{"id":783,"name":"jwt","ecosystem":"rubygems","repository_url":"https://github.com/jwt/ruby-jwt","issues_count":1491,"created_at":"2025-06-06T15:01:37.493Z","updated_at":"2025-06-06T15:01:37.493Z","purl":"pkg:gem/jwt","metadata":{"id":238207,"name":"jwt","ecosystem":"rubygems","description":"A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard.","homepage":"https://github.com/jwt/ruby-jwt","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/jwt/ruby-jwt","keywords_array":[],"namespace":null,"versions_count":49,"first_release_published_at":"2011-02-23T22:28:13.161Z","latest_release_published_at":"2024-12-26T20:50:21.381Z","latest_release_number":"2.10.1","last_synced_at":"2025-06-06T01:06:26.364Z","created_at":"2022-04-06T02:24:04.829Z","updated_at":"2025-06-06T01:09:50.046Z","registry_url":"https://rubygems.org/gems/jwt","install_command":"gem install jwt -s https://rubygems.org","documentation_url":"http://www.rubydoc.info/gems/jwt/","metadata":{"funding":null},"repo_metadata":{"id":37626954,"uuid":"1404127","full_name":"jwt/ruby-jwt","owner":"jwt","description":"A ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard.","archived":false,"fork":false,"pushed_at":"2025-04-20T20:22:38.000Z","size":1599,"stargazers_count":3636,"open_issues_count":18,"forks_count":375,"subscribers_count":51,"default_branch":"main","last_synced_at":"2025-05-31T06:48:00.632Z","etag":null,"topics":["jwt","jwt-token","oauth-json-web","ruby","ruby-jwt"],"latest_commit_sha":null,"homepage":"http://ruby-jwt.org","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jwt.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2011-02-23T21:45:17.000Z","updated_at":"2025-05-30T08:30:30.000Z","dependencies_parsed_at":"2023-12-23T15:41:37.111Z","dependency_job_id":"b2e58faf-7790-4119-bcac-7ddfbfb41cc3","html_url":"https://github.com/jwt/ruby-jwt","commit_stats":{"total_commits":762,"total_committers":144,"mean_commits":5.291666666666667,"dds":0.7388451443569554,"last_synced_commit":"d810ccbed10095ea3dac3574af8e377c0127b90a"},"previous_names":[],"tags_count":48,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jwt","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":258301241,"owners_count":22680172,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"jwt","name":"JSON Web Token (JWT) - RFC 7519","uuid":"10998651","kind":"organization","description":"Open Source JWT libraries.","email":null,"website":null,"location":"Earth","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/10998651?v=4","repositories_count":3,"last_synced_at":"2024-03-25T19:31:41.783Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/jwt","funding_links":[],"total_stars":3613,"followers":15,"following":0,"created_at":"2022-11-02T16:17:16.094Z","updated_at":"2024-03-25T19:31:42.361Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jwt","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jwt/repositories"},"tags":[{"name":"v3.0.0.beta1","sha":"bf5cc3e4737203d96ddf4322e3151eb27d8ee3df","kind":"tag","published_at":"2025-01-25T10:16:16.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v3.0.0.beta1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v3.0.0.beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v3.0.0.beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v3.0.0.beta1/manifests"},{"name":"v2.10.1","sha":"6e59d2620fd098e307fd671a3283be29fb95cdc3","kind":"tag","published_at":"2024-12-26T20:49:33.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.10.1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.10.1/manifests"},{"name":"v2.10.0","sha":"d09d63b2b195822736df2ba2c19de896f7791e55","kind":"tag","published_at":"2024-12-25T21:43:31.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.10.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.10.0/manifests"},{"name":"v2.9.3","sha":"ae54ded293f09a5081fb8468863d87171e045bd2","kind":"tag","published_at":"2024-10-03T05:45:00.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.9.3","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.9.3/manifests"},{"name":"v2.9.2","sha":"c0f45c5de293699783fa9ae25c731d6c37cd3848","kind":"tag","published_at":"2024-10-03T04:34:59.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.9.2","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.9.2/manifests"},{"name":"v2.9.1","sha":"b8086369bcca685b0ef37e436db96db70a98a75c","kind":"tag","published_at":"2024-09-23T16:46:53.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.9.1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.9.1/manifests"},{"name":"v2.9.0","sha":"b26aee7501a91f075c9174eee8ce4180f4c04e88","kind":"tag","published_at":"2024-09-15T15:49:27.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.9.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.9.0/manifests"},{"name":"v2.8.2","sha":"e674ca3667b6018e1ff3be450a3c6a94e2b48b94","kind":"tag","published_at":"2024-06-18T14:32:34.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.8.2","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.8.2/manifests"},{"name":"v2.8.1","sha":"ea1e4413dddf4309e8f8e8e1fc6f415f905dd202","kind":"tag","published_at":"2024-02-29T06:32:07.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.8.1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.8.1/manifests"},{"name":"v2.8.0","sha":"956fa1b35dd2049c8ccd6a25509fda441fcf577b","kind":"tag","published_at":"2024-02-17T14:08:23.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.8.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.8.0/manifests"},{"name":"v2.7.1","sha":"781fbd19b92b84a1f55c7ec7c0e069f870a5fb36","kind":"tag","published_at":"2023-06-09T19:27:15.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.7.1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.7.1/manifests"},{"name":"v2.7.0","sha":"53d857ea359eb7099aa448e6a5de5879a5010503","kind":"tag","published_at":"2023-02-01T19:59:40.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.7.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.7.0/manifests"},{"name":"v2.6.0","sha":"604fe617fe238f48041264da979ed64d14801e85","kind":"tag","published_at":"2022-12-22T20:02:25.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.6.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.6.0/manifests"},{"name":"v2.5.0","sha":"b1b52504a7d7819240f2bc9a50da1a79ed03df2b","kind":"tag","published_at":"2022-08-25T19:56:51.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.5.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.5.0/manifests"},{"name":"v2.4.1","sha":"d783720987385c2841609e85b2c190158bc8e691","kind":"tag","published_at":"2022-06-07T19:53:25.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.4.1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.4.1/manifests"},{"name":"v2.4.0","sha":"3aac1a974c960cf6831c8de8bbe6e350da003728","kind":"tag","published_at":"2022-06-06T20:53:44.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.4.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.4.0/manifests"},{"name":"v2.4.0.beta1","sha":"e356bb60400f336d5e0abcef751f6a23fd78b444","kind":"tag","published_at":"2022-05-03T20:59:03.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.4.0.beta1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.4.0.beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.4.0.beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.4.0.beta1/manifests"},{"name":"v2.3.0","sha":"1fd5b7a8233ea56af03bafaa80ca02a3fc67ac61","kind":"tag","published_at":"2021-10-03T22:10:26.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.3.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.3.0/manifests"},{"name":"v2.2.3","sha":"26ec020dea9e70acaaa1035c7b2ed1e860737b35","kind":"tag","published_at":"2021-04-19T23:25:06.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.2.3","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.2.3/manifests"},{"name":"v2.2.2","sha":"d79d045a0054db78c489343670b3c77bd7e2005c","kind":"commit","published_at":"2020-08-18T07:12:19.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.2.2","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.2.2/manifests"},{"name":"v2.2.1","sha":"8279f62573922a9c301f4209176e6ef7138d054e","kind":"tag","published_at":"2019-05-24T08:58:12.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.2.1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.2.1/manifests"},{"name":"v2.2.0","sha":"61b29062318e7a69955b96f3b8d3cc93d87ca816","kind":"tag","published_at":"2019-05-23T18:34:33.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.2.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.2.0/manifests"},{"name":"v2.2.0.pre.beta.0","sha":"7a6a3f1dbaff806993156d1dff9c217bb2523ff8","kind":"commit","published_at":"2019-03-20T18:06:22.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.2.0.pre.beta.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.2.0.pre.beta.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.2.0.pre.beta.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.2.0.pre.beta.0/manifests"},{"name":"v2.1.0","sha":"25e8f157e1c6d96918b9ce122fc34a2ff93b04ae","kind":"commit","published_at":"2017-10-06T11:07:17.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.1.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.1.0/manifests"},{"name":"v2.0.0","sha":"180d0507bdb414a95177f20180eefd1218bd6918","kind":"tag","published_at":"2017-09-03T00:11:27.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.0.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.0.0/manifests"},{"name":"v2.0.0.beta1","sha":"a633b8b7fb000ac400ddb5cff18bddbfa203d637","kind":"tag","published_at":"2017-02-27T20:54:21.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v2.0.0.beta1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v2.0.0.beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.0.0.beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v2.0.0.beta1/manifests"},{"name":"v1.5.6","sha":"8e8a9c9f9fd455537c03b6dcde1e20ebbc1fe585","kind":"tag","published_at":"2016-09-19T07:52:50.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v1.5.6","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v1.5.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v1.5.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v1.5.6/manifests"},{"name":"v1.5.5","sha":"579823b12d57b30f7e2ecfe7850aedd2c7600a77","kind":"commit","published_at":"2016-09-16T19:46:29.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v1.5.5","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v1.5.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v1.5.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v1.5.5/manifests"},{"name":"v1.5.4","sha":"1c7c0ad21b5a1df337af37349e03ea88baa22388","kind":"tag","published_at":"2016-03-24T15:28:52.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v1.5.4","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v1.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v1.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v1.5.4/manifests"},{"name":"v1.5.3","sha":"4a0b9391ed9a722da52e4f8502cea60365e86d84","kind":"tag","published_at":"2016-02-24T08:25:10.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/v1.5.3","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/v1.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/v1.5.3/manifests"},{"name":"jwt-1.5.2","sha":"7cddfcf032a5e0fe279850509d9507d78463d5c2","kind":"commit","published_at":"2015-10-27T17:20:55.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-1.5.2","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.5.2/manifests"},{"name":"jwt-1.5.1","sha":"868999f86684c149dbd2eb45ed26d451de222a82","kind":"commit","published_at":"2015-06-22T20:42:28.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-1.5.1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.5.1/manifests"},{"name":"jwt-1.5.0","sha":"8cb9c03e852fa18d7364509ebf6ba7619226c935","kind":"commit","published_at":"2015-05-09T06:59:33.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-1.5.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.5.0/manifests"},{"name":"jwt-1.4.1","sha":"02703c7f5dbdb3e4f9ec019bed35b52cf898413f","kind":"commit","published_at":"2015-03-12T09:55:13.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-1.4.1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.4.1/manifests"},{"name":"jwt-1.4.0","sha":"f26693f8d6fd6263a139d68b03f870d0ecd7e8f8","kind":"commit","published_at":"2015-03-10T12:09:48.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-1.4.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.4.0/manifests"},{"name":"jwt-1.3.0","sha":"2706da89f1837c54ac908e3d65bc6aecb49f797e","kind":"commit","published_at":"2015-02-24T20:49:32.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-1.3.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.3.0/manifests"},{"name":"jwt-1.2.1","sha":"85c7c8813e064ecf3d07ac799cc478eb413c4e48","kind":"commit","published_at":"2015-01-22T09:44:41.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-1.2.1","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.2.1/manifests"},{"name":"jwt-1.2.0","sha":"d46fa821fa5509dacdfdc433d457b21b2268a22f","kind":"commit","published_at":"2014-11-24T16:54:55.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-1.2.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.2.0/manifests"},{"name":"jwt-0.1.13","sha":"4cbac497f045f218904b23055b37f1403da26b57","kind":"commit","published_at":"2014-05-08T18:30:38.