":"v2.0.1","sha":"f679ebd0c69a94e3e70a897ac9a229f5779c2ee1","kind":"commit","published_at":"2016-07-01T15:25:46.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.0.1","html_url":"https://github.com/ruby/json/releases/tag/v2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.0.1/manifests"},{"name":"v2.0.0","sha":"1c2901905c938ffd19620cc6a06cbb2b34d8ba05","kind":"commit","published_at":"2016-07-01T09:26:43.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v2.0.0","html_url":"https://github.com/ruby/json/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v2.0.0/manifests"},{"name":"v1.8.3","sha":"db4c71a7701b95c30f945ee1536240920dcfdc17","kind":"commit","published_at":"2015-06-01T16:00:52.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.8.3","html_url":"https://github.com/ruby/json/releases/tag/v1.8.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.3/manifests"},{"name":"v1.8.2","sha":"259dee6c9bdda08ed0c1fc2e69bfbb2d377faba0","kind":"commit","published_at":"2015-01-09T00:52:24.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.8.2","html_url":"https://github.com/ruby/json/releases/tag/v1.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.2/manifests"},{"name":"v1.8.1","sha":"92a96dea2b24b9c68856004d69491f46aedd0925","kind":"commit","published_at":"2013-10-17T11:53:47.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.8.1","html_url":"https://github.com/ruby/json/releases/tag/v1.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.1/manifests"},{"name":"v1.8.0","sha":"e6f3fdc135f10458e090201fbb15fafbaa166a0d","kind":"commit","published_at":"2013-05-13T10:55:41.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.8.0","html_url":"https://github.com/ruby/json/releases/tag/v1.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.8.0/manifests"},{"name":"v1.7.7","sha":"d0a62f3ced7560daba2ad546d83f0479a5ae2cf2","kind":"commit","published_at":"2013-02-11T18:08:20.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.7.7","html_url":"https://github.com/ruby/json/releases/tag/v1.7.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.7/manifests"},{"name":"v1.6.8","sha":"3ce359bbf308354b86e94248fc13dfd4b23c792e","kind":"commit","published_at":"2013-02-10T17:28:05.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.6.8","html_url":"https://github.com/ruby/json/releases/tag/v1.6.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.8/manifests"},{"name":"v1.5.5","sha":"79fa7f352bae842017c885101a556875600fb468","kind":"commit","published_at":"2013-02-10T17:21:37.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.5.5","html_url":"https://github.com/ruby/json/releases/tag/v1.5.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.5/manifests"},{"name":"v1.7.6","sha":"955e87bc2647c9cf28d0b1e61d1db5c886462850","kind":"commit","published_at":"2012-12-31T00:34:54.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.7.6","html_url":"https://github.com/ruby/json/releases/tag/v1.7.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.6/manifests"},{"name":"v1.7.5","sha":"0d8c4b944ba49df57ffb69d81179d2ae949cd51d","kind":"commit","published_at":"2012-08-17T18:53:44.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.7.5","html_url":"https://github.com/ruby/json/releases/tag/v1.7.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.5/manifests"},{"name":"v1.7.4","sha":"33dce921d892423956bb22dc3045eb7463242f52","kind":"commit","published_at":"2012-07-26T07:33:01.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.7.4","html_url":"https://github.com/ruby/json/releases/tag/v1.7.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.4/manifests"},{"name":"v1.7.3","sha":"c1320061ae68a4695d72ce287373ff1e2e2f0022","kind":"commit","published_at":"2012-05-11T22:23:07.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.7.3","html_url":"https://github.com/ruby/json/releases/tag/v1.7.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.3/manifests"},{"name":"v1.7.2","sha":"998d5cdeabea8bfbbf9c941e1c304fcb4454d726","kind":"commit","published_at":"2012-05-11T18:37:28.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.7.2","html_url":"https://github.com/ruby/json/releases/tag/v1.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.2/manifests"},{"name":"v1.7.1","sha":"e5b9a9465c1159fae533bca320d950b772bcb4ac","kind":"commit","published_at":"2012-05-07T11:13:39.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.7.1","html_url":"https://github.com/ruby/json/releases/tag/v1.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.1/manifests"},{"name":"v1.7.0","sha":"99ed91c380e0719cf377616d2f9ca87e24e97057","kind":"commit","published_at":"2012-04-28T01:25:29.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.7.0","html_url":"https://github.com/ruby/json/releases/tag/v1.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.7.0/manifests"},{"name":"v1.6.7","sha":"93b31b8b588461901ed5ae0dc4e961ea3adbc55e","kind":"commit","published_at":"2012-04-28T00:51:33.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.6.7","html_url":"https://github.com/ruby/json/releases/tag/v1.6.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.7/manifests"},{"name":"v1.6.6","sha":"eecce2277ed0c720077da789088bd7383b929069","kind":"commit","published_at":"2012-03-26T15:03:11.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.6.6","html_url":"https://github.com/ruby/json/releases/tag/v1.6.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.6/manifests"},{"name":"v1.6.5","sha":"29e88befe5335134d03e91f9943fc7fe9732da71","kind":"commit","published_at":"2012-01-15T13:57:14.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.6.5","html_url":"https://github.com/ruby/json/releases/tag/v1.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.5/manifests"},{"name":"v1.6.4","sha":"0b69a8d9efec731649f93aeee9bea4b6b348868b","kind":"commit","published_at":"2011-12-24T13:32:38.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.6.4","html_url":"https://github.com/ruby/json/releases/tag/v1.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.4/manifests"},{"name":"v1.6.3","sha":"e7927d3f04973d8ed1618215c3750aebf80681d4","kind":"commit","published_at":"2011-12-01T08:08:30.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.6.3","html_url":"https://github.com/ruby/json/releases/tag/v1.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.3/manifests"},{"name":"v1.6.2","sha":"b0ee15f984e3ff056f646d253b142c3e47a35e0f","kind":"commit","published_at":"2011-11-28T12:07:33.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.6.2","html_url":"https://github.com/ruby/json/releases/tag/v1.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.2/manifests"},{"name":"v1.6.1","sha":"56987b27d53765a57b20a0f2611b44a343616e09","kind":"commit","published_at":"2011-09-18T12:51:07.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.6.1","html_url":"https://github.com/ruby/json/releases/tag/v1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.1/manifests"},{"name":"v1.6.0","sha":"f729d47aefc98623677142de62f6211feeacb116","kind":"commit","published_at":"2011-09-12T22:48:21.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.6.0","html_url":"https://github.com/ruby/json/releases/tag/v1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.6.0/manifests"},{"name":"v1.5.4","sha":"3dab4c5a6a97fac03dacf19446b9ff2a6b397591","kind":"commit","published_at":"2011-08-31T00:22:41.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.5.4","html_url":"https://github.com/ruby/json/releases/tag/v1.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.4/manifests"},{"name":"v1.5.3","sha":"754e3a5f8c2eae225cce70dea5b6f71156990768","kind":"tag","published_at":"2011-06-20T12:29:44.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.5.3","html_url":"https://github.com/ruby/json/releases/tag/v1.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.3/manifests"},{"name":"v1.5.2","sha":"1363331e4b4a8d36b5cfad636e3671005017d7f0","kind":"tag","published_at":"2011-06-14T22:34:15.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.5.2","html_url":"https://github.com/ruby/json/releases/tag/v1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.2/manifests"},{"name":"v1.5.1","sha":"514d791dd8602ad1d70d45a824927aafe44e838c","kind":"tag","published_at":"2011-01-26T01:15:00.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.5.1","html_url":"https://github.com/ruby/json/releases/tag/v1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.1/manifests"},{"name":"v1.5.0","sha":"0b15820e245f4048d1bcd29cd60693e4e211ab43","kind":"tag","published_at":"2011-01-22T21:11:59.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.5.0","html_url":"https://github.com/ruby/json/releases/tag/v1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.5.0/manifests"},{"name":"v1.4.6-java","sha":"844949a5b5266aac172bdc702b98754ad08811cf","kind":"commit","published_at":"2010-08-09T08:06:00.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.4.6-java","html_url":"https://github.com/ruby/json/releases/tag/v1.4.6-java","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.6-java","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.6-java/manifests"},{"name":"v1.4.6","sha":"72fae22ecd7c51fdf427de5b3e4bde81a244c42f","kind":"tag","published_at":"2010-08-09T07:36:31.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.4.6","html_url":"https://github.com/ruby/json/releases/tag/v1.4.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.6/manifests"},{"name":"v1.4.5","sha":"bec5586cd5318e722fd599263105fa56b0bbe3e1","kind":"tag","published_at":"2010-08-07T00:19:12.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.4.5","html_url":"https://github.com/ruby/json/releases/tag/v1.4.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.5/manifests"},{"name":"v1.4.4-java","sha":"5134758321b26cd1934003d80953520914eb7abd","kind":"tag","published_at":"2010-08-06T20:05:45.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.4.4-java","html_url":"https://github.com/ruby/json/releases/tag/v1.4.4-java","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.4-java","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.4-java/manifests"},{"name":"v1.4.4","sha":"9c19d632fa7071a93eead3aa544dde3e791ad9c4","kind":"tag","published_at":"2010-08-06T12:00:04.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.4.4","html_url":"https://github.com/ruby/json/releases/tag/v1.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.4/manifests"},{"name":"v1.4.3","sha":"82ed5b724fb36dcba884cdb2251d953580c9de56","kind":"tag","published_at":"2010-05-05T21:39:01.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.4.3","html_url":"https://github.com/ruby/json/releases/tag/v1.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.3/manifests"},{"name":"v1.4.2","sha":"d496f792bf98dc49512d8f04f5867d26f6b8aed3","kind":"tag","published_at":"2010-04-27T22:49:18.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.4.2","html_url":"https://github.com/ruby/json/releases/tag/v1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.2/manifests"},{"name":"v1.4.1","sha":"d34d8a2195b480abae68ea427be60767793b6196","kind":"tag","published_at":"2010-04-25T13:49:56.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.4.1","html_url":"https://github.com/ruby/json/releases/tag/v1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.1/manifests"},{"name":"v1.4.0","sha":"a8812e990071c0ed5fbdd824846bd753488e36ca","kind":"tag","published_at":"2010-04-23T21:26:56.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.4.0","html_url":"https://github.com/ruby/json/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.4.0/manifests"},{"name":"v1.2.4","sha":"207c895f1e28cfb12c846174fa99ae79575369b4","kind":"tag","published_at":"2010-04-08T07:54:53.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.2.4","html_url":"https://github.com/ruby/json/releases/tag/v1.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.2.4/manifests"},{"name":"v1.2.3","sha":"3db50701a4a71e49709c63483d2ba4b5a408373b","kind":"tag","published_at":"2010-03-13T18:41:10.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.2.3","html_url":"https://github.com/ruby/json/releases/tag/v1.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.2.3/manifests"},{"name":"v1.2.2","sha":"98a6817eec97852895208513311dc5d5af1c9c05","kind":"tag","published_at":"2010-02-28T17:21:06.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.2.2","html_url":"https://github.com/ruby/json/releases/tag/v1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.2.2/manifests"},{"name":"v1.2.1","sha":"77de417b6c27884d220540e93c1aae4263da0b06","kind":"tag","published_at":"2010-02-26T21:40:24.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.2.1","html_url":"https://github.com/ruby/json/releases/tag/v1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.2.1/manifests"},{"name":"v1.2.0","sha":"7f5094cb6f283c3960634e94cfe58f3d6af0af37","kind":"tag","published_at":"2009-11-08T01:25:25.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.2.0","html_url":"https://github.com/ruby/json/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.2.0/manifests"},{"name":"v1.1.9","sha":"9559de37c3b0ae59de4092952b384c32b9fb7b9a","kind":"tag","published_at":"2009-09-02T09:06:49.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.1.9","html_url":"https://github.com/ruby/json/releases/tag/v1.1.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.1.9/manifests"},{"name":"v1.1.8","sha":"0437dc3fce91e292df6b44dd0d13cef386ed2b4f","kind":"tag","published_at":"2009-08-31T09:57:25.000Z","download_url":"https://codeload.github.com/ruby/json/tar.gz/v1.1.8","html_url":"https://github.com/ruby/json/releases/tag/v1.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Fjson/tags/v1.1.8/manifests"}]},"repo_metadata_updated_at":"2025-05-23T09:47:43.803Z","dependent_packages_count":8430,"downloads":1024624810,"downloads_period":"total","dependent_repos_count":698810,"rankings":{"downloads":0.008920507130830388,"dependent_repos_count":0.019513609348691473,"dependent_packages_count":0.0055753169567689925,"stargazers_count":2.261348557665503,"forks_count":1.4958575395011207,"docker_downloads_count":0.0,"average":0.6318692551004857},"purl":"pkg:gem/json","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwaGctcXdydy03dzln","url":"https://github.com/advisories/GHSA-jphg-qwrw-7w9g","title":"Unsafe object creation in json RubyGem","description":"The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-07-27T18:08:21.