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-0.1.13","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-0.1.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.13/manifests"},{"name":"jwt-1.0.0","sha":"833dab21c4b7f631db13340380ed733f921cc5ec","kind":"commit","published_at":"2014-05-07T14:05:24.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-1.0.0","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-1.0.0/manifests"},{"name":"jwt-0.1.11","sha":"cd081491b736c52a7fa09429d751727e24add50e","kind":"commit","published_at":"2014-01-17T21:19:44.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-0.1.11","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-0.1.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.11/manifests"},{"name":"jwt-0.1.10","sha":"769c96919e7c36be42a194cf71490ab64c1b5277","kind":"commit","published_at":"2014-01-10T18:43:34.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-0.1.10","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-0.1.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.10/manifests"},{"name":"jwt-0.1.8","sha":"577d7481d9accb8eddd64ae6f99b34ca9d12f89c","kind":"commit","published_at":"2013-03-14T10:45:07.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-0.1.8","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-0.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.8/manifests"},{"name":"jwt-0.1.7","sha":"76fb4f259ccb2050a9f6eeecb3eb2c2fd61ce52a","kind":"commit","published_at":"2013-03-07T02:49:40.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-0.1.7","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-0.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.7/manifests"},{"name":"jwt-0.1.6","sha":"86892bea68eedb4eb4276d647c96c0ba98dc867c","kind":"commit","published_at":"2013-03-05T22:55:15.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-0.1.6","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-0.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.6/manifests"},{"name":"jwt-0.1.5","sha":"c6dce86b286fe62684d77697b115589ee9175721","kind":"commit","published_at":"2012-07-20T07:49:56.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-0.1.5","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-0.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.5/manifests"},{"name":"jwt-0.1.4","sha":"92fdbf879d8621cfb2733b0897be0740eb85a136","kind":"commit","published_at":"2011-11-11T19:39:09.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-0.1.4","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-0.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.4/manifests"},{"name":"jwt-0.1.3","sha":"ce5d39b4f81a2a2f39594c2ce7ba7a961bfc6bc4","kind":"commit","published_at":"2011-06-30T00:09:08.000Z","download_url":"https://codeload.github.com/jwt/ruby-jwt/tar.gz/jwt-0.1.3","html_url":"https://github.com/jwt/ruby-jwt/releases/tag/jwt-0.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwt%2Fruby-jwt/tags/jwt-0.1.3/manifests"}]},"repo_metadata_updated_at":"2025-06-06T01:09:50.045Z","dependent_packages_count":695,"downloads":624776829,"downloads_period":"total","dependent_repos_count":104336,"rankings":{"downloads":0.026761521392491164,"dependent_repos_count":0.11596659270079505,"dependent_packages_count":0.0657887400898741,"stargazers_count":0.38023661645164525,"forks_count":1.4306263311069234,"docker_downloads_count":0.11094880743970294,"average":0.35505476819690535},"purl":"pkg:gem/jwt","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/rubygems/jwt","docker_dependents_count":1475,"docker_downloads_count":1064730450,"usage_url":"https://repos.ecosyste.ms/usage/rubygems/jwt","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/rubygems/jwt/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/jwt/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/jwt/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/jwt/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/jwt/related_packages","maintainers":[{"uuid":"99421","login":"antmanj","name":null,"email":null,"url":null,"packages_count":15,"html_url":"https://rubygems.org/profiles/antmanj","role":null,"created_at":"2022-11-09T09:37:33.339Z","updated_at":"2022-11-09T09:37:33.339Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/antmanj/packages"},{"uuid":"58078","login":"excpt","name":null,"email":null,"url":null,"packages_count":2,"html_url":"https://rubygems.org/profiles/excpt","role":null,"created_at":"2022-11-09T09:37:33.345Z","updated_at":"2022-11-09T09:37:33.345Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/excpt/packages"}],"registry":{"name":"rubygems.org","url":"https://rubygems.org","ecosystem":"rubygems","default":true,"packages_count":198115,"maintainers_count":66429,"namespaces_count":0,"keywords_count":17799,"github":"rubygems","metadata":{"funded_packages_count":7045},"icon_url":"https://github.com/rubygems.png","created_at":"2022-04-04T15:19:23.446Z","updated_at":"2025-06-06T05:59:27.395Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/namespaces"}},"unique_repositories_count":616,"unique_repositories_count_past_30_days":14,"recent_issues":[{"uuid":"4617939687","node_id":"PR_kwDOQU7yX87kKkkc","number":217,"state":"closed","title":"Bump the bundler group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-13T10:47:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-09T01:24:58.000Z","updated_at":"2026-06-13T10:47:57.000Z","time_to_close":379369,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":18,"packages":[{"name":"puma","old_version":"7.2.0","new_version":"7.2.1","repository_url":"https://github.com/puma/puma"},{"name":"devise","old_version":"4.9.4","new_version":"5.0.4","repository_url":"https://github.com/heartcombo/devise"},{"name":"faraday","old_version":"2.14.1","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"},{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"},{"name":"actionview","old_version":"7.2.3","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.8","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"mcp","old_version":"0.8.0","new_version":"0.9.2","repository_url":"https://github.com/modelcontextprotocol/ruby-sdk"},{"name":"net-imap","old_version":"0.5.12","new_version":"0.5.14","repository_url":"https://github.com/ruby/net-imap"},{"name":"yard","old_version":"0.9.38","new_version":"0.9.42"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [puma](https://github.com/puma/puma) | `7.2.0` | `7.2.1` |\n| [devise](https://github.com/heartcombo/devise) | `4.9.4` | `5.0.4` |\n| [faraday](https://github.com/lostisland/faraday) | `2.14.1` | `2.14.2` |\n| [jwt](https://github.com/jwt/ruby-jwt) | `3.1.2` | `3.2.0` |\n| [actionview](https://github.com/rails/rails) | `7.2.3` | `7.2.3.1` |\n| [addressable](https://github.com/sporkmonger/addressable) | `2.8.8` | `2.9.0` |\n| [mcp](https://github.com/modelcontextprotocol/ruby-sdk) | `0.8.0` | `0.9.2` |\n| [net-imap](https://github.com/ruby/net-imap) | `0.5.12` | `0.5.14` |\n| [yard](https://yardoc.org) | `0.9.38` | `0.9.42` |\n\n\nUpdates `puma` from 7.2.0 to 7.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBugfixes\n\u003cul\u003e\n\u003cli\u003eLimit and anchor PROXY protocol v1 parsing to prevent abuse via crafted inputs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eParse PROXY protocol only once per connection to prevent injection on keep-alive requests (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/security/advisories/GHSA-qpgp-93vx-g8v8\"\u003eCVE-2026-47736 / GHSA-qpgp-93vx-g8v8\u003c/a\u003e: Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/security/advisories/GHSA-2vqw-3mp8-cgmx\"\u003eCVE-2026-47737 / GHSA-2vqw-3mp8-cgmx\u003c/a\u003e: Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.1 / 2026-05-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBugfixes\n\u003cul\u003e\n\u003cli\u003eLimit and anchor PROXY protocol v1 parsing to prevent abuse via crafted inputs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eParse PROXY protocol only once per connection to prevent injection on keep-alive requests (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/92754ace040db67622f0e6406dea0b47c94d0139\"\u003e\u003ccode\u003e92754ac\u003c/code\u003e\u003c/a\u003e Release v7.2.1 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3948\"\u003e#3948\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/ebe9db3929ab8299d19c8f5b41e8ef4f4b22fa58\"\u003e\u003ccode\u003eebe9db3\u003c/code\u003e\u003c/a\u003e 7.2.1 backport (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/puma/puma/compare/v7.2.0...v7.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devise` from 4.9.4 to 5.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/releases\"\u003edevise's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.4/CHANGELOG.md#504---2026-05-08\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.4/CHANGELOG.md#504---2026-05-08\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.2\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0.rc\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/blob/main/CHANGELOG.md\"\u003edevise's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e5.0.4 - 2026-05-08\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix open redirect in \u003ccode\u003eFailureApp\u003c/code\u003e via unvalidated \u003ccode\u003eReferer\u003c/code\u003e header on non-GET session timeout. CVE-2026-40295 \u003ca href=\"https://github.com/heartcombo/devise/security/advisories/GHSA-jp94-3292-c3xv\"\u003eGHSA-jp94-3292-c3xv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3 - 2026-03-16\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix race condition vulnerability on confirmable \u0026quot;change email\u0026quot; which would allow confirming an email they don't own CVE-2026-32700 \u003ca href=\"https://github.com/heartcombo/devise/security/advisories/GHSA-57hq-95w6-v4fc\"\u003eGHSA-57hq-95w6-v4fc\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5783\"\u003e#5783\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5784\"\u003e#5784\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2 - 2026-02-18\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eenhancements\n\u003cul\u003e\n\u003cli\u003eAllow resource class scopes to override the global configuration for \u003ccode\u003esign_in_after_change_password\u003c/code\u003e behaviour. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5825\"\u003e#5825\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eNote\u003c/em\u003e: some users ran into an issue with this change because \u003ccode\u003eRegistrationsController\u003c/code\u003e now relies on a setting from the \u003ccode\u003e:registerable\u003c/code\u003e module. These users were configuring their own routes pointing to the \u003ccode\u003eRegistrationsController\u003c/code\u003e for resource edit/update actions mostly, without relying on the other registration actions (e.g. user sign up.), so they omitted \u003ccode\u003e:registerable\u003c/code\u003e from the model declaration. While using just a portion of the controller functionality is a valid use for \u003ccode\u003e:registerable\u003c/code\u003e (or any module really), the module must still be declared in the model, much like the other modules must be declared if you plan on using just a portion of their behavior. Please check \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5828#issuecomment-3926822788\"\u003ethis issue\u003c/a\u003e for more info.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esign_in_after_reset_password?\u003c/code\u003e check hook to passwords controller, to allow it to be customized by users. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5826\"\u003e#5826\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1 - 2026-02-13\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebug fixes\n\u003cul\u003e\n\u003cli\u003eFix translation issue with German \u003ccode\u003eE-Mail\u003c/code\u003e on invalid authentication messages caused by previous fix for incorrect grammar \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5822\"\u003e#5822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0 - 2026-01-23\u003c/h3\u003e\n\u003cp\u003eno changes\u003c/p\u003e\n\u003ch3\u003e5.0.0.rc - 2025-12-31\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Ruby \u0026lt; 2.7\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Rails \u0026lt; 7.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003e:bypass\u003c/code\u003e option from \u003ccode\u003esign_in\u003c/code\u003e helper, use \u003ccode\u003ebypass_sign_in\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003edevise_error_messages!\u003c/code\u003e helper, use \u003ccode\u003erender \u0026quot;devise/shared/error_messages\u0026quot;, resource: resource\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003escope\u003c/code\u003e second argument from \u003ccode\u003esign_in(resource, :admin)\u003c/code\u003e controller test helper, use \u003ccode\u003esign_in(resource, scope: :admin)\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::TestHelpers\u003c/code\u003e, use \u003ccode\u003eDevise::Test::ControllerHelpers\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5598\"\u003e#5598\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise.activerecord51?\u003c/code\u003e method.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove \u003ccode\u003eSecretKeyFinder\u003c/code\u003e and use \u003ccode\u003eapp.secret_key_base\u003c/code\u003e as the default secret key for \u003ccode\u003eDevise.secret_key\u003c/code\u003e if a custom \u003ccode\u003eDevise.secret_key\u003c/code\u003e is not provided.\u003c/p\u003e\n\u003cp\u003eThis is potentially a breaking change because Devise previously used the following order to find a secret key:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eapp.credentials.secret_key_base \u0026gt; app.secrets.secret_key_base \u0026gt; application.config.secret_key_base \u0026gt; application.secret_key_base\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow, it always uses \u003ccode\u003eapplication.secret_key_base\u003c/code\u003e. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for \u003ccode\u003erecoverable\u003c/code\u003e, \u003ccode\u003elockable\u003c/code\u003e, and \u003ccode\u003econfirmable\u003c/code\u003e will be invalid.\n\u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5645\"\u003e#5645\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange password instructions button label on devise view from \u003ccode\u003eSend me reset password instructions\u003c/code\u003e to \u003ccode\u003eSend me password reset instructions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5515\"\u003e#5515\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange \u003ccode\u003e\u0026lt;br\u0026gt;\u003c/code\u003e tags separating form elements to wrapping them in \u003ccode\u003e\u0026lt;p\u0026gt;\u003c/code\u003e tags \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5494\"\u003e#5494\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReplace \u003ccode\u003e[data-turbo-cache=false]\u003c/code\u003e with \u003ccode\u003e[data-turbo-temporary]\u003c/code\u003e on \u003ccode\u003edevise/shared/error_messages\u003c/code\u003e partial. This has been \u003ca href=\"https://github.com/hotwired/turbo/releases/tag/v7.3.0\"\u003edeprecated by Turbo since v7.3.0 (released on Mar 1, 2023)\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/9ea459de9aec5f1217ad738c58e0d23fb9f5beaa\"\u003e\u003ccode\u003e9ea459d\u003c/code\u003e\u003c/a\u003e Release v5.0.4 with sec fix for timeoutable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/025fe2124f9928766fc46520e999633b598d0360\"\u003e\u003ccode\u003e025fe21\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/7ca7ed9c174525a4d36167441b35af4a0991b6af\"\u003e\u003ccode\u003e7ca7ed9\u003c/code\u003e\u003c/a\u003e Add GHSA link to the v5.0.3 sec fix changelog entry [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/605de86174c26b9f5b2618470249db2c225327d4\"\u003e\u003ccode\u003e605de86\u003c/code\u003e\u003c/a\u003e Update links to https [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/5e3a8bf3a01cc556185dbde47ecf3bb20c41b150\"\u003e\u003ccode\u003e5e3a8bf\u003c/code\u003e\u003c/a\u003e Bundle update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/5d202775d75ccee8c36a9ed72062f627202e29e2\"\u003e\u003ccode\u003e5d20277\u003c/code\u003e\u003c/a\u003e Cleanup old Rails.version check for db migration path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/4ffb0b7e88b627ac0575e475b279e0cc474b4ded\"\u003e\u003ccode\u003e4ffb0b7\u003c/code\u003e\u003c/a\u003e Fix Gemfile for Rails 7.2, incorrectly testing against 7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/2f809205b2a9112767e68e1a5666c649a42609c6\"\u003e\u003ccode\u003e2f80920\u003c/code\u003e\u003c/a\u003e Release v5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/53347074021b38590653b95523f9b7113e5dcfdc\"\u003e\u003ccode\u003e5334707\u003c/code\u003e\u003c/a\u003e Add CVE to changelog [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/02527772bd9adbc3357d9c62fbc16e73e438121d\"\u003e\u003ccode\u003e0252777\u003c/code\u003e\u003c/a\u003e Fix race condition vulnerability, by ensuring the \u003ccode\u003eunconfirmed_email\u003c/code\u003e is alwa...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/heartcombo/devise/compare/v4.9.4...v5.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.14.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/2ecd5e05388303087c3f6872ef7f98f260e9560f\"\u003e\u003ccode\u003e2ecd5e0\u003c/code\u003e\u003c/a\u003e Update version.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3f1280c69e93297d574e85a2d462d05ebadf1d09\"\u003e\u003ccode\u003e3f1280c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/81dc1688742ad30fa747daba5a82592a1e4df8a8\"\u003e\u003ccode\u003e81dc168\u003c/code\u003e\u003c/a\u003e Upgrade package.json packages using audit fix (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/8b4d1fd06fd47dd33f3720794d4df38498c240ec\"\u003e\u003ccode\u003e8b4d1fd\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a01039c948d3e9e41e03d152aed7244f0fb4d5ca\"\u003e\u003ccode\u003ea01039c\u003c/code\u003e\u003c/a\u003e fix(docs): fix incorrect link label in request-options and remove dead link i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/7df3f24bc32d309136c67d94a9f5e4679085af0d\"\u003e\u003ccode\u003e7df3f24\u003c/code\u003e\u003c/a\u003e Lint: Style/OneClassPerFile (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1668\"\u003e#1668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/c6988a840738760fae1a40d653fa2ccd0da425b9\"\u003e\u003ccode\u003ec6988a8\u003c/code\u003e\u003c/a\u003e Modernize RuboCop configuration and fix offenses (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/32e010f1c3d5cf0f854fd52df553adf9b29985f4\"\u003e\u003ccode\u003e32e010f\u003c/code\u003e\u003c/a\u003e Add Ruby 4 to CI (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jwt` from 3.1.2 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c\"\u003e\u003ccode\u003e0b6f800\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fa19073546360856e9f4dab221fc2c5d73a45e82\"\u003e\u003ccode\u003efa19073\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c\"\u003e\u003ccode\u003e4933c1e\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53\"\u003e\u003ccode\u003e707c0f1\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b8a1665824a43d71cd6406cf9adcae842ceb1c22\"\u003e\u003ccode\u003eb8a1665\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b\"\u003e\u003ccode\u003e8159a9c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.8 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.8...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erb` from 6.0.1 to 6.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/releases\"\u003eerb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.3...v6.0.4\"\u003ehttps://github.com/ruby/erb/compare/v6.0.3...v6.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude dependabot updates from release note by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/101\"\u003eruby/erb#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: rename BDSL to BSDL by \u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze src in initialize by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse tag instead of branch with lewagon/wait-on-check-action by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/107\"\u003eruby/erb#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: exclude some files from published gem by \u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.3\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude dependabot updates from release note by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/101\"\u003eruby/erb#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: rename BDSL to BSDL by \u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze src in initialize by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/blob/master/NEWS.md\"\u003eerb's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude some files from published gem \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFreeze \u003ccode\u003esrc\u003c/code\u003e in \u003ccode\u003eERB#initialize\u003c/code\u003e for Ractor compatibility \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/4d2b45e140044f464794c0463d838d5cb4bba96c\"\u003e\u003ccode\u003e4d2b45e\u003c/code\u003e\u003c/a\u003e Version 6.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9d017be4e375cdd058650ce528ee6adfead20cac\"\u003e\u003ccode\u003e9d017be\u003c/code\u003e\u003c/a\u003e Prohibit def_method on marshal-loaded ERB instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9c8fa8a339605c6edf058805cc549a6afa70cb31\"\u003e\u003ccode\u003e9c8fa8a\u003c/code\u003e\u003c/a\u003e Version 6.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/0ebc6aef1caeb7c8df2e5e4b821d3eb539b5a166\"\u003e\u003ccode\u003e0ebc6ae\u003c/code\u003e\u003c/a\u003e Bump rubygems/release-gem from 1.1.2 to 1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/25a729a9985378a029b7df23f0b2795bf47c47e4\"\u003e\u003ccode\u003e25a729a\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.15.0 to 2.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9820802399770bc56b986ee65510ae93fd20103a\"\u003e\u003ccode\u003e9820802\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/261136602a4e9079360575b805180df2c6877eb6\"\u003e\u003ccode\u003e2611366\u003c/code\u003e\u003c/a\u003e Bump lewagon/wait-on-check-action from 1.5.0 to 1.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/890d87f02d18be5735f18d817c7f6dc49f62dd4a\"\u003e\u003ccode\u003e890d87f\u003c/code\u003e\u003c/a\u003e Use github.token instead of missing MATZBOT_DEPENDABOT_MERGE_TOKEN secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/afc32b6dd1a6b2c41a15e6ac10ac3f6899de42f9\"\u003e\u003ccode\u003eafc32b6\u003c/code\u003e\u003c/a\u003e Fix dependabot auto-merge by using GH_TOKEN env var\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/2fd0a6b71c0db9d5b0b14aaaab4d1768d54e7600\"\u003e\u003ccode\u003e2fd0a6b\u003c/code\u003e\u003c/a\u003e fix: exclude some files from published gem (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json` from 2.19.1 to 2.19.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-06-03 (2.19.8)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5233dd9b851a4924f793aec1a1658ed8b66a34c7\"\u003e\u003ccode\u003e5233dd9\u003c/code\u003e\u003c/a\u003e Release 2.19.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/3f44b26cf34f37e97065ff37f5eaecac69d5f28e\"\u003e\u003ccode\u003e3f44b26\u003c/code\u003e\u003c/a\u003e Prevent buffer over-read when generating EOF error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/be8d068a8eb1124fdc2273e102dc986edf1140f7\"\u003e\u003ccode\u003ebe8d068\u003c/code\u003e\u003c/a\u003e Handle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/59501c07de4257714d94a2d5bd44f08fad1a4a4c\"\u003e\u003ccode\u003e59501c0\u003c/code\u003e\u003c/a\u003e Get rid of all_images gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c7a7b2be6f20e52439f4fdc5263e9b539fc6ad6c\"\u003e\u003ccode\u003ec7a7b2b\u003c/code\u003e\u003c/a\u003e Add a security note in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `loofah` from 2.25.0 to 2.25.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/flavorjones/loofah/releases\"\u003eloofah's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.25.1 / 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003eLoofah::HTML5::Scrub.allowed_uri?\u003c/code\u003e recognizes unescaped whitespace entities and rejects schemas containing them. See \u003ca href=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-46fp-8f5p-pf2m\"\u003eGHSA-46fp-8f5p-pf2m\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md\"\u003eloofah's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.25.1 / 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003eLoofah::HTML5::Scrub.allowed_uri?\u003c/code\u003e recognizes unescaped whitespace entities and rejects schemas containing them. See \u003ca href=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-46fp-8f5p-pf2m\"\u003eGHSA-46fp-8f5p-pf2m\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/c895c8b2ac9c7255ca10c4e3083b8f0b019b7189\"\u003e\u003ccode\u003ec895c8b\u003c/code\u003e\u003c/a\u003e version bump to v2.25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/f4ebc9c5193dde759a57541062e490e86fc7c068\"\u003e\u003ccode\u003ef4ebc9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e from flavorjones/flavorjones/better-allowed-uri\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/9f4e5dbd79f63775b3ad6196fa391f8e807da156\"\u003e\u003ccode\u003e9f4e5db\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003eallowed_uri?\u003c/code\u003e to handle unescaped whitespace entities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/e6f47515f642b1868f9025e85429301fa6f8bb20\"\u003e\u003ccode\u003ee6f4751\u003c/code\u003e\u003c/a\u003e doc: Move security reporting to Github\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/flavorjones/loofah/compare/v2.25.0...v2.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 0.8.0 to 0.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.9.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_delete\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eMCP::Client::Stdio\u003c/code\u003e transport (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProgress notifications per MCP specification (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAutomatic \u003ccode\u003e_meta\u003c/code\u003e parameter extraction support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCORS and Accept wildcard support for browser-based MCP clients (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eautoload\u003c/code\u003e to defer loading of unused subsystems (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce release package size (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse mutex-protected \u003ccode\u003esession_exists?