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2020-10663","https://github.com/flori/json/blob/master/CHANGES.md#2019-12-11-230","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2020-10663.yml","https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/","https://www.debian.org/security/2020/dsa-4721","https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html","https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E","https://support.apple.com/kb/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://security.netapp.com/advisory/ntap-20210129-0003/","https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E","https://github.com/advisories/GHSA-jphg-qwrw-7w9g"],"source_kind":"github","identifiers":["GHSA-jphg-qwrw-7w9g","CVE-2020-10663"],"repository_url":"https://github.com/flori/json","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.3.0","vulnerable_version_range":"\u003c 2.3.0"}],"ecosystem":"rubygems","package_name":"json"}],"created_at":"2022-12-21T16:13:23.418Z","updated_at":"2023-08-29T12:45:31.000Z","epss_percentage":0.05083,"epss_percentile":0.88808},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0NTctY3c0aC1ocTVm","url":"https://github.com/advisories/GHSA-x457-cw4h-hq5f","title":"JSON gem has Improper Input Validation vulnerability","description":"The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\"","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2017-10-24T18:33:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0269","https://exchange.xforce.ibmcloud.com/vulnerabilities/82010","https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source\u0026output=gplain","http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html","http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html","http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html","http://rhn.redhat.com/errata/RHSA-2013-0686.html","http://rhn.redhat.com/errata/RHSA-2013-0701.html","http://rhn.redhat.com/errata/RHSA-2013-1028.html","http://rhn.redhat.com/errata/RHSA-2013-1147.html","http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/","http://www.openwall.com/lists/oss-security/2013/02/11/7","http://www.openwall.com/lists/oss-security/2013/02/11/8","http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.426862","http://www.ubuntu.com/usn/USN-1733-1","http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection","https://web.archive.org/web/20130228082541/http://www.securityfocus.com/bid/57899","https://web.archive.org/web/20160331131233/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed","https://web.archive.org/web/20160808163226/https://puppet.com/security/cve/cve-2013-0269","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2013-0269.yml","https://github.com/advisories/GHSA-x457-cw4h-hq5f"],"source_kind":"github","identifiers":["GHSA-x457-cw4h-hq5f","CVE-2013-0269"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.7.7","vulnerable_version_range":"\u003e= 1.7.0, \u003c 1.7.7"},{"first_patched_version":"1.6.8","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.8"},{"first_patched_version":"1.5.5","vulnerable_version_range":"\u003c 1.5.5"}],"ecosystem":"rubygems","package_name":"json"}],"created_at":"2022-12-21T16:13:38.329Z","updated_at":"2023-11-06T05:00:25.000Z","epss_percentage":0.04535,"epss_percentile":0.88174},{"uuid":"GSA_kwCzR0hTQS05bTNxLXJobXYtNXE0NM4ABFZc","url":"https://github.com/advisories/GHSA-9m3q-rhmv-5q44","title":"Out-of-bounds Read in Ruby JSON Parser ","description":"### Impact\n\nA specially crafted document could cause an out of bound read, most likely resulting in a crash.\n\nVersions 2.10.0 and 2.10.1 are impacted. Older versions are not.\n\n### Patches\n\nVersion 2.10.2 fixes the problem.\n\n### Workarounds\n\nNone.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-03-12T15:35:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/ruby/json/security/advisories/GHSA-9m3q-rhmv-5q44","https://nvd.nist.gov/vuln/detail/CVE-2025-27788","https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf","https://github.com/ruby/json/releases/tag/v2.10.2","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2025-27788.yml","https://github.com/advisories/GHSA-9m3q-rhmv-5q44"],"source_kind":"github","identifiers":["GHSA-9m3q-rhmv-5q44","CVE-2025-27788"],"repository_url":"https://github.com/ruby/json","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.10.2","vulnerable_version_range":"\u003e= 2.10.0, \u003c= 2.10.1"}],"ecosystem":"rubygems","package_name":"json"}],"created_at":"2025-03-12T16:08:37.505Z","updated_at":"2025-04-14T01:08:24.369Z","epss_percentage":0.00104,"epss_percentile":0.25629}],"docker_usage_url":"https://docker.ecosyste.ms/usage/rubygems/json","docker_dependents_count":6673,"docker_downloads_count":5012561786,"usage_url":"https://repos.ecosyste.ms/usage/rubygems/json","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/rubygems/json/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/json/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/json/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/json/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/json/related_packages","maintainers":[{"uuid":"36956","login":"hsbt","name":null,"email":null,"url":null,"packages_count":174,"html_url":"https://rubygems.org/profiles/hsbt","role":null,"created_at":"2022-11-09T09:37:22.339Z","updated_at":"2022-11-09T09:37:22.339Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/hsbt/packages"},{"uuid":"27848","login":"naruse","name":null,"email":null,"url":null,"packages_count":81,"html_url":"https://rubygems.org/profiles/naruse","role":null,"created_at":"2022-11-09T09:37:22.324Z","updated_at":"2022-11-09T09:37:22.324Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/naruse/packages"},{"uuid":"46413","login":"byroot","name":null,"email":null,"url":null,"packages_count":104,"html_url":"https://rubygems.org/profiles/byroot","role":null,"created_at":"2024-10-23T07:50:34.132Z","updated_at":"2024-10-23T07:50:34.132Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/byroot/packages"},{"uuid":"1825","login":"headius","name":null,"email":null,"url":null,"packages_count":74,"html_url":"https://rubygems.org/profiles/headius","role":null,"created_at":"2022-11-09T09:37:22.316Z","updated_at":"2022-11-09T09:37:22.316Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/headius/packages"},{"uuid":"1873","login":"flori","name":null,"email":null,"url":null,"packages_count":47,"html_url":"https://rubygems.org/profiles/flori","role":null,"created_at":"2022-11-09T09:37:22.303Z","updated_at":"2022-11-09T09:37:22.303Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/flori/packages"}],"registry":{"name":"rubygems.org","url":"https://rubygems.org","ecosystem":"rubygems","default":true,"packages_count":198082,"maintainers_count":66419,"namespaces_count":0,"keywords_count":17792,"github":"rubygems","metadata":{"funded_packages_count":7047},"icon_url":"https://github.com/rubygems.png","created_at":"2022-04-04T15:19:23.446Z","updated_at":"2025-06-04T06:04:17.160Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/namespaces"}},"unique_repositories_count":674,"unique_repositories_count_past_30_days":8,"recent_issues":[{"uuid":"4661119958","node_id":"PR_kwDOLTwpMs7mVUMi","number":365,"state":"open","title":"chore(deps): bump json from 2.19.7 to 2.19.9 in /backend","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-15T00:12:02.000Z","updated_at":"2026-06-15T00:12:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"json","old_version":"2.19.7","new_version":"2.19.9","repository_url":"https://github.com/ruby/json"}],"path":"/backend","ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.7 to 2.19.9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix buffer overflow that could lead to a crash when writing JSON directly into an IO\nwith \u003ccode\u003eJSON.generate(object, io)\u003c/code\u003e. [CVE-PENDING].\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.8...v2.19.9\"\u003ehttps://github.com/ruby/json/compare/v2.19.8...v2.19.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.7...v2.19.8\"\u003ehttps://github.com/ruby/json/compare/v2.19.7...v2.19.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-06-11 (2.19.9)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix buffer overflow that could lead to a crash when writing JSON directly into an IO\nwith \u003ccode\u003eJSON.generate(object, io)\u003c/code\u003e. [CVE-PENDING].\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-06-03 (2.19.8)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/2cff2678d5af54890a49da58345ac141b571f661\"\u003e\u003ccode\u003e2cff267\u003c/code\u003e\u003c/a\u003e Release 2.19.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fd6a65bd08e5f3a429c03919ebfd8dd19158f095\"\u003e\u003ccode\u003efd6a65b\u003c/code\u003e\u003c/a\u003e generator.c: don't start with a stack buffer in IO case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5233dd9b851a4924f793aec1a1658ed8b66a34c7\"\u003e\u003ccode\u003e5233dd9\u003c/code\u003e\u003c/a\u003e Release 2.19.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/3f44b26cf34f37e97065ff37f5eaecac69d5f28e\"\u003e\u003ccode\u003e3f44b26\u003c/code\u003e\u003c/a\u003e Prevent buffer over-read when generating EOF error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/be8d068a8eb1124fdc2273e102dc986edf1140f7\"\u003e\u003ccode\u003ebe8d068\u003c/code\u003e\u003c/a\u003e Handle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/59501c07de4257714d94a2d5bd44f08fad1a4a4c\"\u003e\u003ccode\u003e59501c0\u003c/code\u003e\u003c/a\u003e Get rid of all_images gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c7a7b2be6f20e52439f4fdc5263e9b539fc6ad6c\"\u003e\u003ccode\u003ec7a7b2b\u003c/code\u003e\u003c/a\u003e Add a security note in README\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.7...v2.19.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.7\u0026new-version=2.19.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/isekaisaru/dreamjournal-app/pull/365","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/isekaisaru%2Fdreamjournal-app/issues/365","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/365/packages"},{"uuid":"4606165011","node_id":"PR_kwDOIvarPc7jkT7v","number":1039,"state":"open","title":"chore(deps): Bump json from 2.7.6 to 2.19.8","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-07T04:32:37.000Z","updated_at":"2026-06-07T04:32:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"json","old_version":"2.7.6","new_version":"2.19.8","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.7.6 to 2.19.8.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-06-03 (2.19.8)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5233dd9b851a4924f793aec1a1658ed8b66a34c7\"\u003e\u003ccode\u003e5233dd9\u003c/code\u003e\u003c/a\u003e Release 2.19.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/3f44b26cf34f37e97065ff37f5eaecac69d5f28e\"\u003e\u003ccode\u003e3f44b26\u003c/code\u003e\u003c/a\u003e Prevent buffer over-read when generating EOF error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/be8d068a8eb1124fdc2273e102dc986edf1140f7\"\u003e\u003ccode\u003ebe8d068\u003c/code\u003e\u003c/a\u003e Handle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/59501c07de4257714d94a2d5bd44f08fad1a4a4c\"\u003e\u003ccode\u003e59501c0\u003c/code\u003e\u003c/a\u003e Get rid of all_images gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c7a7b2be6f20e52439f4fdc5263e9b539fc6ad6c\"\u003e\u003ccode\u003ec7a7b2b\u003c/code\u003e\u003c/a\u003e Add a security note in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.7.6...v2.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.7.6\u0026new-version=2.19.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/oviney/blog/pull/1039","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oviney%2Fblog/issues/1039","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1039/packages"},{"uuid":"4584609689","node_id":"PR_kwDOQMBsSs7idxj4","number":505,"state":"closed","title":"Bump json from 2.19.7 to 2.19.8","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-05T18:48:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-04T00:07:10.000Z","updated_at":"2026-06-05T18:48:53.000Z","time_to_close":153701,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"json","old_version":"2.19.7","new_version":"2.19.8","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.7 to 2.19.8.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-06-03 (2.19.8)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5233dd9b851a4924f793aec1a1658ed8b66a34c7\"\u003e\u003ccode\u003e5233dd9\u003c/code\u003e\u003c/a\u003e Release 2.19.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/3f44b26cf34f37e97065ff37f5eaecac69d5f28e\"\u003e\u003ccode\u003e3f44b26\u003c/code\u003e\u003c/a\u003e Prevent buffer over-read when generating EOF error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/be8d068a8eb1124fdc2273e102dc986edf1140f7\"\u003e\u003ccode\u003ebe8d068\u003c/code\u003e\u003c/a\u003e Handle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/59501c07de4257714d94a2d5bd44f08fad1a4a4c\"\u003e\u003ccode\u003e59501c0\u003c/code\u003e\u003c/a\u003e Get rid of all_images gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c7a7b2be6f20e52439f4fdc5263e9b539fc6ad6c\"\u003e\u003ccode\u003ec7a7b2b\u003c/code\u003e\u003c/a\u003e Add a security note in README\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.7...v2.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.7\u0026new-version=2.19.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/PatRogala/elearning/pull/505","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PatRogala%2Felearning/issues/505","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/505/packages"},{"uuid":"4575412978","node_id":"PR_kwDOQp4dK87h_fBe","number":3,"state":"open","title":"chore(deps): bump the bundler group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:28:47.000Z","updated_at":"2026-06-02T22:29:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"bundler","update_count":7,"packages":[{"name":"activesupport","old_version":"7.2.2.1","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"aws-sdk-s3","old_version":"1.181.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"faraday","old_version":"1.10.4","new_version":"1.10.5","repository_url":"https://github.com/lostisland/faraday"},{"name":"json","old_version":"2.10.1","new_version":"2.10.2","repository_url":"https://github.com/ruby/json"},{"name":"jwt","old_version":"2.10.1","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"},{"name":"rexml","old_version":"3.4.1","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [activesupport](https://github.com/rails/rails) | `7.2.2.1` | `7.2.3.1` |\n| [addressable](https://github.com/sporkmonger/addressable) | `2.8.7` | `2.9.0` |\n| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.181.0` | `1.208.0` |\n| [faraday](https://github.com/lostisland/faraday) | `1.10.4` | `1.10.5` |\n| [json](https://github.com/ruby/json) | `2.10.1` | `2.10.2` |\n| [jwt](https://github.com/jwt/ruby-jwt) | `2.10.1` | `2.10.3` |\n| [rexml](https://github.com/ruby/rexml) | `3.4.1` | `3.4.2` |\n\n\nUpdates `activesupport` from 7.2.2.1 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.2.1...