\u003c/code\u003e in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/blob/main/CHANGELOG.md\"\u003emcp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.9.2] - 2026-03-27\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.9.1] - 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_delete\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.9.0] - 2026-03-20\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eMCP::Client::Stdio\u003c/code\u003e transport (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProgress notifications per MCP specification (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAutomatic \u003ccode\u003e_meta\u003c/code\u003e parameter extraction support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCORS and Accept wildcard support for browser-based MCP clients (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eautoload\u003c/code\u003e to defer loading of unused subsystems (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce release package size (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse mutex-protected \u003ccode\u003esession_exists?\u003c/code\u003e in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/3fc7bcd2683d2200d42f79ab46752dc65f896db1\"\u003e\u003ccode\u003e3fc7bcd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/272\"\u003e#272\u003c/a\u003e from koic/release_0_9_2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/8fbc2b46313479cdbf5afbb44045583f94e813e3\"\u003e\u003ccode\u003e8fbc2b4\u003c/code\u003e\u003c/a\u003e Release 0.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/6b092797c90183099b88f86ada44b27dea340d6f\"\u003e\u003ccode\u003e6b09279\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e from koic/use_accessor_in_server_context_with_meta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/a2575b24e5f48943f4f0b66b6632b917fe803116\"\u003e\u003ccode\u003ea2575b2\u003c/code\u003e\u003c/a\u003e Use accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/e189d7852a80d63c00bd488fe5f58420673aaa87\"\u003e\u003ccode\u003ee189d78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/db40143402d65b4fb6923cec42d2d72cb89b3874\"\u003e\u003ccode\u003edb40143\u003c/code\u003e\u003c/a\u003e Reject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/3b1fc72fb50dfe3685e5d5387820b86d25f60e94\"\u003e\u003ccode\u003e3b1fc72\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/267\"\u003e#267\u003c/a\u003e from koic/release_0_9_1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/f29259c0b1f540c56acd977ed17f938c3388b641\"\u003e\u003ccode\u003ef29259c\u003c/code\u003e\u003c/a\u003e Release 0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/ccddd87e96f66ddd00884fda906a08634303fa05\"\u003e\u003ccode\u003eccddd87\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e from koic/allow_client_call_tool_to_accept_a_tool_name\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/73070f1fd7e8e69658c5f13e10212d537ffc3799\"\u003e\u003ccode\u003e73070f1\u003c/code\u003e\u003c/a\u003e Allow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/compare/v0.8.0...v0.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `net-imap` from 0.5.12 to 0.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/net-imap/releases\"\u003enet-imap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e🔒 Security\u003c/h3\u003e\n\u003cp\u003eThis release contains fixes for \u003cstrong\u003emultiple vulnerabilities\u003c/strong\u003e concerning \u003cem\u003e\u003cstrong\u003e\u003ccode\u003eSTARTTLS\u003c/code\u003e stripping\u003c/strong\u003e\u003c/em\u003e, argument validation, and denial of service attacks.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/665\"\u003eruby/net-imap#665\u003c/a\u003e fixes a \u003ccode\u003eSTARTTLS\u003c/code\u003e stripping vulnerability (GHSA-vcgp-9326-pqcp).\nWithout this fix, a man-in-the-middle attacker can cause \u003ccode\u003eNet::IMAP#starttls\u003c/code\u003e to return \u0026quot;successfully\u0026quot;, \u003cstrong\u003e\u003cem\u003ewithout starting TLS\u003c/em\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nArgument validation is significantly improved.  Several command injection vulnerabilities have been fixed:\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via Symbol arguments (GHSA-75xq-5h9v-w6px).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003eattr\u003c/code\u003e argument to \u003ccode\u003e#store\u003c/code\u003e/\u003ccode\u003e#uid_store\u003c/code\u003e (GHSA-hm49-wcqc-g2xg)\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003estorage_limit\u003c/code\u003e argument to \u003ccode\u003e#setquota\u003c/code\u003e (GHSA-hm49-wcqc-g2xg).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command injection via \u003ccode\u003eRawData\u003c/code\u003e (GHSA-hm49-wcqc-g2xg):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#search\u003c/code\u003e and \u003ccode\u003e#uid_search\u003c/code\u003e send \u003ccode\u003ecriteria\u003c/code\u003e as raw data, when it is a String\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e#fetch\u003c/code\u003e and \u003ccode\u003e#uid_fetch\u003c/code\u003e send \u003ccode\u003eattr\u003c/code\u003e as raw data, when it is a String.\nWhen \u003ccode\u003eattr\u003c/code\u003e is an Array, its String members are sent as raw data.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!CAUTION]\n\u003ccode\u003eRawData\u003c/code\u003e does not defend against \u003cem\u003eother\u003c/em\u003e forms of argument injection!  It is an intentionally low-level API.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nTwo denial of service vulnerabilities have been addressed.\nThese are generally only relevant when connecting to an \u003cem\u003euntrusted hostile server\u003c/em\u003e (or without TLS).\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/650\"\u003eruby/net-imap#650\u003c/a\u003e fixes quadratic time complexity when reading large responses containing many string literals (GHSA-q2mw-fvj9-vvcw).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/656\"\u003eruby/net-imap#656\u003c/a\u003e adds a configurable \u003ccode\u003emax_iterations\u003c/code\u003e count for \u003ccode\u003eSCRAM-*\u003c/code\u003e authentication (GHSA-87pf-fpwv-p7m7).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 Add \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/654\"\u003e#654\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/656\"\u003eruby/net-imap#656\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 Fix STARTTLS stripping vulnerability (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/665\"\u003eruby/net-imap#665\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔒 Fix CRLF injection vulnerabilities (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/657\"\u003e#657\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/658\"\u003e#658\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/659\"\u003e#659\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/660\"\u003e#660\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/636\"\u003e#636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/661\"\u003e#661\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e, reported by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e⚡ Much faster ResponseReader performance (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/642\"\u003e#642\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/650\"\u003eruby/net-imap#650\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 Config \u003ccode\u003eversion_defaults\u003c/code\u003e should be attr_reader (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/594\"\u003e#594\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/631\"\u003eruby/net-imap#631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 Wait to continue RawData literals (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/660\"\u003e#660\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️  Improve internal literal sending (partially backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/616\"\u003e#616\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/649\"\u003e#649\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/652\"\u003eruby/net-imap#652\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Fix Data polyfill tests for ruby 4.1 by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/632\"\u003eruby/net-imap#632\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/net-imap/compare/v0.5.13...v0.5.14\"\u003ehttps://github.com/ruby/net-imap/compare/v0.5.13...v0.5.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/4063bc1d1d3e21046544ed7a2c131e5f886bab01\"\u003e\u003ccode\u003e4063bc1\u003c/code\u003e\u003c/a\u003e 🔖 Bump version to 0.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da\"\u003e\u003ccode\u003ef79d35b\u003c/code\u003e\u003c/a\u003e 🔀 Merge pull request \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/665\"\u003e#665\u003c/a\u003e from ruby/backport/v0.5/STARTTLS-stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/b3ad198bdecd7f8f1342bf2f0191bc5261130383\"\u003e\u003ccode\u003eb3ad198\u003c/code\u003e\u003c/a\u003e 🍒 pick 24d5c773d: 🔒🥅 Handle tagged \u0026quot;OK\u0026quot; to incomplete command [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/7a233c57fdf319ad8f238072a60c27948dd44e89\"\u003e\u003ccode\u003e7a233c5\u003c/code\u003e\u003c/a\u003e 🍒 pick 62eea6ffe: 🔒🥅 Ensure STARTTLS tagged response was handled [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/a530fa7d0efba9e02aa88ea9b9835e4d5e58f308\"\u003e\u003ccode\u003ea530fa7\u003c/code\u003e\u003c/a\u003e 🍒 pick 46636cae8: ❌🔒 Add failing test for STARTTLS stripping [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/6...\n\n_Description has been truncated_","html_url":"https://github.com/yuuki2014/shiroichizu/pull/217","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuuki2014%2Fshiroichizu/issues/217","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/217/packages"},{"uuid":"4584107304","node_id":"PR_kwDOOcgMU87icG82","number":255,"state":"open","title":"Bump jwt from 2.10.2 to 2.10.3 in the bundler group across 1 directory","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T22:23:56.000Z","updated_at":"2026-06-05T02:22:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":"the bundler group across 1 directory","ecosystem":"rubygems"},"body":"Bumps the bundler group with 1 update in the / directory: [jwt](https://github.com/jwt/ruby-jwt).\n\nUpdates `jwt` from 2.10.2 to 2.10.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/orbot-android/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/orbot-android/pull/255","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Forbot-android/issues/255","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/255/packages"},{"uuid":"4575501955","node_id":"PR_kwDOAApxXs7h_xxm","number":25218,"state":"open","title":"build(deps): bump jwt from 2.5.0 to 2.10.3 in /record-and-playback/core","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:47:32.000Z","updated_at":"2026-06-02T23:09:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"jwt","old_version":"2.5.0","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":"/record-and-playback/core","ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.5.0 to 2.10.3.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.1\"\u003ev3.2.1\u003c/a\u003e (NEXT)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.2.0...v3.2.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eYour contribution here\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix rejection of unknown algorithms from JWKs for RFC compliance and pquip \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/728\"\u003e#728\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/658275c3f20156df0656cf25d3e2129fa0fd2322\"\u003e\u003ccode\u003e658275c\u003c/code\u003e\u003c/a\u003e Version 2.10.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/67dc9d344ece2c18ff1f25621e10f5a692503191\"\u003e\u003ccode\u003e67dc9d3\u003c/code\u003e\u003c/a\u003e Backport: Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/c73c286901b88bd7c73ec72c5154da74b8533ba1\"\u003e\u003ccode\u003ec73c286\u003c/code\u003e\u003c/a\u003e Simplify CI on 2.10 branch (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7ff5f070ce696ed31d361238fda221d429786187\"\u003e\u003ccode\u003e7ff5f07\u003c/code\u003e\u003c/a\u003e Fix deprecation messages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/6e59d2620fd098e307fd671a3283be29fb95cdc3\"\u003e\u003ccode\u003e6e59d26\u003c/code\u003e\u003c/a\u003e Make version constants public\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a490892dc8016d2ddde9c852fbc9a762dd34ea40\"\u003e\u003ccode\u003ea490892\u003c/code\u003e\u003c/a\u003e Start the 3.0 iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d09d63b2b195822736df2ba2c19de896f7791e55\"\u003e\u003ccode\u003ed09d63b\u003c/code\u003e\u003c/a\u003e Prepare 2.