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.181.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 1.10.4 to 1.10.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport CVE-2026-25765 by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1665\"\u003elostisland/faraday#1665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ehttps://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/5c1d68aae6020c7a5398147356e5a42ca205bf80\"\u003e\u003ccode\u003e5c1d68a\u003c/code\u003e\u003c/a\u003e Version bump to 1.10.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/ea02c0ecbcd7ecc5553767f0cd97ec94eae6142b\"\u003e\u003ccode\u003eea02c0e\u003c/code\u003e\u003c/a\u003e Update rubocop complexity thresholds for security fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d0fc049beb0b0e4e3bd4a52711189130bba7c5f4\"\u003e\u003ccode\u003ed0fc049\u003c/code\u003e\u003c/a\u003e Backport security fix for CVE-2026-25765 to 1.x branch (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1665\"\u003e#1665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json` from 2.10.1 to 2.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e unadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/ruby/json/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2025-03-12 (2.10.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e inadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/350c1fd154eaf7840f696c623362478a9148166c\"\u003e\u003ccode\u003e350c1fd\u003c/code\u003e\u003c/a\u003e Release 2.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf\"\u003e\u003ccode\u003ec56db31\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cf242d89a0523bacd5238a59c77b33411b8c3208\"\u003e\u003ccode\u003ecf242d8\u003c/code\u003e\u003c/a\u003e Fix potential out of bound read in \u003ccode\u003ejson_string_unescape\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/57911f1ecf065c36cf36e6bc46fd037c675ceb55\"\u003e\u003ccode\u003e57911f1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/762\"\u003e#762\u003c/a\u003e from byroot/invalid-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7d0637b9e6e0269c88418b142cb9a1ef2799587d\"\u003e\u003ccode\u003e7d0637b\u003c/code\u003e\u003c/a\u003e Raise a ParserError on all incomplete unicode escape sequence.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c079793b7655b749a4d85f5c8e6bd2649fd31c0c\"\u003e\u003ccode\u003ec079793\u003c/code\u003e\u003c/a\u003e Avoid fast-path IO writes when IO has ext enc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ac30b69c06a2e4d21cca4875a7265c24f6ede5ed\"\u003e\u003ccode\u003eac30b69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/757\"\u003e#757\u003c/a\u003e from rahim/fix-generator-error-no-method-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/2e015ff839ed2044ead0fd27b63a912766270a1b\"\u003e\u003ccode\u003e2e015ff\u003c/code\u003e\u003c/a\u003e Fix JSON::GeneratorError#detailed_message with Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f3e113654fb61cb670ab70f2470dc26183c369e1\"\u003e\u003ccode\u003ef3e1136\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/756\"\u003e#756\u003c/a\u003e from byroot/utf8-snippets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e144793b7226c2df75c414749d6f87ab7fcf4dce\"\u003e\u003ccode\u003ee144793\u003c/code\u003e\u003c/a\u003e Ensure parser error snippets are valid UTF-8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jwt` from 2.10.1 to 2.10.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.1\"\u003ev3.2.1\u003c/a\u003e (NEXT)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.2.0...v3.2.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eYour contribution here\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix rejection of unknown algorithms from JWKs for RFC compliance and pquip \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/728\"\u003e#728\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/658275c3f20156df0656cf25d3e2129fa0fd2322\"\u003e\u003ccode\u003e658275c\u003c/code\u003e\u003c/a\u003e Version 2.10.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/67dc9d344ece2c18ff1f25621e10f5a692503191\"\u003e\u003ccode\u003e67dc9d3\u003c/code\u003e\u003c/a\u003e Backport: Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/c73c286901b88bd7c73ec72c5154da74b8533ba1\"\u003e\u003ccode\u003ec73c286\u003c/code\u003e\u003c/a\u003e Simplify CI on 2.10 branch (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7ff5f070ce696ed31d361238fda221d429786187\"\u003e\u003ccode\u003e7ff5f07\u003c/code\u003e\u003c/a\u003e Fix deprecation messages\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.4.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.4.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/EmilynnJ/jitsi-meet/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade Bundler dependencies to pick up security fixes and SDK improvements. Bumps `activesupport`, `addressable`, `aws-sdk-s3`, `faraday`, `json`, `jwt`, and `rexml` with no app code changes.\n\n- **Dependencies**\n  - `activesupport` 7.2.3.1 — security fixes and minor perf updates\n  - `addressable` 2.9.0 — fixes ReDoS in Template#match\n  - `aws-sdk-s3` 1.208.0 — SDK updates incl. encryption and checksum behavior\n  - `faraday` 1.10.5 — security fix\n  - `json` 2.10.2 — parser stability fixes\n  - `jwt` 2.10.3 — reject nil/empty HMAC keys (security)\n  - `rexml` 3.4.2 — performance and parsing improvements\n\n\u003csup\u003eWritten for commit 9f6a056a79f5089917c2f9c93714eabeea5fc4ce. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/jitsi-meet/pull/3?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 7 bundler dependencies in Gemfile.lock\n\u003e Updates the Ruby bundler lockfile with 7 dependency version bumps. No application logic changes are included.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 9f6a056.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/jitsi-meet/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fjitsi-meet/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4556570807","node_id":"PR_kwDOIvarPc7hCxAU","number":1026,"state":"open","title":"chore(deps): Bump json from 2.7.6 to 2.19.7","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T04:33:00.000Z","updated_at":"2026-05-31T04:33:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"json","old_version":"2.7.6","new_version":"2.19.7","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.7.6 to 2.19.7.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.17.1.2) - Security Backport\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1e276ebb793437065ce741113a3eadc1a52847c0\"\u003e\u003ccode\u003e1e276eb\u003c/code\u003e\u003c/a\u003e Release 2.19.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/96966221b8c5df24454ba6030a95c6e1c37f86d7\"\u003e\u003ccode\u003e9696622\u003c/code\u003e\u003c/a\u003e Add ruby-asan to CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/d644602ac8efff874c7b36ac0c21a19790692988\"\u003e\u003ccode\u003ed644602\u003c/code\u003e\u003c/a\u003e generator.c: Handle stupidly large depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6972d797a17487a16f30195fb0e745858a54a2\"\u003e\u003ccode\u003eab6972d\u003c/code\u003e\u003c/a\u003e Add missing write barrier in ParserConfig\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.7.6...v2.19.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.7.6\u0026new-version=2.19.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/oviney/blog/pull/1026","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oviney%2Fblog/issues/1026","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1026/packages"},{"uuid":"4546894949","node_id":"PR_kwDOOtyp8s7gkCjp","number":109,"state":"closed","title":"Bump json from 2.7.1 to 2.19.7","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-03T23:10:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T08:18:09.000Z","updated_at":"2026-06-03T23:11:02.000Z","time_to_close":485570,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"json","old_version":"2.7.1","new_version":"2.19.7","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.7.1 to 2.19.7.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.17.1.2) - Security Backport\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1e276ebb793437065ce741113a3eadc1a52847c0\"\u003e\u003ccode\u003e1e276eb\u003c/code\u003e\u003c/a\u003e Release 2.19.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/96966221b8c5df24454ba6030a95c6e1c37f86d7\"\u003e\u003ccode\u003e9696622\u003c/code\u003e\u003c/a\u003e Add ruby-asan to CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/d644602ac8efff874c7b36ac0c21a19790692988\"\u003e\u003ccode\u003ed644602\u003c/code\u003e\u003c/a\u003e generator.c: Handle stupidly large depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6972d797a17487a16f30195fb0e745858a54a2\"\u003e\u003ccode\u003eab6972d\u003c/code\u003e\u003c/a\u003e Add missing write barrier in ParserConfig\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.7.1...v2.19.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.7.1\u0026new-version=2.19.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/WilsonFrederique/beef/pull/109","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/WilsonFrederique%2Fbeef/issues/109","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/109/packages"},{"uuid":"4544576133","node_id":"PR_kwDOMR8Xjs7gce8d","number":821,"state":"closed","title":"chore(deps): bump json from 2.19.5 to 2.19.7 in /builder","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T23:46:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T23:46:30.000Z","updated_at":"2026-05-28T23:46:49.000Z","time_to_close":12,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"json","old_version":"2.19.5","new_version":"2.19.7","repository_url":"https://github.com/ruby/json"}],"path":"/builder","ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.5 to 2.19.7.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1e276ebb793437065ce741113a3eadc1a52847c0\"\u003e\u003ccode\u003e1e276eb\u003c/code\u003e\u003c/a\u003e Release 2.19.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/96966221b8c5df24454ba6030a95c6e1c37f86d7\"\u003e\u003ccode\u003e9696622\u003c/code\u003e\u003c/a\u003e Add ruby-asan to CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/d644602ac8efff874c7b36ac0c21a19790692988\"\u003e\u003ccode\u003ed644602\u003c/code\u003e\u003c/a\u003e generator.c: Handle stupidly large depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6972d797a17487a16f30195fb0e745858a54a2\"\u003e\u003ccode\u003eab6972d\u003c/code\u003e\u003c/a\u003e Add missing write barrier in ParserConfig\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.5\u0026new-version=2.19.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/stlucasgarcia/docker-rails-base/pull/821","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stlucasgarcia%2Fdocker-rails-base/issues/821","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/821/packages"},{"uuid":"4535568363","node_id":"PR_kwDOAGEz787f_CKz","number":128,"state":"closed","title":"chore(deps)(deps): bump json from 2.9.1 to 2.19.5","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-27T22:46:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T20:39:07.000Z","updated_at":"2026-05-27T22:46:17.000Z","time_to_close":7628,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps)","packages":[{"name":"json","old_version":"2.9.1","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.9.1 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/ruby/json/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.0\"\u003ehttps://github.com/ruby/json/compare/v2.18.1...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.0...v2.18.1\"\u003ehttps://github.com/ruby/json/compare/v2.18.0...v2.18.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.17.1.2) - Security Backport\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-04 (2.17.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a regression in parsing of unicode surogate pairs (\u003ccode\u003e\\uXX\\uXX\u003c/code\u003e) that could cause an invalid string to be returned.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-03 (2.17.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove \u003ccode\u003eJSON.load\u003c/code\u003e and \u003ccode\u003eJSON.unsafe_load\u003c/code\u003e to allow passing options as second argument.\u003c/li\u003e\n\u003cli\u003eFix the parser to no longer ignore invalid escapes in strings.\nOnly \u003ccode\u003e\\\u0026quot;\u003c/code\u003e, \u003ccode\u003e\\\\\u003c/code\u003e, \u003ccode\u003e\\b\u003c/code\u003e, \u003ccode\u003e\\f\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\t\u003c/code\u003e and \u003ccode\u003e\\u\u003c/code\u003e are valid JSON escapes.\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eJSON::Coder\u003c/code\u003e to use the depth it was initialized with.\u003c/li\u003e\n\u003cli\u003eOn TruffleRuby, fix the generator to not call \u003ccode\u003eto_json\u003c/code\u003e on the return value of \u003ccode\u003eas_json\u003c/code\u003e for \u003ccode\u003eFloat::NAN\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFixed handling of \u003ccode\u003estate.depth\u003c/code\u003e: when \u003ccode\u003eto_json\u003c/code\u003e changes \u003ccode\u003estate.depth\u003c/code\u003e but does not restore it, it is reset\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/6688a814bf8b3d718701ac4cf328f7c42be4792b\"\u003e\u003ccode\u003e6688a81\u003c/code\u003e\u003c/a\u003e Release 2.19.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f1e6163ee1affbc9a80903158b92712228601316\"\u003e\u003ccode\u003ef1e6163\u003c/code\u003e\u003c/a\u003e Fix references to NAN and INFINITY in documentation comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/18d54757d38fce2eea6cb821458b1df4405a256e\"\u003e\u003ccode\u003e18d5475\u003c/code\u003e\u003c/a\u003e Reduce warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1072482184de233f55c45f875b38766b67b84f3b\"\u003e\u003ccode\u003e1072482\u003c/code\u003e\u003c/a\u003e Fix parsing of \u003cem\u003enegative\u003c/em\u003e out of bound floats.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.9.1...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.9.1\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/mercadopago/sdk-ruby/pull/128","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mercadopago%2Fsdk-ruby/issues/128","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/128/packages"},{"uuid":"4510846988","node_id":"PR_kwDOSmRWeM7evmTD","number":17,"state":"open","title":"DEPS: Bump json from 2.19.4 to 2.19.5","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T07:35:06.000Z","updated_at":"2026-05-24T09:01:10.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"DEPS: Bump","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.4 to 2.19.5.\n- [Release notes](https://github.com/ruby/json/releases)\n- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)\n- [Commits](https://github.com/ruby/json/compare/v2.19.4...v2.19.5)","html_url":"https://github.com/chuyueZhang/custom-discourse/pull/17","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/chuyueZhang%2Fcustom-discourse/issues/17","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/17/packages"},{"uuid":"4426169687","node_id":"PR_kwDOAHOAqs7ahQ3X","number":39913,"state":"open","title":"DEPS: Bump json from 2.19.4 to 2.19.5","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T04:23:20.000Z","updated_at":"2026-05-12T04:23:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"DEPS: Bump","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.4 to 2.19.5.\n- [Release notes](https://github.com/ruby/json/releases)\n- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)\n- [Commits](https://github.com/ruby/json/compare/v2.19.4...v2.19.5)","html_url":"https://github.com/discourse/discourse/pull/39913","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/discourse%2Fdiscourse/issues/39913","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/39913/packages"},{"uuid":"4414639443","node_id":"PR_kwDOIvarPc7Z8keg","number":929,"state":"open","title":"chore(deps): Bump json from 2.7.6 to 2.19.5","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-10T04:32:51.000Z","updated_at":"2026-05-24T12:01:33.459Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"json","old_version":"2.7.6","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.7.6 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/ruby/json/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.0\"\u003ehttps://github.com/ruby/json/compare/v2.18.1...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.0...v2.18.1\"\u003ehttps://github.com/ruby/json/compare/v2.18.0...v2.18.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.17.1.2) - Security Backport\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-04 (2.17.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a regression in parsing of unicode surogate pairs (\u003ccode\u003e\\uXX\\uXX\u003c/code\u003e) that could cause an invalid string to be returned.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-03 (2.17.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove \u003ccode\u003eJSON.load\u003c/code\u003e and \u003ccode\u003eJSON.unsafe_load\u003c/code\u003e to allow passing options as second argument.\u003c/li\u003e\n\u003cli\u003eFix the parser to no longer ignore invalid escapes in strings.\nOnly \u003ccode\u003e\\\u0026quot;\u003c/code\u003e, \u003ccode\u003e\\\\\u003c/code\u003e, \u003ccode\u003e\\b\u003c/code\u003e, \u003ccode\u003e\\f\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\t\u003c/code\u003e and \u003ccode\u003e\\u\u003c/code\u003e are valid JSON escapes.\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eJSON::Coder\u003c/code\u003e to use the depth it was initialized with.\u003c/li\u003e\n\u003cli\u003eOn TruffleRuby, fix the generator to not call \u003ccode\u003eto_json\u003c/code\u003e on the return value of \u003ccode\u003eas_json\u003c/code\u003e for \u003ccode\u003eFloat::NAN\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFixed handling of \u003ccode\u003estate.depth\u003c/code\u003e: when \u003ccode\u003eto_json\u003c/code\u003e changes \u003ccode\u003estate.depth\u003c/code\u003e but does not restore it, it is reset\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/6688a814bf8b3d718701ac4cf328f7c42be4792b\"\u003e\u003ccode\u003e6688a81\u003c/code\u003e\u003c/a\u003e Release 2.19.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f1e6163ee1affbc9a80903158b92712228601316\"\u003e\u003ccode\u003ef1e6163\u003c/code\u003e\u003c/a\u003e Fix references to NAN and INFINITY in documentation comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/18d54757d38fce2eea6cb821458b1df4405a256e\"\u003e\u003ccode\u003e18d5475\u003c/code\u003e\u003c/a\u003e Reduce warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1072482184de233f55c45f875b38766b67b84f3b\"\u003e\u003ccode\u003e1072482\u003c/code\u003e\u003c/a\u003e Fix parsing of \u003cem\u003enegative\u003c/em\u003e out of bound floats.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.7.6...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.7.6\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/oviney/blog/pull/929","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oviney%2Fblog/issues/929","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/929/packages"},{"uuid":"4409980105","node_id":"PR_kwDOFaeSsc7Zt7tb","number":501,"state":"open","title":"Bump json from 2.6.3 to 2.19.5","user":"dependabot[bot]","labels":["dependencies","ruby","no-pr-activity"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-08T23:13:14.000Z","updated_at":"2026-05-23T00:11:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"json","old_version":"2.6.3","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.6.3 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/ruby/json/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.0\"\u003ehttps://github.com/ruby/json/compare/v2.18.1...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.0...v2.18.1\"\u003ehttps://github.com/ruby/json/compare/v2.18.0...v2.18.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.17.1.2) - Security Backport\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-04 (2.17.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a regression in parsing of unicode surogate pairs (\u003ccode\u003e\\uXX\\uXX\u003c/code\u003e) that could cause an invalid string to be returned.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-03 (2.17.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove \u003ccode\u003eJSON.load\u003c/code\u003e and \u003ccode\u003eJSON.unsafe_load\u003c/code\u003e to allow passing options as second argument.\u003c/li\u003e\n\u003cli\u003eFix the parser to no longer ignore invalid escapes in strings.\nOnly \u003ccode\u003e\\\u0026quot;\u003c/code\u003e, \u003ccode\u003e\\\\\u003c/code\u003e, \u003ccode\u003e\\b\u003c/code\u003e, \u003ccode\u003e\\f\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\t\u003c/code\u003e and \u003ccode\u003e\\u\u003c/code\u003e are valid JSON escapes.\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eJSON::Coder\u003c/code\u003e to use the depth it was initialized with.\u003c/li\u003e\n\u003cli\u003eOn TruffleRuby, fix the generator to not call \u003ccode\u003eto_json\u003c/code\u003e on the return value of \u003ccode\u003eas_json\u003c/code\u003e for \u003ccode\u003eFloat::NAN\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFixed handling of \u003ccode\u003estate.depth\u003c/code\u003e: when \u003ccode\u003eto_json\u003c/code\u003e changes \u003ccode\u003estate.depth\u003c/code\u003e but does not restore it, it is reset\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/6688a814bf8b3d718701ac4cf328f7c42be4792b\"\u003e\u003ccode\u003e6688a81\u003c/code\u003e\u003c/a\u003e Release 2.19.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f1e6163ee1affbc9a80903158b92712228601316\"\u003e\u003ccode\u003ef1e6163\u003c/code\u003e\u003c/a\u003e Fix references to NAN and INFINITY in documentation comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/18d54757d38fce2eea6cb821458b1df4405a256e\"\u003e\u003ccode\u003e18d5475\u003c/code\u003e\u003c/a\u003e Reduce warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1072482184de233f55c45f875b38766b67b84f3b\"\u003e\u003ccode\u003e1072482\u003c/code\u003e\u003c/a\u003e Fix parsing of \u003cem\u003enegative\u003c/em\u003e out of bound floats.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.6.3...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.6.3\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/babywyrm/beef/pull/501","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/babywyrm%2Fbeef/issues/501","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/501/packages"},{"uuid":"4409957732","node_id":"PR_kwDOQja4687Zt2-3","number":38,"state":"closed","title":"chore(deps): bump json from 2.18.0 to 2.19.2 in /docs","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-10T17:20:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T23:07:31.000Z","updated_at":"2026-05-10T17:20:54.000Z","time_to_close":152001,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"json","old_version":"2.18.0","new_version":"2.19.2","repository_url":"https://github.com/ruby/json"}],"path":"/docs","ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.18.0 to 2.19.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/ruby/json/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.0\"\u003ehttps://github.com/ruby/json/compare/v2.18.1...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.0...v2.18.1\"\u003ehttps://github.com/ruby/json/compare/v2.18.0...v2.18.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/54f8a878aebee090476a53c851c943128894be62\"\u003e\u003ccode\u003e54f8a87\u003c/code\u003e\u003c/a\u003e Release 2.19.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/393b41c3e5f87491e1e34fa59fa78ff6fa179a74\"\u003e\u003ccode\u003e393b41c\u003c/code\u003e\u003c/a\u003e Fix a format string injection vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dbf6bb12aac85db939df1180028aea06c8d3b762\"\u003e\u003ccode\u003edbf6bb1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/953\"\u003e#953\u003c/a\u003e from ruby/dependabot/github_actions/actions/create-gi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7187315b4571ade59d68a1fad84be2794cda744d\"\u003e\u003ccode\u003e7187315\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a42a04280d96d8dd94558078c16f1c078c38e1b\"\u003e\u003ccode\u003e4a42a04\u003c/code\u003e\u003c/a\u003e Release 2.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/13689c269970f18316952541f8544830ec2dc5c4\"\u003e\u003ccode\u003e13689c2\u003c/code\u003e\u003c/a\u003e Add missing GC_GUARD in \u003ccode\u003efbuffer_append_str\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/a11acc1ff496627e5d72c71d6d1229e8c8ffeaa1\"\u003e\u003ccode\u003ea11acc1\u003c/code\u003e\u003c/a\u003e Release 2.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/0a4fb79cd97f535701cc2240ac736d76b9af5025\"\u003e\u003ccode\u003e0a4fb79\u003c/code\u003e\u003c/a\u003e fbuffer.h: Use size_t over unsigned long\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/a29fcdcb4a78164daa14f6af05812690dd3ac939\"\u003e\u003ccode\u003ea29fcdc\u003c/code\u003e\u003c/a\u003e Add depth validation to Jruby and TruffleRuby implementations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/de993aa76639078da891f46351a36f77d51ad3d3\"\u003e\u003ccode\u003ede993aa\u003c/code\u003e\u003c/a\u003e Reject negative depth; add overflow guards to prevent hang/crash\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.18.0...v2.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.18.0\u0026new-version=2.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/lex-fmt/comms/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/lex-fmt/comms/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/lex-fmt%2Fcomms/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"},{"uuid":"4409856922","node_id":"PR_kwDOArWMsM7ZthQa","number":46,"state":"open","title":"Bump json from 2.18.1 to 2.19.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-08T22:43:27.000Z","updated_at":"2026-05-08T22:43:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"json","old_version":"2.18.1","new_version":"2.19.2","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.18.1 to 2.19.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/ruby/json/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.0\"\u003ehttps://github.com/ruby/json/compare/v2.18.1...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/54f8a878aebee090476a53c851c943128894be62\"\u003e\u003ccode\u003e54f8a87\u003c/code\u003e\u003c/a\u003e Release 2.19.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/393b41c3e5f87491e1e34fa59fa78ff6fa179a74\"\u003e\u003ccode\u003e393b41c\u003c/code\u003e\u003c/a\u003e Fix a format string injection vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dbf6bb12aac85db939df1180028aea06c8d3b762\"\u003e\u003ccode\u003edbf6bb1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/953\"\u003e#953\u003c/a\u003e from ruby/dependabot/github_actions/actions/create-gi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7187315b4571ade59d68a1fad84be2794cda744d\"\u003e\u003ccode\u003e7187315\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a42a04280d96d8dd94558078c16f1c078c38e1b\"\u003e\u003ccode\u003e4a42a04\u003c/code\u003e\u003c/a\u003e Release 2.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/13689c269970f18316952541f8544830ec2dc5c4\"\u003e\u003ccode\u003e13689c2\u003c/code\u003e\u003c/a\u003e Add missing GC_GUARD in \u003ccode\u003efbuffer_append_str\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/a11acc1ff496627e5d72c71d6d1229e8c8ffeaa1\"\u003e\u003ccode\u003ea11acc1\u003c/code\u003e\u003c/a\u003e Release 2.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/0a4fb79cd97f535701cc2240ac736d76b9af5025\"\u003e\u003ccode\u003e0a4fb79\u003c/code\u003e\u003c/a\u003e fbuffer.h: Use size_t over unsigned long\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/a29fcdcb4a78164daa14f6af05812690dd3ac939\"\u003e\u003ccode\u003ea29fcdc\u003c/code\u003e\u003c/a\u003e Add depth validation to Jruby and TruffleRuby implementations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/de993aa76639078da891f46351a36f77d51ad3d3\"\u003e\u003ccode\u003ede993aa\u003c/code\u003e\u003c/a\u003e Reject negative depth; add overflow guards to prevent hang/crash\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.18.1\u0026new-version=2.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yudhir/yudhir.