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/3f38be053e71bad5f4eae27b3a34d151798ac4ec\"\u003e\u003ccode\u003e3f38be0\u003c/code\u003e\u003c/a\u003e Generate CNAME entry\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.5.0...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.5.0\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bigbluebutton/bigbluebutton/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/bigbluebutton/bigbluebutton/pull/25218","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bigbluebutton%2Fbigbluebutton/issues/25218","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25218/packages"},{"uuid":"4575428650","node_id":"PR_kwDOO8tGQc7h_iaw","number":18,"state":"open","title":"chore(deps): bump jwt from 2.10.2 to 2.10.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:31:56.000Z","updated_at":"2026-06-02T22:35:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 2.10.3.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Fedihosting-Foundation-Forks/blorp/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Fedihosting-Foundation-Forks/blorp/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fedihosting-Foundation-Forks%2Fblorp/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"},{"uuid":"4575413195","node_id":"PR_kwDOOT1pBs7h_fEY","number":210,"state":"open","title":"chore(deps): bump jwt from 2.10.2 to 2.10.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:28:50.000Z","updated_at":"2026-06-02T22:29:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 2.10.3.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Shojin-App/shojin_app/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Shojin-App/shojin_app/pull/210","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Shojin-App%2Fshojin_app/issues/210","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/210/packages"},{"uuid":"4575412978","node_id":"PR_kwDOQp4dK87h_fBe","number":3,"state":"open","title":"chore(deps): bump the bundler group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:28:47.000Z","updated_at":"2026-06-02T22:29:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"bundler","update_count":7,"packages":[{"name":"activesupport","old_version":"7.2.2.1","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"aws-sdk-s3","old_version":"1.181.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"faraday","old_version":"1.10.4","new_version":"1.10.5","repository_url":"https://github.com/lostisland/faraday"},{"name":"json","old_version":"2.10.1","new_version":"2.10.2","repository_url":"https://github.com/ruby/json"},{"name":"jwt","old_version":"2.10.1","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"},{"name":"rexml","old_version":"3.4.1","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [activesupport](https://github.com/rails/rails) | `7.2.2.1` | `7.2.3.1` |\n| [addressable](https://github.com/sporkmonger/addressable) | `2.8.7` | `2.9.0` |\n| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.181.0` | `1.208.0` |\n| [faraday](https://github.com/lostisland/faraday) | `1.10.4` | `1.10.5` |\n| [json](https://github.com/ruby/json) | `2.10.1` | `2.10.2` |\n| [jwt](https://github.com/jwt/ruby-jwt) | `2.10.1` | `2.10.3` |\n| [rexml](https://github.com/ruby/rexml) | `3.4.1` | `3.4.2` |\n\n\nUpdates `activesupport` from 7.2.2.1 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.2.1...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.181.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 1.10.4 to 1.10.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport CVE-2026-25765 by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1665\"\u003elostisland/faraday#1665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ehttps://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/5c1d68aae6020c7a5398147356e5a42ca205bf80\"\u003e\u003ccode\u003e5c1d68a\u003c/code\u003e\u003c/a\u003e Version bump to 1.10.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/ea02c0ecbcd7ecc5553767f0cd97ec94eae6142b\"\u003e\u003ccode\u003eea02c0e\u003c/code\u003e\u003c/a\u003e Update rubocop complexity thresholds for security fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d0fc049beb0b0e4e3bd4a52711189130bba7c5f4\"\u003e\u003ccode\u003ed0fc049\u003c/code\u003e\u003c/a\u003e Backport security fix for CVE-2026-25765 to 1.x branch (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1665\"\u003e#1665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json` from 2.10.1 to 2.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e unadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/ruby/json/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2025-03-12 (2.10.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e inadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/350c1fd154eaf7840f696c623362478a9148166c\"\u003e\u003ccode\u003e350c1fd\u003c/code\u003e\u003c/a\u003e Release 2.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf\"\u003e\u003ccode\u003ec56db31\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cf242d89a0523bacd5238a59c77b33411b8c3208\"\u003e\u003ccode\u003ecf242d8\u003c/code\u003e\u003c/a\u003e Fix potential out of bound read in \u003ccode\u003ejson_string_unescape\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/57911f1ecf065c36cf36e6bc46fd037c675ceb55\"\u003e\u003ccode\u003e57911f1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/762\"\u003e#762\u003c/a\u003e from byroot/invalid-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7d0637b9e6e0269c88418b142cb9a1ef2799587d\"\u003e\u003ccode\u003e7d0637b\u003c/code\u003e\u003c/a\u003e Raise a ParserError on all incomplete unicode escape sequence.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c079793b7655b749a4d85f5c8e6bd2649fd31c0c\"\u003e\u003ccode\u003ec079793\u003c/code\u003e\u003c/a\u003e Avoid fast-path IO writes when IO has ext enc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ac30b69c06a2e4d21cca4875a7265c24f6ede5ed\"\u003e\u003ccode\u003eac30b69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/757\"\u003e#757\u003c/a\u003e from rahim/fix-generator-error-no-method-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/2e015ff839ed2044ead0fd27b63a912766270a1b\"\u003e\u003ccode\u003e2e015ff\u003c/code\u003e\u003c/a\u003e Fix JSON::GeneratorError#detailed_message with Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f3e113654fb61cb670ab70f2470dc26183c369e1\"\u003e\u003ccode\u003ef3e1136\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/756\"\u003e#756\u003c/a\u003e from byroot/utf8-snippets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e144793b7226c2df75c414749d6f87ab7fcf4dce\"\u003e\u003ccode\u003ee144793\u003c/code\u003e\u003c/a\u003e Ensure parser error snippets are valid UTF-8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jwt` from 2.10.1 to 2.10.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.1\"\u003ev3.2.1\u003c/a\u003e (NEXT)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.2.0...v3.2.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eYour contribution here\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix rejection of unknown algorithms from JWKs for RFC compliance and pquip \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/728\"\u003e#728\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/658275c3f20156df0656cf25d3e2129fa0fd2322\"\u003e\u003ccode\u003e658275c\u003c/code\u003e\u003c/a\u003e Version 2.10.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/67dc9d344ece2c18ff1f25621e10f5a692503191\"\u003e\u003ccode\u003e67dc9d3\u003c/code\u003e\u003c/a\u003e Backport: Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/c73c286901b88bd7c73ec72c5154da74b8533ba1\"\u003e\u003ccode\u003ec73c286\u003c/code\u003e\u003c/a\u003e Simplify CI on 2.10 branch (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7ff5f070ce696ed31d361238fda221d429786187\"\u003e\u003ccode\u003e7ff5f07\u003c/code\u003e\u003c/a\u003e Fix deprecation messages\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.4.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.4.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/EmilynnJ/jitsi-meet/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade Bundler dependencies to pick up security fixes and SDK improvements. Bumps `activesupport`, `addressable`, `aws-sdk-s3`, `faraday`, `json`, `jwt`, and `rexml` with no app code changes.\n\n- **Dependencies**\n  - `activesupport` 7.2.3.1 — security fixes and minor perf updates\n  - `addressable` 2.9.0 — fixes ReDoS in Template#match\n  - `aws-sdk-s3` 1.208.0 — SDK updates incl. encryption and checksum behavior\n  - `faraday` 1.10.5 — security fix\n  - `json` 2.10.2 — parser stability fixes\n  - `jwt` 2.10.3 — reject nil/empty HMAC keys (security)\n  - `rexml` 3.4.2 — performance and parsing improvements\n\n\u003csup\u003eWritten for commit 9f6a056a79f5089917c2f9c93714eabeea5fc4ce. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/jitsi-meet/pull/3?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 7 bundler dependencies in Gemfile.lock\n\u003e Updates the Ruby bundler lockfile with 7 dependency version bumps. No application logic changes are included.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 9f6a056.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/jitsi-meet/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fjitsi-meet/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4575406218","node_id":"PR_kwDOKADG287h_dmq","number":877,"state":"open","title":"build(deps): Bump jwt from 2.10.2 to 2.10.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:27:25.000Z","updated_at":"2026-06-02T22:50:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 2.10.3.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/govuk-one-login/mobile-android-one-login-app/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/govuk-one-login/mobile-android-one-login-app/pull/877","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/govuk-one-login%2Fmobile-android-one-login-app/issues/877","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/877/packages"},{"uuid":"4575398920","node_id":"PR_kwDOCINW2s7h_cC6","number":9242,"state":"closed","title":"Bump jwt from 2.10.1 to 2.10.3 in /fastlane","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-04T05:09:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-02T22:26:03.000Z","updated_at":"2026-06-04T05:10:07.000Z","time_to_close":110632,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.1","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":"/fastlane","ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.1 to 2.10.3.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.1\"\u003ev3.2.1\u003c/a\u003e (NEXT)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.2.0...v3.2.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eYour contribution here\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix rejection of unknown algorithms from JWKs for RFC compliance and pquip \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/728\"\u003e#728\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/658275c3f20156df0656cf25d3e2129fa0fd2322\"\u003e\u003ccode\u003e658275c\u003c/code\u003e\u003c/a\u003e Version 2.10.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/67dc9d344ece2c18ff1f25621e10f5a692503191\"\u003e\u003ccode\u003e67dc9d3\u003c/code\u003e\u003c/a\u003e Backport: Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/c73c286901b88bd7c73ec72c5154da74b8533ba1\"\u003e\u003ccode\u003ec73c286\u003c/code\u003e\u003c/a\u003e Simplify CI on 2.10 branch (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7ff5f070ce696ed31d361238fda221d429786187\"\u003e\u003ccode\u003e7ff5f07\u003c/code\u003e\u003c/a\u003e Fix deprecation messages\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.1\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/horizontalsystems/unstoppable-wallet-android/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/horizontalsystems/unstoppable-wallet-android/pull/9242","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/horizontalsystems%2Funstoppable-wallet-android/issues/9242","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9242/packages"},{"uuid":"4472264350","node_id":"PR_kwDOBf2z7M7czys1","number":183,"state":"closed","title":"Bump jwt from 3.1.2 to 3.2.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T01:17:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T20:15:17.000Z","updated_at":"2026-05-19T01:17:40.000Z","time_to_close":18134,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 3.1.2 to 3.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=3.1.2\u0026new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dblock/slack-sup/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/dblock/slack-sup/pull/183","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dblock%2Fslack-sup/issues/183","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/183/packages"},{"uuid":"4472164105","node_id":"PR_kwDOApUPbs7czd_J","number":2906,"state":"open","title":"chore: bump jwt from 3.1.2 to 3.2.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T20:00:13.000Z","updated_at":"2026-05-28T00:53:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 3.1.2 to 3.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/SFDigitalServices/sf-dahlia-web/pull/2906","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SFDigitalServices%2Fsf-dahlia-web/issues/2906","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2906/packages"},{"uuid":"4472061852","node_id":"PR_kwDOJKDKxc7czIib","number":127,"state":"closed","title":"Bump jwt from 3.1.2 to 3.2.