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yudhir/yudhir.github.io/pull/46","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yudhir%2Fyudhir.github.io/issues/46","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/46/packages"},{"uuid":"4393109472","node_id":"PR_kwDOABNy5s7Y2wwr","number":313,"state":"closed","title":"Bump the dependencies group with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-12T00:26:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T17:04:35.000Z","updated_at":"2026-05-12T00:26:40.000Z","time_to_close":458524,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":2,"packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"},{"name":"minitest","old_version":"6.0.5","new_version":"6.0.6","repository_url":"https://github.com/minitest/minitest"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the dependencies group with 2 updates: [json](https://github.com/ruby/json) and [minitest](https://github.com/minitest/minitest).\n\nUpdates `json` from 2.19.4 to 2.19.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minitest` from 6.0.5 to 6.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minitest/minitest/blob/master/History.rdoc\"\u003eminitest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e=== 6.0.6 / 2026-04-30\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e2 bug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix using assert_equal/same/nil w/ BasicObject by comparing w/ \u003ccode\u003enil == exp\u003c/code\u003e. (mtasaka)\u003c/li\u003e\n\u003cli\u003eRemoved private Assertions#_where as it is no longer used.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/f6180b07ea6e8504a71d220246da0875f392c51c\"\u003e\u003ccode\u003ef6180b0\u003c/code\u003e\u003c/a\u003e prepped for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/23bc7f25a8853b9b3c75b9b73c65d231e42cb452\"\u003e\u003ccode\u003e23bc7f2\u003c/code\u003e\u003c/a\u003e - Removed private Assertions#_where as it is no longer used.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/c471347e5daf7f3e362c530170ae3302edad9117\"\u003e\u003ccode\u003ec471347\u003c/code\u003e\u003c/a\u003e - Fix using assert_equal/same/nil w/ BasicObject by comparing w/ \u003ccode\u003enil == exp\u003c/code\u003e...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/minitest/minitest/compare/v6.0.5...v6.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/moneybird/postgresql_validations/pull/313","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/moneybird%2Fpostgresql_validations/issues/313","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/313/packages"},{"uuid":"4393105538","node_id":"PR_kwDOBBJCIM7Y2v8N","number":343,"state":"closed","title":"Bump the dependencies group with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-12T00:25:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T17:03:50.000Z","updated_at":"2026-05-12T00:25:58.000Z","time_to_close":458527,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":2,"packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"},{"name":"minitest","old_version":"6.0.5","new_version":"6.0.6","repository_url":"https://github.com/minitest/minitest"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the dependencies group with 2 updates: [json](https://github.com/ruby/json) and [minitest](https://github.com/minitest/minitest).\n\nUpdates `json` from 2.19.4 to 2.19.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minitest` from 6.0.5 to 6.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minitest/minitest/blob/master/History.rdoc\"\u003eminitest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e=== 6.0.6 / 2026-04-30\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e2 bug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix using assert_equal/same/nil w/ BasicObject by comparing w/ \u003ccode\u003enil == exp\u003c/code\u003e. (mtasaka)\u003c/li\u003e\n\u003cli\u003eRemoved private Assertions#_where as it is no longer used.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/f6180b07ea6e8504a71d220246da0875f392c51c\"\u003e\u003ccode\u003ef6180b0\u003c/code\u003e\u003c/a\u003e prepped for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/23bc7f25a8853b9b3c75b9b73c65d231e42cb452\"\u003e\u003ccode\u003e23bc7f2\u003c/code\u003e\u003c/a\u003e - Removed private Assertions#_where as it is no longer used.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/c471347e5daf7f3e362c530170ae3302edad9117\"\u003e\u003ccode\u003ec471347\u003c/code\u003e\u003c/a\u003e - Fix using assert_equal/same/nil w/ BasicObject by comparing w/ \u003ccode\u003enil == exp\u003c/code\u003e...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/minitest/minitest/compare/v6.0.5...v6.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/moneybird/mail_auto_link_obfuscation/pull/343","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/moneybird%2Fmail_auto_link_obfuscation/issues/343","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/343/packages"},{"uuid":"4381498781","node_id":"PR_kwDODHAhHM7YQsmR","number":634,"state":"open","title":"chore(deps-dev): bump json from 2.19.4 to 2.19.5","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-05T04:22:58.000Z","updated_at":"2026-05-05T04:24:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev)","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.4 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.4\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/irasutoya-tools/irasutoya-cli/pull/634","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/irasutoya-tools%2Firasutoya-cli/issues/634","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/634/packages"},{"uuid":"4381030913","node_id":"PR_kwDOMR8Xjs7YPMHT","number":787,"state":"closed","title":"chore(deps): bump json from 2.19.4 to 2.19.5 in /builder","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-05T02:19:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-05T02:19:18.000Z","updated_at":"2026-05-05T02:19:37.000Z","time_to_close":11,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":"/builder","ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.4 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.4\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/stlucasgarcia/docker-rails-base/pull/787","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stlucasgarcia%2Fdocker-rails-base/issues/787","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/787/packages"},{"uuid":"4379878897","node_id":"PR_kwDOBDBuVs7YLbo9","number":280,"state":"closed","title":"Bump json from 2.19.4 to 2.19.5 in the all group","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-04T23:15:32.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-04T21:44:24.000Z","updated_at":"2026-05-04T23:15:39.000Z","time_to_close":5468,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":"the all group","ecosystem":"rubygems"},"body":"Bumps the all group with 1 update: [json](https://github.com/ruby/json).\n\nUpdates `json` from 2.19.4 to 2.19.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.4\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/secure-systems-lab/secure-systems-lab.github.io/pull/280","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-systems-lab%2Fsecure-systems-lab.github.io/issues/280","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/280/packages"},{"uuid":"4378051492","node_id":"PR_kwDOACs92c7YFYk3","number":3560,"state":"open","title":"Build(deps): bump json from 2.19.4 to 2.19.5","user":"dependabot[bot]","labels":["dependencies","ruby","safe_to_test"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-04T16:27:13.000Z","updated_at":"2026-05-18T05:48:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps)","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.4 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/beefproject/beef/pull/3560","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/beefproject%2Fbeef/issues/3560","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3560/packages"}],"issue_packages":[{"old_version":"2.19.7","new_version":"2.19.9","update_type":"patch","path":"/backend","pr_created_at":"2026-06-15T00:12:02.000Z","version_change":"2.19.7 → 2.19.9","issue":{"uuid":"4661119958","node_id":"PR_kwDOLTwpMs7mVUMi","number":365,"state":"open","title":"chore(deps): bump json from 2.19.7 to 2.19.9 in /backend","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-15T00:12:02.000Z","updated_at":"2026-06-15T00:12:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"json","old_version":"2.19.7","new_version":"2.19.9","repository_url":"https://github.com/ruby/json"}],"path":"/backend","ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.7 to 2.19.9.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix buffer overflow that could lead to a crash when writing JSON directly into an IO\nwith \u003ccode\u003eJSON.generate(object, io)\u003c/code\u003e. [CVE-PENDING].\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.8...v2.19.9\"\u003ehttps://github.com/ruby/json/compare/v2.19.8...v2.19.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.7...v2.19.8\"\u003ehttps://github.com/ruby/json/compare/v2.19.7...v2.19.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-06-11 (2.19.9)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix buffer overflow that could lead to a crash when writing JSON directly into an IO\nwith \u003ccode\u003eJSON.generate(object, io)\u003c/code\u003e. [CVE-PENDING].\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-06-03 (2.19.8)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/2cff2678d5af54890a49da58345ac141b571f661\"\u003e\u003ccode\u003e2cff267\u003c/code\u003e\u003c/a\u003e Release 2.19.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fd6a65bd08e5f3a429c03919ebfd8dd19158f095\"\u003e\u003ccode\u003efd6a65b\u003c/code\u003e\u003c/a\u003e generator.c: don't start with a stack buffer in IO case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5233dd9b851a4924f793aec1a1658ed8b66a34c7\"\u003e\u003ccode\u003e5233dd9\u003c/code\u003e\u003c/a\u003e Release 2.19.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/3f44b26cf34f37e97065ff37f5eaecac69d5f28e\"\u003e\u003ccode\u003e3f44b26\u003c/code\u003e\u003c/a\u003e Prevent buffer over-read when generating EOF error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/be8d068a8eb1124fdc2273e102dc986edf1140f7\"\u003e\u003ccode\u003ebe8d068\u003c/code\u003e\u003c/a\u003e Handle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/59501c07de4257714d94a2d5bd44f08fad1a4a4c\"\u003e\u003ccode\u003e59501c0\u003c/code\u003e\u003c/a\u003e Get rid of all_images gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c7a7b2be6f20e52439f4fdc5263e9b539fc6ad6c\"\u003e\u003ccode\u003ec7a7b2b\u003c/code\u003e\u003c/a\u003e Add a security note in README\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.7...v2.19.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.7\u0026new-version=2.19.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/isekaisaru/dreamjournal-app/pull/365","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/isekaisaru%2Fdreamjournal-app/issues/365","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/365/packages"}},{"old_version":"2.7.6","new_version":"2.19.8","update_type":"minor","path":null,"pr_created_at":"2026-06-07T04:32:37.000Z","version_change":"2.7.6 → 2.19.8","issue":{"uuid":"4606165011","node_id":"PR_kwDOIvarPc7jkT7v","number":1039,"state":"open","title":"chore(deps): Bump json from 2.7.6 to 2.19.8","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-07T04:32:37.000Z","updated_at":"2026-06-07T04:32:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"json","old_version":"2.7.6","new_version":"2.19.8","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.7.6 to 2.19.8.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-06-03 (2.19.8)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5233dd9b851a4924f793aec1a1658ed8b66a34c7\"\u003e\u003ccode\u003e5233dd9\u003c/code\u003e\u003c/a\u003e Release 2.19.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/3f44b26cf34f37e97065ff37f5eaecac69d5f28e\"\u003e\u003ccode\u003e3f44b26\u003c/code\u003e\u003c/a\u003e Prevent buffer over-read when generating EOF error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/be8d068a8eb1124fdc2273e102dc986edf1140f7\"\u003e\u003ccode\u003ebe8d068\u003c/code\u003e\u003c/a\u003e Handle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/59501c07de4257714d94a2d5bd44f08fad1a4a4c\"\u003e\u003ccode\u003e59501c0\u003c/code\u003e\u003c/a\u003e Get rid of all_images gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c7a7b2be6f20e52439f4fdc5263e9b539fc6ad6c\"\u003e\u003ccode\u003ec7a7b2b\u003c/code\u003e\u003c/a\u003e Add a security note in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.7.6...v2.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.7.6\u0026new-version=2.19.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/oviney/blog/pull/1039","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oviney%2Fblog/issues/1039","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1039/packages"}},{"old_version":"2.19.7","new_version":"2.19.8","update_type":"patch","path":null,"pr_created_at":"2026-06-04T00:07:10.000Z","version_change":"2.19.7 → 2.19.8","issue":{"uuid":"4584609689","node_id":"PR_kwDOQMBsSs7idxj4","number":505,"state":"closed","title":"Bump json from 2.19.7 to 2.19.8","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-05T18:48:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-04T00:07:10.000Z","updated_at":"2026-06-05T18:48:53.000Z","time_to_close":153701,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"json","old_version":"2.19.7","new_version":"2.19.8","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.7 to 2.19.8.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-06-03 (2.19.8)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5233dd9b851a4924f793aec1a1658ed8b66a34c7\"\u003e\u003ccode\u003e5233dd9\u003c/code\u003e\u003c/a\u003e Release 2.19.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/3f44b26cf34f37e97065ff37f5eaecac69d5f28e\"\u003e\u003ccode\u003e3f44b26\u003c/code\u003e\u003c/a\u003e Prevent buffer over-read when generating EOF error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/be8d068a8eb1124fdc2273e102dc986edf1140f7\"\u003e\u003ccode\u003ebe8d068\u003c/code\u003e\u003c/a\u003e Handle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/59501c07de4257714d94a2d5bd44f08fad1a4a4c\"\u003e\u003ccode\u003e59501c0\u003c/code\u003e\u003c/a\u003e Get rid of all_images gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c7a7b2be6f20e52439f4fdc5263e9b539fc6ad6c\"\u003e\u003ccode\u003ec7a7b2b\u003c/code\u003e\u003c/a\u003e Add a security note in README\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.7...v2.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.7\u0026new-version=2.19.