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T01:16:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T19:44:08.000Z","updated_at":"2026-05-19T01:17:03.000Z","time_to_close":19967,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 3.1.2 to 3.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=3.1.2\u0026new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dblock/slack-sup2/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/dblock/slack-sup2/pull/127","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dblock%2Fslack-sup2/issues/127","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/127/packages"},{"uuid":"4471916622","node_id":"PR_kwDOGz0_gs7cyqKw","number":2,"state":"open","title":"chore(deps): update jwt requirement from \u003e= 1.5, \u003c= 2.5 to \u003e= 1.5, \u003c= 3.3 in the bundler group across 1 directory","user":"dependabot[bot]","labels":["dependencies","ruby","dependabot-semver-unknown","alert-severity-HIGH"],"assignees":[],"locked":false,"comments_count":87,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T19:20:33.000Z","updated_at":"2026-06-02T12:00:39.203Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): update","packages":[{"name":"jwt","old_version":"\u003e= 1.5, \u003c= 2.5","new_version":"\u003e= 1.5, \u003c= 3.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":"the bundler group across 1 directory","ecosystem":"rubygems"},"body":"Updates the requirements on [jwt](https://github.com/jwt/ruby-jwt) to permit the latest version.\nUpdates `jwt` to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/jwt-1.5.0...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/intercom/twilio-ruby/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/intercom/twilio-ruby/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/intercom%2Ftwilio-ruby/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4471323119","node_id":"PR_kwDOAHOAqs7cwtWa","number":40133,"state":"open","title":"DEPS: Bump jwt from 2.10.1 to 3.2.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T17:52:10.000Z","updated_at":"2026-05-18T17:53:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"DEPS: Bump","packages":[{"name":"jwt","old_version":"2.10.1","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.1 to 3.2.0.\n- [Release notes](https://github.com/jwt/ruby-jwt/releases)\n- [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.2.0)","html_url":"https://github.com/discourse/discourse/pull/40133","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/discourse%2Fdiscourse/issues/40133","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40133/packages"},{"uuid":"4465636942","node_id":"PR_kwDOPbcsgM7ceYhM","number":70,"state":"open","title":"deps(deps): bump jwt from 3.1.2 to 3.2.0","user":"dependabot[bot]","labels":[],"assignees":["kanutocd"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T01:27:42.000Z","updated_at":"2026-05-18T01:27:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps)","packages":[{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 3.1.2 to 3.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=3.1.2\u0026new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kanutocd/rack_jwt_aegis/pull/70","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kanutocd%2Frack_jwt_aegis/issues/70","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/70/packages"},{"uuid":"4402472928","node_id":"PR_kwDOR94zmc7ZVMpH","number":8,"state":"closed","title":"Bump jwt from 2.10.2 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-14T22:47:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-07T22:47:30.000Z","updated_at":"2026-05-14T22:47:12.000Z","time_to_close":604780,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 3.1.2.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire token signature to be verified before accessing payload \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/648\"\u003e#648\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for the HS512256 algorithm \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/650\"\u003e#650\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated claim verification methods \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/654\"\u003e#654\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dependency to rbnacl \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/655\"\u003e#655\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport only stricter base64 decoding (RFC 4648) \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/658\"\u003e#658\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCustom algorithms are required to include \u003ccode\u003eJWT::JWA::SigningAlgorithm\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/660\"\u003e#660\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire RSA keys to be at least 2048 bits \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/661\"\u003e#661\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBase64 encode and decode the k value for HMAC JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/662\"\u003e#662\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTake a look at the \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/UPGRADING.md\"\u003eupgrade guide\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWT::EncodedToken#verify! method that bundles signature and claim validation \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/647\"\u003e#647\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not override the alg header if already given \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/659\"\u003e#659\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/bbe7ae3786568b041f03f50cb2e48d2b964a4eb4\"\u003e\u003ccode\u003ebbe7ae3\u003c/code\u003e\u003c/a\u003e Version 3.1.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/700\"\u003e#700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/205a58d9b65ee337291eadafa274b60f71220c53\"\u003e\u003ccode\u003e205a58d\u003c/code\u003e\u003c/a\u003e Fix signing with EC JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/699\"\u003e#699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7231ef5927b4dcd3da97000b3ba3db9617255ba2\"\u003e\u003ccode\u003e7231ef5\u003c/code\u003e\u003c/a\u003e Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9524614ff5135c6fa0e876061ac9280df7c36cb7\"\u003e\u003ccode\u003e9524614\u003c/code\u003e\u003c/a\u003e Re-enable Truffleruby on the CI (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/698\"\u003e#698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ad4fc0439f7ee8a8e8b855dad54bfc5f98bfa65e\"\u003e\u003ccode\u003ead4fc04\u003c/code\u003e\u003c/a\u003e Prepare next iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/50c01e07b53ea5a33bf29ac08d6c61775b6d5d1e\"\u003e\u003ccode\u003e50c01e0\u003c/code\u003e\u003c/a\u003e Prepare 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/b45219d7c98473a1a7603d2bf5961f6b5ea89576\"\u003e\u003ccode\u003eb45219d\u003c/code\u003e\u003c/a\u003e Do not automatically trust the JWA in the JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/5c4fb4cfc6ff823744ce9db4fcf95ad058dc5efe\"\u003e\u003ccode\u003e5c4fb4c\u003c/code\u003e\u003c/a\u003e Prepare next iteration (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/646febebe8f26f353ce28e86ff9ace0bb0737314\"\u003e\u003ccode\u003e646febe\u003c/code\u003e\u003c/a\u003e Fix date for 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a93b803adc6bc698e34e3f8244b26cb8cd40bea5\"\u003e\u003ccode\u003ea93b803\u003c/code\u003e\u003c/a\u003e Prepare release of 3.1.0 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/smakthe/e-commerce-server/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smakthe%2Fe-commerce-server/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4369241844","node_id":"PR_kwDOEkq3Oc7Xp6bf","number":669,"state":"open","title":"DEPS: Bump jwt from 2.10.1 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T15:02:40.000Z","updated_at":"2026-05-02T18:11:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"DEPS: Bump","packages":[{"name":"jwt","old_version":"2.10.1","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.1 to 3.1.2.\n- [Release notes](https://github.com/jwt/ruby-jwt/releases)\n- [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.1.2)","html_url":"https://github.com/ForgottenWorld/discourse/pull/669","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ForgottenWorld%2Fdiscourse/issues/669","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/669/packages"},{"uuid":"4327932330","node_id":"PR_kwDOSF3XhM7VlYug","number":2,"state":"closed","title":"Bump jwt from 2.10.2 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-16T11:13:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T11:12:54.000Z","updated_at":"2026-05-16T11:13:06.000Z","time_to_close":1814411,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 3.1.2.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire token signature to be verified before accessing payload \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/648\"\u003e#648\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for the HS512256 algorithm \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/650\"\u003e#650\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated claim verification methods \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/654\"\u003e#654\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dependency to rbnacl \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/655\"\u003e#655\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport only stricter base64 decoding (RFC 4648) \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/658\"\u003e#658\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCustom algorithms are required to include \u003ccode\u003eJWT::JWA::SigningAlgorithm\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/660\"\u003e#660\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire RSA keys to be at least 2048 bits \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/661\"\u003e#661\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBase64 encode and decode the k value for HMAC JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/662\"\u003e#662\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTake a look at the \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/UPGRADING.md\"\u003eupgrade guide\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWT::EncodedToken#verify! method that bundles signature and claim validation \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/647\"\u003e#647\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not override the alg header if already given \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/659\"\u003e#659\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/bbe7ae3786568b041f03f50cb2e48d2b964a4eb4\"\u003e\u003ccode\u003ebbe7ae3\u003c/code\u003e\u003c/a\u003e Version 3.1.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/700\"\u003e#700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/205a58d9b65ee337291eadafa274b60f71220c53\"\u003e\u003ccode\u003e205a58d\u003c/code\u003e\u003c/a\u003e Fix signing with EC JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/699\"\u003e#699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7231ef5927b4dcd3da97000b3ba3db9617255ba2\"\u003e\u003ccode\u003e7231ef5\u003c/code\u003e\u003c/a\u003e Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9524614ff5135c6fa0e876061ac9280df7c36cb7\"\u003e\u003ccode\u003e9524614\u003c/code\u003e\u003c/a\u003e Re-enable Truffleruby on the CI (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/698\"\u003e#698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ad4fc0439f7ee8a8e8b855dad54bfc5f98bfa65e\"\u003e\u003ccode\u003ead4fc04\u003c/code\u003e\u003c/a\u003e Prepare next iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/50c01e07b53ea5a33bf29ac08d6c61775b6d5d1e\"\u003e\u003ccode\u003e50c01e0\u003c/code\u003e\u003c/a\u003e Prepare 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/b45219d7c98473a1a7603d2bf5961f6b5ea89576\"\u003e\u003ccode\u003eb45219d\u003c/code\u003e\u003c/a\u003e Do not automatically trust the JWA in the JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/5c4fb4cfc6ff823744ce9db4fcf95ad058dc5efe\"\u003e\u003ccode\u003e5c4fb4c\u003c/code\u003e\u003c/a\u003e Prepare next iteration (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/646febebe8f26f353ce28e86ff9ace0bb0737314\"\u003e\u003ccode\u003e646febe\u003c/code\u003e\u003c/a\u003e Fix date for 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a93b803adc6bc698e34e3f8244b26cb8cd40bea5\"\u003e\u003ccode\u003ea93b803\u003c/code\u003e\u003c/a\u003e Prepare release of 3.1.0 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/benjo-m/cohort-api/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/benjo-m%2Fcohort-api/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4219628277","node_id":"PR_kwDOR8VvF87QlA_V","number":3,"state":"closed","title":"Bump jwt from 2.10.2 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T23:23:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-07T17:58:26.000Z","updated_at":"2026-05-19T23:23:58.000Z","time_to_close":3648330,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 3.1.2.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire token signature to be verified before accessing payload \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/648\"\u003e#648\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for the HS512256 algorithm \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/650\"\u003e#650\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated claim verification methods \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/654\"\u003e#654\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dependency to rbnacl \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/655\"\u003e#655\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport only stricter base64 decoding (RFC 4648) \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/658\"\u003e#658\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCustom algorithms are required to include \u003ccode\u003eJWT::JWA::SigningAlgorithm\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/660\"\u003e#660\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire RSA keys to be at least 2048 bits \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/661\"\u003e#661\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBase64 encode and decode the k value for HMAC JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/662\"\u003e#662\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTake a look at the \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/UPGRADING.md\"\u003eupgrade guide\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWT::EncodedToken#verify! method that bundles signature and claim validation \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/647\"\u003e#647\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not override the alg header if already given \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/659\"\u003e#659\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/bbe7ae3786568b041f03f50cb2e48d2b964a4eb4\"\u003e\u003ccode\u003ebbe7ae3\u003c/code\u003e\u003c/a\u003e Version 3.1.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/700\"\u003e#700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/205a58d9b65ee337291eadafa274b60f71220c53\"\u003e\u003ccode\u003e205a58d\u003c/code\u003e\u003c/a\u003e Fix signing with EC JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/699\"\u003e#699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7231ef5927b4dcd3da97000b3ba3db9617255ba2\"\u003e\u003ccode\u003e7231ef5\u003c/code\u003e\u003c/a\u003e Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9524614ff5135c6fa0e876061ac9280df7c36cb7\"\u003e\u003ccode\u003e9524614\u003c/code\u003e\u003c/a\u003e Re-enable Truffleruby on the CI (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/698\"\u003e#698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ad4fc0439f7ee8a8e8b855dad54bfc5f98bfa65e\"\u003e\u003ccode\u003ead4fc04\u003c/code\u003e\u003c/a\u003e Prepare next iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/50c01e07b53ea5a33bf29ac08d6c61775b6d5d1e\"\u003e\u003ccode\u003e50c01e0\u003c/code\u003e\u003c/a\u003e Prepare 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/b45219d7c98473a1a7603d2bf5961f6b5ea89576\"\u003e\u003ccode\u003eb45219d\u003c/code\u003e\u003c/a\u003e Do not automatically trust the JWA in the JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/5c4fb4cfc6ff823744ce9db4fcf95ad058dc5efe\"\u003e\u003ccode\u003e5c4fb4c\u003c/code\u003e\u003c/a\u003e Prepare next iteration (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/646febebe8f26f353ce28e86ff9ace0bb0737314\"\u003e\u003ccode\u003e646febe\u003c/code\u003e\u003c/a\u003e Fix date for 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a93b803adc6bc698e34e3f8244b26cb8cd40bea5\"\u003e\u003ccode\u003ea93b803\u003c/code\u003e\u003c/a\u003e Prepare release of 3.1.0 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/umesh1196/wedding-gallery-backend/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/umesh1196%2Fwedding-gallery-backend/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4171779293","node_id":"PR_kwDORt93SM7OqbYa","number":56,"state":"closed","title":"chore(deps): bump jwt from 2.10.2 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-12T23:14:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T15:37:28.000Z","updated_at":"2026-05-12T23:14:40.000Z","time_to_close":3742622,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 3.1.2.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire token signature to be verified before accessing payload \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/648\"\u003e#648\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for the HS512256 algorithm \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/650\"\u003e#650\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated claim verification methods \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/654\"\u003e#654\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dependency to rbnacl \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/655\"\u003e#655\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport only stricter base64 decoding (RFC 4648) \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/658\"\u003e#658\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCustom algorithms are required to include \u003ccode\u003eJWT::JWA::SigningAlgorithm\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/660\"\u003e#660\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire RSA keys to be at least 2048 bits \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/661\"\u003e#661\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBase64 encode and decode the k value for HMAC JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/662\"\u003e#662\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTake a look at the \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/UPGRADING.md\"\u003eupgrade guide\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWT::EncodedToken#verify! method that bundles signature and claim validation \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/647\"\u003e#647\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not override the alg header if already given \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/659\"\u003e#659\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/bbe7ae3786568b041f03f50cb2e48d2b964a4eb4\"\u003e\u003ccode\u003ebbe7ae3\u003c/code\u003e\u003c/a\u003e Version 3.1.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/700\"\u003e#700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/205a58d9b65ee337291eadafa274b60f71220c53\"\u003e\u003ccode\u003e205a58d\u003c/code\u003e\u003c/a\u003e Fix signing with EC JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/699\"\u003e#699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7231ef5927b4dcd3da97000b3ba3db9617255ba2\"\u003e\u003ccode\u003e7231ef5\u003c/code\u003e\u003c/a\u003e Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9524614ff5135c6fa0e876061ac9280df7c36cb7\"\u003e\u003ccode\u003e9524614\u003c/code\u003e\u003c/a\u003e Re-enable Truffleruby on the CI (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/698\"\u003e#698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ad4fc0439f7ee8a8e8b855dad54bfc5f98bfa65e\"\u003e\u003ccode\u003ead4fc04\u003c/code\u003e\u003c/a\u003e Prepare next iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/50c01e07b53ea5a33bf29ac08d6c61775b6d5d1e\"\u003e\u003ccode\u003e50c01e0\u003c/code\u003e\u003c/a\u003e Prepare 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/b45219d7c98473a1a7603d2bf5961f6b5ea89576\"\u003e\u003ccode\u003eb45219d\u003c/code\u003e\u003c/a\u003e Do not automatically trust the JWA in the JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/5c4fb4cfc6ff823744ce9db4fcf95ad058dc5efe\"\u003e\u003ccode\u003e5c4fb4c\u003c/code\u003e\u003c/a\u003e Prepare next iteration (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/646febebe8f26f353ce28e86ff9ace0bb0737314\"\u003e\u003ccode\u003e646febe\u003c/code\u003e\u003c/a\u003e Fix date for 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a93b803adc6bc698e34e3f8244b26cb8cd40bea5\"\u003e\u003ccode\u003ea93b803\u003c/code\u003e\u003c/a\u003e Prepare release of 3.1.0 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/himratesdev/himrate-platform/pull/56","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/himratesdev%2Fhimrate-platform/issues/56","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/56/packages"},{"uuid":"4120167595","node_id":"PR_kwDORuYcns7Mp3KF","number":2,"state":"closed","title":"Bump jwt from 2.10.2 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T22:21:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-23T11:28:09.000Z","updated_at":"2026-05-18T22:21:42.000Z","time_to_close":4877611,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 3.1.2.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire token signature to be verified before accessing payload \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/648\"\u003e#648\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for the HS512256 algorithm \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/650\"\u003e#650\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated claim verification methods \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/654\"\u003e#654\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dependency to rbnacl \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/655\"\u003e#655\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport only stricter base64 decoding (RFC 4648) \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/658\"\u003e#658\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCustom algorithms are required to include \u003ccode\u003eJWT::JWA::SigningAlgorithm\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/660\"\u003e#660\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire RSA keys to be at least 2048 bits \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/661\"\u003e#661\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBase64 encode and decode the k value for HMAC JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/662\"\u003e#662\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTake a look at the \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/UPGRADING.md\"\u003eupgrade guide\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWT::EncodedToken#verify! method that bundles signature and claim validation \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/647\"\u003e#647\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not override the alg header if already given \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/659\"\u003e#659\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/bbe7ae3786568b041f03f50cb2e48d2b964a4eb4\"\u003e\u003ccode\u003ebbe7ae3\u003c/code\u003e\u003c/a\u003e Version 3.1.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/700\"\u003e#700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/205a58d9b65ee337291eadafa274b60f71220c53\"\u003e\u003ccode\u003e205a58d\u003c/code\u003e\u003c/a\u003e Fix signing with EC JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/699\"\u003e#699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7231ef5927b4dcd3da97000b3ba3db9617255ba2\"\u003e\u003ccode\u003e7231ef5\u003c/code\u003e\u003c/a\u003e Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9524614ff5135c6fa0e876061ac9280df7c36cb7\"\u003e\u003ccode\u003e9524614\u003c/code\u003e\u003c/a\u003e Re-enable Truffleruby on the CI (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/698\"\u003e#698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ad4fc0439f7ee8a8e8b855dad54bfc5f98bfa65e\"\u003e\u003ccode\u003ead4fc04\u003c/code\u003e\u003c/a\u003e Prepare next iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/50c01e07b53ea5a33bf29ac08d6c61775b6d5d1e\"\u003e\u003ccode\u003e50c01e0\u003c/code\u003e\u003c/a\u003e Prepare 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/b45219d7c98473a1a7603d2bf5961f6b5ea89576\"\u003e\u003ccode\u003eb45219d\u003c/code\u003e\u003c/a\u003e Do not automatically trust the JWA in the JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/5c4fb4cfc6ff823744ce9db4fcf95ad058dc5efe\"\u003e\u003ccode\u003e5c4fb4c\u003c/code\u003e\u003c/a\u003e Prepare next iteration (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/646febebe8f26f353ce28e86ff9ace0bb0737314\"\u003e\u003ccode\u003e646febe\u003c/code\u003e\u003c/a\u003e Fix date for 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a93b803adc6bc698e34e3f8244b26cb8cd40bea5\"\u003e\u003ccode\u003ea93b803\u003c/code\u003e\u003c/a\u003e Prepare release of 3.1.0 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/cesarm29/ruby_rails_hexagonal_api/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cesarm29%2Fruby_rails_hexagonal_api/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}],"issue_packages":[{"old_version":"3.1.2","new_version":"3.2.0","update_type":"minor","path":null,"pr_created_at":"2026-06-09T01:24:58.000Z","version_change":"3.1.2 → 3.2.0","issue":{"uuid":"4617939687","node_id":"PR_kwDOQU7yX87kKkkc","number":217,"state":"closed","title":"Bump the bundler group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-13T10:47:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-09T01:24:58.000Z","updated_at":"2026-06-13T10:47:57.000Z","time_to_close":379369,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":18,"packages":[{"name":"puma","old_version":"7.2.0","new_version":"7.2.1","repository_url":"https://github.com/puma/puma"},{"name":"devise","old_version":"4.9.4","new_version":"5.0.4","repository_url":"https://github.com/heartcombo/devise"},{"name":"faraday","old_version":"2.14.1","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"},{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"},{"name":"actionview","old_version":"7.2.3","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.8","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"mcp","old_version":"0.8.0","new_version":"0.9.2","repository_url":"https://github.com/modelcontextprotocol/ruby-sdk"},{"name":"net-imap","old_version":"0.5.12","new_version":"0.5.14","repository_url":"https://github.com/ruby/net-imap"},{"name":"yard","old_version":"0.9.38","new_version":"0.9.42"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [puma](https://github.com/puma/puma) | `7.2.0` | `7.2.1` |\n| [devise](https://github.com/heartcombo/devise) | `4.9.4` | `5.0.4` |\n| [faraday](https://github.com/lostisland/faraday) | `2.14.1` | `2.14.2` |\n| [jwt](https://github.com/jwt/ruby-jwt) | `3.1.2` | `3.2.0` |\n| [actionview](https://github.com/rails/rails) | `7.2.3` | `7.2.3.1` |\n| [addressable](https://github.com/sporkmonger/addressable) | `2.8.8` | `2.9.0` |\n| [mcp](https://github.com/modelcontextprotocol/ruby-sdk) | `0.8.0` | `0.9.2` |\n| [net-imap](https://github.com/ruby/net-imap) | `0.5.12` | `0.5.14` |\n| [yard](https://yardoc.org) | `0.9.38` | `0.9.42` |\n\n\nUpdates `puma` from 7.2.0 to 7.