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/PatRogala/elearning/pull/505","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PatRogala%2Felearning/issues/505","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/505/packages"}},{"old_version":"2.10.1","new_version":"2.10.2","update_type":"patch","path":null,"pr_created_at":"2026-06-02T22:28:47.000Z","version_change":"2.10.1 → 2.10.2","issue":{"uuid":"4575412978","node_id":"PR_kwDOQp4dK87h_fBe","number":3,"state":"open","title":"chore(deps): bump the bundler group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:28:47.000Z","updated_at":"2026-06-02T22:29:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"bundler","update_count":7,"packages":[{"name":"activesupport","old_version":"7.2.2.1","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"aws-sdk-s3","old_version":"1.181.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"faraday","old_version":"1.10.4","new_version":"1.10.5","repository_url":"https://github.com/lostisland/faraday"},{"name":"json","old_version":"2.10.1","new_version":"2.10.2","repository_url":"https://github.com/ruby/json"},{"name":"jwt","old_version":"2.10.1","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"},{"name":"rexml","old_version":"3.4.1","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [activesupport](https://github.com/rails/rails) | `7.2.2.1` | `7.2.3.1` |\n| [addressable](https://github.com/sporkmonger/addressable) | `2.8.7` | `2.9.0` |\n| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.181.0` | `1.208.0` |\n| [faraday](https://github.com/lostisland/faraday) | `1.10.4` | `1.10.5` |\n| [json](https://github.com/ruby/json) | `2.10.1` | `2.10.2` |\n| [jwt](https://github.com/jwt/ruby-jwt) | `2.10.1` | `2.10.3` |\n| [rexml](https://github.com/ruby/rexml) | `3.4.1` | `3.4.2` |\n\n\nUpdates `activesupport` from 7.2.2.1 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.2.1...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.181.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 1.10.4 to 1.10.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport CVE-2026-25765 by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1665\"\u003elostisland/faraday#1665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ehttps://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/5c1d68aae6020c7a5398147356e5a42ca205bf80\"\u003e\u003ccode\u003e5c1d68a\u003c/code\u003e\u003c/a\u003e Version bump to 1.10.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/ea02c0ecbcd7ecc5553767f0cd97ec94eae6142b\"\u003e\u003ccode\u003eea02c0e\u003c/code\u003e\u003c/a\u003e Update rubocop complexity thresholds for security fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d0fc049beb0b0e4e3bd4a52711189130bba7c5f4\"\u003e\u003ccode\u003ed0fc049\u003c/code\u003e\u003c/a\u003e Backport security fix for CVE-2026-25765 to 1.x branch (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1665\"\u003e#1665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json` from 2.10.1 to 2.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e unadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/ruby/json/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2025-03-12 (2.10.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e inadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/350c1fd154eaf7840f696c623362478a9148166c\"\u003e\u003ccode\u003e350c1fd\u003c/code\u003e\u003c/a\u003e Release 2.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf\"\u003e\u003ccode\u003ec56db31\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cf242d89a0523bacd5238a59c77b33411b8c3208\"\u003e\u003ccode\u003ecf242d8\u003c/code\u003e\u003c/a\u003e Fix potential out of bound read in \u003ccode\u003ejson_string_unescape\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/57911f1ecf065c36cf36e6bc46fd037c675ceb55\"\u003e\u003ccode\u003e57911f1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/762\"\u003e#762\u003c/a\u003e from byroot/invalid-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7d0637b9e6e0269c88418b142cb9a1ef2799587d\"\u003e\u003ccode\u003e7d0637b\u003c/code\u003e\u003c/a\u003e Raise a ParserError on all incomplete unicode escape sequence.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c079793b7655b749a4d85f5c8e6bd2649fd31c0c\"\u003e\u003ccode\u003ec079793\u003c/code\u003e\u003c/a\u003e Avoid fast-path IO writes when IO has ext enc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ac30b69c06a2e4d21cca4875a7265c24f6ede5ed\"\u003e\u003ccode\u003eac30b69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/757\"\u003e#757\u003c/a\u003e from rahim/fix-generator-error-no-method-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/2e015ff839ed2044ead0fd27b63a912766270a1b\"\u003e\u003ccode\u003e2e015ff\u003c/code\u003e\u003c/a\u003e Fix JSON::GeneratorError#detailed_message with Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f3e113654fb61cb670ab70f2470dc26183c369e1\"\u003e\u003ccode\u003ef3e1136\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/756\"\u003e#756\u003c/a\u003e from byroot/utf8-snippets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e144793b7226c2df75c414749d6f87ab7fcf4dce\"\u003e\u003ccode\u003ee144793\u003c/code\u003e\u003c/a\u003e Ensure parser error snippets are valid UTF-8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jwt` from 2.10.1 to 2.10.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.1\"\u003ev3.2.1\u003c/a\u003e (NEXT)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.2.0...v3.2.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eYour contribution here\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix rejection of unknown algorithms from JWKs for RFC compliance and pquip \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/728\"\u003e#728\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/658275c3f20156df0656cf25d3e2129fa0fd2322\"\u003e\u003ccode\u003e658275c\u003c/code\u003e\u003c/a\u003e Version 2.10.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/67dc9d344ece2c18ff1f25621e10f5a692503191\"\u003e\u003ccode\u003e67dc9d3\u003c/code\u003e\u003c/a\u003e Backport: Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/c73c286901b88bd7c73ec72c5154da74b8533ba1\"\u003e\u003ccode\u003ec73c286\u003c/code\u003e\u003c/a\u003e Simplify CI on 2.10 branch (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7ff5f070ce696ed31d361238fda221d429786187\"\u003e\u003ccode\u003e7ff5f07\u003c/code\u003e\u003c/a\u003e Fix deprecation messages\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.4.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.4.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/EmilynnJ/jitsi-meet/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade Bundler dependencies to pick up security fixes and SDK improvements. Bumps `activesupport`, `addressable`, `aws-sdk-s3`, `faraday`, `json`, `jwt`, and `rexml` with no app code changes.\n\n- **Dependencies**\n  - `activesupport` 7.2.3.1 — security fixes and minor perf updates\n  - `addressable` 2.9.0 — fixes ReDoS in Template#match\n  - `aws-sdk-s3` 1.208.0 — SDK updates incl. encryption and checksum behavior\n  - `faraday` 1.10.5 — security fix\n  - `json` 2.10.2 — parser stability fixes\n  - `jwt` 2.10.3 — reject nil/empty HMAC keys (security)\n  - `rexml` 3.4.2 — performance and parsing improvements\n\n\u003csup\u003eWritten for commit 9f6a056a79f5089917c2f9c93714eabeea5fc4ce. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/jitsi-meet/pull/3?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 7 bundler dependencies in Gemfile.lock\n\u003e Updates the Ruby bundler lockfile with 7 dependency version bumps. No application logic changes are included.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 9f6a056.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/jitsi-meet/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fjitsi-meet/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"2.7.6","new_version":"2.19.7","update_type":"minor","path":null,"pr_created_at":"2026-05-31T04:33:00.000Z","version_change":"2.7.6 → 2.19.7","issue":{"uuid":"4556570807","node_id":"PR_kwDOIvarPc7hCxAU","number":1026,"state":"open","title":"chore(deps): Bump json from 2.7.6 to 2.19.7","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T04:33:00.000Z","updated_at":"2026-05-31T04:33:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"json","old_version":"2.7.6","new_version":"2.19.7","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.7.6 to 2.19.7.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.17.1.2) - Security Backport\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1e276ebb793437065ce741113a3eadc1a52847c0\"\u003e\u003ccode\u003e1e276eb\u003c/code\u003e\u003c/a\u003e Release 2.19.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/96966221b8c5df24454ba6030a95c6e1c37f86d7\"\u003e\u003ccode\u003e9696622\u003c/code\u003e\u003c/a\u003e Add ruby-asan to CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/d644602ac8efff874c7b36ac0c21a19790692988\"\u003e\u003ccode\u003ed644602\u003c/code\u003e\u003c/a\u003e generator.c: Handle stupidly large depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6972d797a17487a16f30195fb0e745858a54a2\"\u003e\u003ccode\u003eab6972d\u003c/code\u003e\u003c/a\u003e Add missing write barrier in ParserConfig\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.7.6...v2.19.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.7.6\u0026new-version=2.19.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/oviney/blog/pull/1026","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oviney%2Fblog/issues/1026","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1026/packages"}},{"old_version":"2.7.1","new_version":"2.19.7","update_type":"minor","path":null,"pr_created_at":"2026-05-29T08:18:09.000Z","version_change":"2.7.1 → 2.19.7","issue":{"uuid":"4546894949","node_id":"PR_kwDOOtyp8s7gkCjp","number":109,"state":"closed","title":"Bump json from 2.7.1 to 2.19.7","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-03T23:10:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T08:18:09.000Z","updated_at":"2026-06-03T23:11:02.000Z","time_to_close":485570,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"json","old_version":"2.7.1","new_version":"2.19.7","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.7.1 to 2.19.7.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.17.1.2) - Security Backport\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1e276ebb793437065ce741113a3eadc1a52847c0\"\u003e\u003ccode\u003e1e276eb\u003c/code\u003e\u003c/a\u003e Release 2.19.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/96966221b8c5df24454ba6030a95c6e1c37f86d7\"\u003e\u003ccode\u003e9696622\u003c/code\u003e\u003c/a\u003e Add ruby-asan to CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/d644602ac8efff874c7b36ac0c21a19790692988\"\u003e\u003ccode\u003ed644602\u003c/code\u003e\u003c/a\u003e generator.c: Handle stupidly large depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6972d797a17487a16f30195fb0e745858a54a2\"\u003e\u003ccode\u003eab6972d\u003c/code\u003e\u003c/a\u003e Add missing write barrier in ParserConfig\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.7.1...v2.19.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.7.1\u0026new-version=2.19.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/WilsonFrederique/beef/pull/109","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/WilsonFrederique%2Fbeef/issues/109","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/109/packages"}},{"old_version":"2.19.5","new_version":"2.19.7","update_type":"patch","path":"/builder","pr_created_at":"2026-05-28T23:46:30.000Z","version_change":"2.19.5 → 2.19.7","issue":{"uuid":"4544576133","node_id":"PR_kwDOMR8Xjs7gce8d","number":821,"state":"closed","title":"chore(deps): bump json from 2.19.5 to 2.19.7 in /builder","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T23:46:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T23:46:30.000Z","updated_at":"2026-05-28T23:46:49.000Z","time_to_close":12,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"json","old_version":"2.19.5","new_version":"2.19.7","repository_url":"https://github.com/ruby/json"}],"path":"/builder","ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.5 to 2.19.7.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1e276ebb793437065ce741113a3eadc1a52847c0\"\u003e\u003ccode\u003e1e276eb\u003c/code\u003e\u003c/a\u003e Release 2.19.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/96966221b8c5df24454ba6030a95c6e1c37f86d7\"\u003e\u003ccode\u003e9696622\u003c/code\u003e\u003c/a\u003e Add ruby-asan to CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/d644602ac8efff874c7b36ac0c21a19790692988\"\u003e\u003ccode\u003ed644602\u003c/code\u003e\u003c/a\u003e generator.c: Handle stupidly large depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6972d797a17487a16f30195fb0e745858a54a2\"\u003e\u003ccode\u003eab6972d\u003c/code\u003e\u003c/a\u003e Add missing write barrier in ParserConfig\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.5\u0026new-version=2.19.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/stlucasgarcia/docker-rails-base/pull/821","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stlucasgarcia%2Fdocker-rails-base/issues/821","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/821/packages"}},{"old_version":"2.9.1","new_version":"2.19.5","update_type":"minor","path":null,"pr_created_at":"2026-05-27T20:39:07.000Z","version_change":"2.9.1 → 2.19.5","issue":{"uuid":"4535568363","node_id":"PR_kwDOAGEz787f_CKz","number":128,"state":"closed","title":"chore(deps)(deps): bump json from 2.9.1 to 2.19.5","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-27T22:46:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T20:39:07.000Z","updated_at":"2026-05-27T22:46:17.000Z","time_to_close":7628,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps)","packages":[{"name":"json","old_version":"2.9.1","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.9.1 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/ruby/json/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.0\"\u003ehttps://github.com/ruby/json/compare/v2.18.1...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.0...v2.18.1\"\u003ehttps://github.com/ruby/json/compare/v2.18.0...v2.18.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.17.1.2) - Security Backport\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-04 (2.17.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a regression in parsing of unicode surogate pairs (\u003ccode\u003e\\uXX\\uXX\u003c/code\u003e) that could cause an invalid string to be returned.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-03 (2.17.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove \u003ccode\u003eJSON.load\u003c/code\u003e and \u003ccode\u003eJSON.unsafe_load\u003c/code\u003e to allow passing options as second argument.\u003c/li\u003e\n\u003cli\u003eFix the parser to no longer ignore invalid escapes in strings.\nOnly \u003ccode\u003e\\\u0026quot;\u003c/code\u003e, \u003ccode\u003e\\\\\u003c/code\u003e, \u003ccode\u003e\\b\u003c/code\u003e, \u003ccode\u003e\\f\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\t\u003c/code\u003e and \u003ccode\u003e\\u\u003c/code\u003e are valid JSON escapes.\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eJSON::Coder\u003c/code\u003e to use the depth it was initialized with.\u003c/li\u003e\n\u003cli\u003eOn TruffleRuby, fix the generator to not call \u003ccode\u003eto_json\u003c/code\u003e on the return value of \u003ccode\u003eas_json\u003c/code\u003e for \u003ccode\u003eFloat::NAN\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFixed handling of \u003ccode\u003estate.depth\u003c/code\u003e: when \u003ccode\u003eto_json\u003c/code\u003e changes \u003ccode\u003estate.depth\u003c/code\u003e but does not restore it, it is reset\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/6688a814bf8b3d718701ac4cf328f7c42be4792b\"\u003e\u003ccode\u003e6688a81\u003c/code\u003e\u003c/a\u003e Release 2.19.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f1e6163ee1affbc9a80903158b92712228601316\"\u003e\u003ccode\u003ef1e6163\u003c/code\u003e\u003c/a\u003e Fix references to NAN and INFINITY in documentation comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/18d54757d38fce2eea6cb821458b1df4405a256e\"\u003e\u003ccode\u003e18d5475\u003c/code\u003e\u003c/a\u003e Reduce warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1072482184de233f55c45f875b38766b67b84f3b\"\u003e\u003ccode\u003e1072482\u003c/code\u003e\u003c/a\u003e Fix parsing of \u003cem\u003enegative\u003c/em\u003e out of bound floats.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.9.1...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.9.1\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/mercadopago/sdk-ruby/pull/128","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mercadopago%2Fsdk-ruby/issues/128","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/128/packages"}},{"old_version":"2.19.4","new_version":"2.19.5","update_type":"patch","path":null,"pr_created_at":"2026-05-24T07:35:06.000Z","version_change":"2.19.4 → 2.19.5","issue":{"uuid":"4510846988","node_id":"PR_kwDOSmRWeM7evmTD","number":17,"state":"open","title":"DEPS: Bump json from 2.19.4 to 2.19.5","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T07:35:06.000Z","updated_at":"2026-05-24T09:01:10.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"DEPS: Bump","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.4 to 2.19.5.\n- [Release notes](https://github.com/ruby/json/releases)\n- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)\n- [Commits](https://github.com/ruby/json/compare/v2.19.4...v2.19.5)","html_url":"https://github.com/chuyueZhang/custom-discourse/pull/17","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/chuyueZhang%2Fcustom-discourse/issues/17","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/17/packages"}},{"old_version":"2.19.4","new_version":"2.19.5","update_type":"patch","path":null,"pr_created_at":"2026-05-12T04:23:20.000Z","version_change":"2.19.4 → 2.19.5","issue":{"uuid":"4426169687","node_id":"PR_kwDOAHOAqs7ahQ3X","number":39913,"state":"open","title":"DEPS: Bump json from 2.19.4 to 2.19.5","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T04:23:20.000Z","updated_at":"2026-05-12T04:23:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"DEPS: Bump","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.4 to 2.19.5.\n- [Release notes](https://github.com/ruby/json/releases)\n- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)\n- [Commits](https://github.com/ruby/json/compare/v2.19.4...v2.19.5)","html_url":"https://github.com/discourse/discourse/pull/39913","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/discourse%2Fdiscourse/issues/39913","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/39913/packages"}},{"old_version":"2.7.6","new_version":"2.19.5","update_type":"minor","path":null,"pr_created_at":"2026-05-10T04:32:51.000Z","version_change":"2.7.6 → 2.19.5","issue":{"uuid":"4414639443","node_id":"PR_kwDOIvarPc7Z8keg","number":929,"state":"open","title":"chore(deps): Bump json from 2.7.6 to 2.19.5","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-10T04:32:51.000Z","updated_at":"2026-05-24T12:01:33.459Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"json","old_version":"2.7.6","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.7.6 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/ruby/json/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.0\"\u003ehttps://github.com/ruby/json/compare/v2.18.1...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.0...v2.18.1\"\u003ehttps://github.com/ruby/json/compare/v2.18.0...v2.18.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.17.1.2) - Security Backport\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-04 (2.17.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a regression in parsing of unicode surogate pairs (\u003ccode\u003e\\uXX\\uXX\u003c/code\u003e) that could cause an invalid string to be returned.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-03 (2.17.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove \u003ccode\u003eJSON.load\u003c/code\u003e and \u003ccode\u003eJSON.unsafe_load\u003c/code\u003e to allow passing options as second argument.\u003c/li\u003e\n\u003cli\u003eFix the parser to no longer ignore invalid escapes in strings.\nOnly \u003ccode\u003e\\\u0026quot;\u003c/code\u003e, \u003ccode\u003e\\\\\u003c/code\u003e, \u003ccode\u003e\\b\u003c/code\u003e, \u003ccode\u003e\\f\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\t\u003c/code\u003e and \u003ccode\u003e\\u\u003c/code\u003e are valid JSON escapes.\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eJSON::Coder\u003c/code\u003e to use the depth it was initialized with.\u003c/li\u003e\n\u003cli\u003eOn TruffleRuby, fix the generator to not call \u003ccode\u003eto_json\u003c/code\u003e on the return value of \u003ccode\u003eas_json\u003c/code\u003e for \u003ccode\u003eFloat::NAN\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFixed handling of \u003ccode\u003estate.depth\u003c/code\u003e: when \u003ccode\u003eto_json\u003c/code\u003e changes \u003ccode\u003estate.depth\u003c/code\u003e but does not restore it, it is reset\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/6688a814bf8b3d718701ac4cf328f7c42be4792b\"\u003e\u003ccode\u003e6688a81\u003c/code\u003e\u003c/a\u003e Release 2.19.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f1e6163ee1affbc9a80903158b92712228601316\"\u003e\u003ccode\u003ef1e6163\u003c/code\u003e\u003c/a\u003e Fix references to NAN and INFINITY in documentation comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/18d54757d38fce2eea6cb821458b1df4405a256e\"\u003e\u003ccode\u003e18d5475\u003c/code\u003e\u003c/a\u003e Reduce warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1072482184de233f55c45f875b38766b67b84f3b\"\u003e\u003ccode\u003e1072482\u003c/code\u003e\u003c/a\u003e Fix parsing of \u003cem\u003enegative\u003c/em\u003e out of bound floats.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.7.6...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.7.6\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/oviney/blog/pull/929","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oviney%2Fblog/issues/929","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/929/packages"}},{"old_version":"2.6.3","new_version":"2.19.5","update_type":"minor","path":null,"pr_created_at":"2026-05-08T23:13:14.000Z","version_change":"2.6.3 → 2.19.5","issue":{"uuid":"4409980105","node_id":"PR_kwDOFaeSsc7Zt7tb","number":501,"state":"open","title":"Bump json from 2.6.3 to 2.19.5","user":"dependabot[bot]","labels":["dependencies","ruby","no-pr-activity"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-08T23:13:14.000Z","updated_at":"2026-05-23T00:11:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"json","old_version":"2.6.3","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.6.3 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/ruby/json/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.0\"\u003ehttps://github.com/ruby/json/compare/v2.18.1...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.0...v2.18.1\"\u003ehttps://github.com/ruby/json/compare/v2.18.0...v2.18.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-11 (2.18.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e:allow_control_characters\u003c/code\u003e parser options, to allow JSON strings containing unescaped ASCII control characters (e.g. newlines).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.17.1.2) - Security Backport\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-04 (2.17.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a regression in parsing of unicode surogate pairs (\u003ccode\u003e\\uXX\\uXX\u003c/code\u003e) that could cause an invalid string to be returned.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2025-12-03 (2.17.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove \u003ccode\u003eJSON.load\u003c/code\u003e and \u003ccode\u003eJSON.unsafe_load\u003c/code\u003e to allow passing options as second argument.\u003c/li\u003e\n\u003cli\u003eFix the parser to no longer ignore invalid escapes in strings.\nOnly \u003ccode\u003e\\\u0026quot;\u003c/code\u003e, \u003ccode\u003e\\\\\u003c/code\u003e, \u003ccode\u003e\\b\u003c/code\u003e, \u003ccode\u003e\\f\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\t\u003c/code\u003e and \u003ccode\u003e\\u\u003c/code\u003e are valid JSON escapes.\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eJSON::Coder\u003c/code\u003e to use the depth it was initialized with.\u003c/li\u003e\n\u003cli\u003eOn TruffleRuby, fix the generator to not call \u003ccode\u003eto_json\u003c/code\u003e on the return value of \u003ccode\u003eas_json\u003c/code\u003e for \u003ccode\u003eFloat::NAN\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFixed handling of \u003ccode\u003estate.depth\u003c/code\u003e: when \u003ccode\u003eto_json\u003c/code\u003e changes \u003ccode\u003estate.depth\u003c/code\u003e but does not restore it, it is reset\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/6688a814bf8b3d718701ac4cf328f7c42be4792b\"\u003e\u003ccode\u003e6688a81\u003c/code\u003e\u003c/a\u003e Release 2.19.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f1e6163ee1affbc9a80903158b92712228601316\"\u003e\u003ccode\u003ef1e6163\u003c/code\u003e\u003c/a\u003e Fix references to NAN and INFINITY in documentation comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/18d54757d38fce2eea6cb821458b1df4405a256e\"\u003e\u003ccode\u003e18d5475\u003c/code\u003e\u003c/a\u003e Reduce warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/1072482184de233f55c45f875b38766b67b84f3b\"\u003e\u003ccode\u003e1072482\u003c/code\u003e\u003c/a\u003e Fix parsing of \u003cem\u003enegative\u003c/em\u003e out of bound floats.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.6.3...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.6.3\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/babywyrm/beef/pull/501","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/babywyrm%2Fbeef/issues/501","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/501/packages"}},{"old_version":"2.18.0","new_version":"2.19.2","update_type":"minor","path":"/docs","pr_created_at":"2026-05-08T23:07:31.000Z","version_change":"2.18.0 → 2.19.2","issue":{"uuid":"4409957732","node_id":"PR_kwDOQja4687Zt2-3","number":38,"state":"closed","title":"chore(deps): bump json from 2.18.0 to 2.19.2 in /docs","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-10T17:20:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T23:07:31.000Z","updated_at":"2026-05-10T17:20:54.000Z","time_to_close":152001,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"json","old_version":"2.18.0","new_version":"2.19.2","repository_url":"https://github.com/ruby/json"}],"path":"/docs","ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.18.0 to 2.19.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/ruby/json/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.0\"\u003ehttps://github.com/ruby/json/compare/v2.18.1...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.0...v2.18.1\"\u003ehttps://github.com/ruby/json/compare/v2.18.0...v2.18.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-02-03 (2.18.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in very specific circumstance if GC triggers during a call to \u003ccode\u003eto_json\u003c/code\u003e\nwithout first invoking a user defined \u003ccode\u003e#to_json\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/54f8a878aebee090476a53c851c943128894be62\"\u003e\u003ccode\u003e54f8a87\u003c/code\u003e\u003c/a\u003e Release 2.19.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/393b41c3e5f87491e1e34fa59fa78ff6fa179a74\"\u003e\u003ccode\u003e393b41c\u003c/code\u003e\u003c/a\u003e Fix a format string injection vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dbf6bb12aac85db939df1180028aea06c8d3b762\"\u003e\u003ccode\u003edbf6bb1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/953\"\u003e#953\u003c/a\u003e from ruby/dependabot/github_actions/actions/create-gi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7187315b4571ade59d68a1fad84be2794cda744d\"\u003e\u003ccode\u003e7187315\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a42a04280d96d8dd94558078c16f1c078c38e1b\"\u003e\u003ccode\u003e4a42a04\u003c/code\u003e\u003c/a\u003e Release 2.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/13689c269970f18316952541f8544830ec2dc5c4\"\u003e\u003ccode\u003e13689c2\u003c/code\u003e\u003c/a\u003e Add missing GC_GUARD in \u003ccode\u003efbuffer_append_str\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/a11acc1ff496627e5d72c71d6d1229e8c8ffeaa1\"\u003e\u003ccode\u003ea11acc1\u003c/code\u003e\u003c/a\u003e Release 2.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/0a4fb79cd97f535701cc2240ac736d76b9af5025\"\u003e\u003ccode\u003e0a4fb79\u003c/code\u003e\u003c/a\u003e fbuffer.h: Use size_t over unsigned long\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/a29fcdcb4a78164daa14f6af05812690dd3ac939\"\u003e\u003ccode\u003ea29fcdc\u003c/code\u003e\u003c/a\u003e Add depth validation to Jruby and TruffleRuby implementations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/de993aa76639078da891f46351a36f77d51ad3d3\"\u003e\u003ccode\u003ede993aa\u003c/code\u003e\u003c/a\u003e Reject negative depth; add overflow guards to prevent hang/crash\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.18.0...v2.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.18.0\u0026new-version=2.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/lex-fmt/comms/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/lex-fmt/comms/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/lex-fmt%2Fcomms/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"}},{"old_version":"2.18.1","new_version":"2.19.2","update_type":"minor","path":null,"pr_created_at":"2026-05-08T22:43:27.000Z","version_change":"2.18.1 → 2.19.2","issue":{"uuid":"4409856922","node_id":"PR_kwDOArWMsM7ZthQa","number":46,"state":"open","title":"Bump json from 2.18.1 to 2.19.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-08T22:43:27.000Z","updated_at":"2026-05-08T22:43:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"json","old_version":"2.18.1","new_version":"2.19.2","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.18.1 to 2.19.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/ruby/json/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.0\"\u003ehttps://github.com/ruby/json/compare/v2.18.1...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-08 (2.19.1)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a compiler dependent GC bug introduced in \u003ccode\u003e2.18.0\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-06 (2.19.0)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eallow_blank\u003c/code\u003e parsing option to no longer allow invalid types (e.g. \u003ccode\u003eload([], allow_blank: true)\u003c/code\u003e now raise a type error).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eallow_invalid_escape\u003c/code\u003e parsing option to ignore backslashes that aren't followed by one of the valid escape characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/54f8a878aebee090476a53c851c943128894be62\"\u003e\u003ccode\u003e54f8a87\u003c/code\u003e\u003c/a\u003e Release 2.19.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/393b41c3e5f87491e1e34fa59fa78ff6fa179a74\"\u003e\u003ccode\u003e393b41c\u003c/code\u003e\u003c/a\u003e Fix a format string injection vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dbf6bb12aac85db939df1180028aea06c8d3b762\"\u003e\u003ccode\u003edbf6bb1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/953\"\u003e#953\u003c/a\u003e from ruby/dependabot/github_actions/actions/create-gi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7187315b4571ade59d68a1fad84be2794cda744d\"\u003e\u003ccode\u003e7187315\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a42a04280d96d8dd94558078c16f1c078c38e1b\"\u003e\u003ccode\u003e4a42a04\u003c/code\u003e\u003c/a\u003e Release 2.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/13689c269970f18316952541f8544830ec2dc5c4\"\u003e\u003ccode\u003e13689c2\u003c/code\u003e\u003c/a\u003e Add missing GC_GUARD in \u003ccode\u003efbuffer_append_str\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/a11acc1ff496627e5d72c71d6d1229e8c8ffeaa1\"\u003e\u003ccode\u003ea11acc1\u003c/code\u003e\u003c/a\u003e Release 2.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/0a4fb79cd97f535701cc2240ac736d76b9af5025\"\u003e\u003ccode\u003e0a4fb79\u003c/code\u003e\u003c/a\u003e fbuffer.h: Use size_t over unsigned long\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/a29fcdcb4a78164daa14f6af05812690dd3ac939\"\u003e\u003ccode\u003ea29fcdc\u003c/code\u003e\u003c/a\u003e Add depth validation to Jruby and TruffleRuby implementations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/de993aa76639078da891f46351a36f77d51ad3d3\"\u003e\u003ccode\u003ede993aa\u003c/code\u003e\u003c/a\u003e Reject negative depth; add overflow guards to prevent hang/crash\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.18.1...v2.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.18.1\u0026new-version=2.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yudhir/yudhir.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yudhir/yudhir.github.io/pull/46","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yudhir%2Fyudhir.github.io/issues/46","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/46/packages"}},{"old_version":"2.19.4","new_version":"2.19.5","update_type":"patch","path":null,"pr_created_at":"2026-05-06T17:04:35.000Z","version_change":"2.19.4 → 2.19.5","issue":{"uuid":"4393109472","node_id":"PR_kwDOABNy5s7Y2wwr","number":313,"state":"closed","title":"Bump the dependencies group with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-12T00:26:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T17:04:35.000Z","updated_at":"2026-05-12T00:26:40.000Z","time_to_close":458524,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":2,"packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"},{"name":"minitest","old_version":"6.0.5","new_version":"6.0.6","repository_url":"https://github.com/minitest/minitest"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the dependencies group with 2 updates: [json](https://github.com/ruby/json) and [minitest](https://github.com/minitest/minitest).\n\nUpdates `json` from 2.19.4 to 2.19.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minitest` from 6.0.5 to 6.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minitest/minitest/blob/master/History.rdoc\"\u003eminitest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e=== 6.0.6 / 2026-04-30\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e2 bug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix using assert_equal/same/nil w/ BasicObject by comparing w/ \u003ccode\u003enil == exp\u003c/code\u003e. (mtasaka)\u003c/li\u003e\n\u003cli\u003eRemoved private Assertions#_where as it is no longer used.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/f6180b07ea6e8504a71d220246da0875f392c51c\"\u003e\u003ccode\u003ef6180b0\u003c/code\u003e\u003c/a\u003e prepped for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/23bc7f25a8853b9b3c75b9b73c65d231e42cb452\"\u003e\u003ccode\u003e23bc7f2\u003c/code\u003e\u003c/a\u003e - Removed private Assertions#_where as it is no longer used.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/c471347e5daf7f3e362c530170ae3302edad9117\"\u003e\u003ccode\u003ec471347\u003c/code\u003e\u003c/a\u003e - Fix using assert_equal/same/nil w/ BasicObject by comparing w/ \u003ccode\u003enil == exp\u003c/code\u003e...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/minitest/minitest/compare/v6.0.5...v6.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/moneybird/postgresql_validations/pull/313","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/moneybird%2Fpostgresql_validations/issues/313","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/313/packages"}},{"old_version":"2.19.4","new_version":"2.19.5","update_type":"patch","path":null,"pr_created_at":"2026-05-06T17:03:50.000Z","version_change":"2.19.4 → 2.19.5","issue":{"uuid":"4393105538","node_id":"PR_kwDOBBJCIM7Y2v8N","number":343,"state":"closed","title":"Bump the dependencies group with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-12T00:25:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T17:03:50.000Z","updated_at":"2026-05-12T00:25:58.000Z","time_to_close":458527,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":2,"packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"},{"name":"minitest","old_version":"6.0.5","new_version":"6.0.6","repository_url":"https://github.com/minitest/minitest"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the dependencies group with 2 updates: [json](https://github.com/ruby/json) and [minitest](https://github.com/minitest/minitest).\n\nUpdates `json` from 2.19.4 to 2.19.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minitest` from 6.0.5 to 6.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minitest/minitest/blob/master/History.rdoc\"\u003eminitest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e=== 6.0.6 / 2026-04-30\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e2 bug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix using assert_equal/same/nil w/ BasicObject by comparing w/ \u003ccode\u003enil == exp\u003c/code\u003e. (mtasaka)\u003c/li\u003e\n\u003cli\u003eRemoved private Assertions#_where as it is no longer used.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/f6180b07ea6e8504a71d220246da0875f392c51c\"\u003e\u003ccode\u003ef6180b0\u003c/code\u003e\u003c/a\u003e prepped for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/23bc7f25a8853b9b3c75b9b73c65d231e42cb452\"\u003e\u003ccode\u003e23bc7f2\u003c/code\u003e\u003c/a\u003e - Removed private Assertions#_where as it is no longer used.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minitest/minitest/commit/c471347e5daf7f3e362c530170ae3302edad9117\"\u003e\u003ccode\u003ec471347\u003c/code\u003e\u003c/a\u003e - Fix using assert_equal/same/nil w/ BasicObject by comparing w/ \u003ccode\u003enil == exp\u003c/code\u003e...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/minitest/minitest/compare/v6.0.5...v6.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/moneybird/mail_auto_link_obfuscation/pull/343","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/moneybird%2Fmail_auto_link_obfuscation/issues/343","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/343/packages"}},{"old_version":"2.19.4","new_version":"2.19.5","update_type":"patch","path":null,"pr_created_at":"2026-05-05T04:22:58.000Z","version_change":"2.19.4 → 2.19.5","issue":{"uuid":"4381498781","node_id":"PR_kwDODHAhHM7YQsmR","number":634,"state":"open","title":"chore(deps-dev): bump json from 2.19.4 to 2.19.5","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-05T04:22:58.000Z","updated_at":"2026-05-05T04:24:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev)","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.4 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.4\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/irasutoya-tools/irasutoya-cli/pull/634","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/irasutoya-tools%2Firasutoya-cli/issues/634","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/634/packages"}},{"old_version":"2.19.4","new_version":"2.19.5","update_type":"patch","path":"/builder","pr_created_at":"2026-05-05T02:19:18.000Z","version_change":"2.19.4 → 2.19.5","issue":{"uuid":"4381030913","node_id":"PR_kwDOMR8Xjs7YPMHT","number":787,"state":"closed","title":"chore(deps): bump json from 2.19.4 to 2.19.5 in /builder","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-05T02:19:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-05T02:19:18.000Z","updated_at":"2026-05-05T02:19:37.000Z","time_to_close":11,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":"/builder","ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.4 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.4\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/stlucasgarcia/docker-rails-base/pull/787","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stlucasgarcia%2Fdocker-rails-base/issues/787","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/787/packages"}},{"old_version":"2.19.4","new_version":"2.19.5","update_type":"patch","path":"the all group","pr_created_at":"2026-05-04T21:44:24.000Z","version_change":"2.19.4 → 2.19.5","issue":{"uuid":"4379878897","node_id":"PR_kwDOBDBuVs7YLbo9","number":280,"state":"closed","title":"Bump json from 2.19.4 to 2.19.5 in the all group","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-04T23:15:32.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-04T21:44:24.000Z","updated_at":"2026-05-04T23:15:39.000Z","time_to_close":5468,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":"the all group","ecosystem":"rubygems"},"body":"Bumps the all group with 1 update: [json](https://github.com/ruby/json).\n\nUpdates `json` from 2.19.4 to 2.19.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json\u0026package-manager=bundler\u0026previous-version=2.19.4\u0026new-version=2.19.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/secure-systems-lab/secure-systems-lab.github.io/pull/280","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-systems-lab%2Fsecure-systems-lab.github.io/issues/280","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/280/packages"}},{"old_version":"2.19.4","new_version":"2.19.5","update_type":"patch","path":null,"pr_created_at":"2026-05-04T16:27:13.000Z","version_change":"2.19.4 → 2.19.5","issue":{"uuid":"4378051492","node_id":"PR_kwDOACs92c7YFYk3","number":3560,"state":"open","title":"Build(deps): bump json from 2.19.4 to 2.19.5","user":"dependabot[bot]","labels":["dependencies","ruby","safe_to_test"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-04T16:27:13.000Z","updated_at":"2026-05-18T05:48:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps)","packages":[{"name":"json","old_version":"2.19.4","new_version":"2.19.5","repository_url":"https://github.com/ruby/json"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [json](https://github.com/ruby/json) from 2.19.4 to 2.19.5.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4a1a4a4861255014b125f3c0c52b968ee7f5bcfe\"\u003e\u003ccode\u003e4a1a4a4\u003c/code\u003e\u003c/a\u003e Release 2.19.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f6ca597cb1dca96d68206c60bd1a1fd1c954fecd\"\u003e\u003ccode\u003ef6ca597\u003c/code\u003e\u003c/a\u003e Avoid spamming too many deprecations while parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/fa0671ccee70fd6653057df75a97b1ea3334ea87\"\u003e\u003ccode\u003efa0671c\u003c/code\u003e\u003c/a\u003e Test TruffleRuby release in CI for improved stability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cfbe356b4f9ecef22d5c934628e3ec9b227796f6\"\u003e\u003ccode\u003ecfbe356\u003c/code\u003e\u003c/a\u003e Force ensure_valid_encoding to be inlined.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/4ef7a456545bffd1bafa6b9014b4ce9fbffc8c0e\"\u003e\u003ccode\u003e4ef7a45\u003c/code\u003e\u003c/a\u003e Use RB_ENC_CODERANGE to first check the cached coderange before calling rb_en...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7dd6b63d50167788ee96cf3f05b7aa30d07ec8be\"\u003e\u003ccode\u003e7dd6b63\u003c/code\u003e\u003c/a\u003e Fix typo in changelog\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/beefproject/beef/pull/3560","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/beefproject%2Fbeef/issues/3560","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3560/packages"}}]}