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBugfixes\n\u003cul\u003e\n\u003cli\u003eLimit and anchor PROXY protocol v1 parsing to prevent abuse via crafted inputs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eParse PROXY protocol only once per connection to prevent injection on keep-alive requests (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/security/advisories/GHSA-qpgp-93vx-g8v8\"\u003eCVE-2026-47736 / GHSA-qpgp-93vx-g8v8\u003c/a\u003e: Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/security/advisories/GHSA-2vqw-3mp8-cgmx\"\u003eCVE-2026-47737 / GHSA-2vqw-3mp8-cgmx\u003c/a\u003e: Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.1 / 2026-05-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBugfixes\n\u003cul\u003e\n\u003cli\u003eLimit and anchor PROXY protocol v1 parsing to prevent abuse via crafted inputs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eParse PROXY protocol only once per connection to prevent injection on keep-alive requests (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/92754ace040db67622f0e6406dea0b47c94d0139\"\u003e\u003ccode\u003e92754ac\u003c/code\u003e\u003c/a\u003e Release v7.2.1 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3948\"\u003e#3948\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/ebe9db3929ab8299d19c8f5b41e8ef4f4b22fa58\"\u003e\u003ccode\u003eebe9db3\u003c/code\u003e\u003c/a\u003e 7.2.1 backport (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3947\"\u003e#3947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/puma/puma/compare/v7.2.0...v7.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devise` from 4.9.4 to 5.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/releases\"\u003edevise's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.4/CHANGELOG.md#504---2026-05-08\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.4/CHANGELOG.md#504---2026-05-08\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.2\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0.rc\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/blob/main/CHANGELOG.md\"\u003edevise's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e5.0.4 - 2026-05-08\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix open redirect in \u003ccode\u003eFailureApp\u003c/code\u003e via unvalidated \u003ccode\u003eReferer\u003c/code\u003e header on non-GET session timeout. CVE-2026-40295 \u003ca href=\"https://github.com/heartcombo/devise/security/advisories/GHSA-jp94-3292-c3xv\"\u003eGHSA-jp94-3292-c3xv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3 - 2026-03-16\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix race condition vulnerability on confirmable \u0026quot;change email\u0026quot; which would allow confirming an email they don't own CVE-2026-32700 \u003ca href=\"https://github.com/heartcombo/devise/security/advisories/GHSA-57hq-95w6-v4fc\"\u003eGHSA-57hq-95w6-v4fc\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5783\"\u003e#5783\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5784\"\u003e#5784\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2 - 2026-02-18\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eenhancements\n\u003cul\u003e\n\u003cli\u003eAllow resource class scopes to override the global configuration for \u003ccode\u003esign_in_after_change_password\u003c/code\u003e behaviour. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5825\"\u003e#5825\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eNote\u003c/em\u003e: some users ran into an issue with this change because \u003ccode\u003eRegistrationsController\u003c/code\u003e now relies on a setting from the \u003ccode\u003e:registerable\u003c/code\u003e module. These users were configuring their own routes pointing to the \u003ccode\u003eRegistrationsController\u003c/code\u003e for resource edit/update actions mostly, without relying on the other registration actions (e.g. user sign up.), so they omitted \u003ccode\u003e:registerable\u003c/code\u003e from the model declaration. While using just a portion of the controller functionality is a valid use for \u003ccode\u003e:registerable\u003c/code\u003e (or any module really), the module must still be declared in the model, much like the other modules must be declared if you plan on using just a portion of their behavior. Please check \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5828#issuecomment-3926822788\"\u003ethis issue\u003c/a\u003e for more info.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esign_in_after_reset_password?\u003c/code\u003e check hook to passwords controller, to allow it to be customized by users. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5826\"\u003e#5826\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1 - 2026-02-13\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebug fixes\n\u003cul\u003e\n\u003cli\u003eFix translation issue with German \u003ccode\u003eE-Mail\u003c/code\u003e on invalid authentication messages caused by previous fix for incorrect grammar \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5822\"\u003e#5822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0 - 2026-01-23\u003c/h3\u003e\n\u003cp\u003eno changes\u003c/p\u003e\n\u003ch3\u003e5.0.0.rc - 2025-12-31\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Ruby \u0026lt; 2.7\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Rails \u0026lt; 7.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003e:bypass\u003c/code\u003e option from \u003ccode\u003esign_in\u003c/code\u003e helper, use \u003ccode\u003ebypass_sign_in\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003edevise_error_messages!\u003c/code\u003e helper, use \u003ccode\u003erender \u0026quot;devise/shared/error_messages\u0026quot;, resource: resource\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003escope\u003c/code\u003e second argument from \u003ccode\u003esign_in(resource, :admin)\u003c/code\u003e controller test helper, use \u003ccode\u003esign_in(resource, scope: :admin)\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::TestHelpers\u003c/code\u003e, use \u003ccode\u003eDevise::Test::ControllerHelpers\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5598\"\u003e#5598\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise.activerecord51?\u003c/code\u003e method.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove \u003ccode\u003eSecretKeyFinder\u003c/code\u003e and use \u003ccode\u003eapp.secret_key_base\u003c/code\u003e as the default secret key for \u003ccode\u003eDevise.secret_key\u003c/code\u003e if a custom \u003ccode\u003eDevise.secret_key\u003c/code\u003e is not provided.\u003c/p\u003e\n\u003cp\u003eThis is potentially a breaking change because Devise previously used the following order to find a secret key:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eapp.credentials.secret_key_base \u0026gt; app.secrets.secret_key_base \u0026gt; application.config.secret_key_base \u0026gt; application.secret_key_base\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow, it always uses \u003ccode\u003eapplication.secret_key_base\u003c/code\u003e. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for \u003ccode\u003erecoverable\u003c/code\u003e, \u003ccode\u003elockable\u003c/code\u003e, and \u003ccode\u003econfirmable\u003c/code\u003e will be invalid.\n\u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5645\"\u003e#5645\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange password instructions button label on devise view from \u003ccode\u003eSend me reset password instructions\u003c/code\u003e to \u003ccode\u003eSend me password reset instructions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5515\"\u003e#5515\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange \u003ccode\u003e\u0026lt;br\u0026gt;\u003c/code\u003e tags separating form elements to wrapping them in \u003ccode\u003e\u0026lt;p\u0026gt;\u003c/code\u003e tags \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5494\"\u003e#5494\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReplace \u003ccode\u003e[data-turbo-cache=false]\u003c/code\u003e with \u003ccode\u003e[data-turbo-temporary]\u003c/code\u003e on \u003ccode\u003edevise/shared/error_messages\u003c/code\u003e partial. This has been \u003ca href=\"https://github.com/hotwired/turbo/releases/tag/v7.3.0\"\u003edeprecated by Turbo since v7.3.0 (released on Mar 1, 2023)\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/9ea459de9aec5f1217ad738c58e0d23fb9f5beaa\"\u003e\u003ccode\u003e9ea459d\u003c/code\u003e\u003c/a\u003e Release v5.0.4 with sec fix for timeoutable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/025fe2124f9928766fc46520e999633b598d0360\"\u003e\u003ccode\u003e025fe21\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/7ca7ed9c174525a4d36167441b35af4a0991b6af\"\u003e\u003ccode\u003e7ca7ed9\u003c/code\u003e\u003c/a\u003e Add GHSA link to the v5.0.3 sec fix changelog entry [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/605de86174c26b9f5b2618470249db2c225327d4\"\u003e\u003ccode\u003e605de86\u003c/code\u003e\u003c/a\u003e Update links to https [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/5e3a8bf3a01cc556185dbde47ecf3bb20c41b150\"\u003e\u003ccode\u003e5e3a8bf\u003c/code\u003e\u003c/a\u003e Bundle update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/5d202775d75ccee8c36a9ed72062f627202e29e2\"\u003e\u003ccode\u003e5d20277\u003c/code\u003e\u003c/a\u003e Cleanup old Rails.version check for db migration path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/4ffb0b7e88b627ac0575e475b279e0cc474b4ded\"\u003e\u003ccode\u003e4ffb0b7\u003c/code\u003e\u003c/a\u003e Fix Gemfile for Rails 7.2, incorrectly testing against 7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/2f809205b2a9112767e68e1a5666c649a42609c6\"\u003e\u003ccode\u003e2f80920\u003c/code\u003e\u003c/a\u003e Release v5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/53347074021b38590653b95523f9b7113e5dcfdc\"\u003e\u003ccode\u003e5334707\u003c/code\u003e\u003c/a\u003e Add CVE to changelog [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/02527772bd9adbc3357d9c62fbc16e73e438121d\"\u003e\u003ccode\u003e0252777\u003c/code\u003e\u003c/a\u003e Fix race condition vulnerability, by ensuring the \u003ccode\u003eunconfirmed_email\u003c/code\u003e is alwa...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/heartcombo/devise/compare/v4.9.4...v5.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.14.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/2ecd5e05388303087c3f6872ef7f98f260e9560f\"\u003e\u003ccode\u003e2ecd5e0\u003c/code\u003e\u003c/a\u003e Update version.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3f1280c69e93297d574e85a2d462d05ebadf1d09\"\u003e\u003ccode\u003e3f1280c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/81dc1688742ad30fa747daba5a82592a1e4df8a8\"\u003e\u003ccode\u003e81dc168\u003c/code\u003e\u003c/a\u003e Upgrade package.json packages using audit fix (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/8b4d1fd06fd47dd33f3720794d4df38498c240ec\"\u003e\u003ccode\u003e8b4d1fd\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a01039c948d3e9e41e03d152aed7244f0fb4d5ca\"\u003e\u003ccode\u003ea01039c\u003c/code\u003e\u003c/a\u003e fix(docs): fix incorrect link label in request-options and remove dead link i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/7df3f24bc32d309136c67d94a9f5e4679085af0d\"\u003e\u003ccode\u003e7df3f24\u003c/code\u003e\u003c/a\u003e Lint: Style/OneClassPerFile (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1668\"\u003e#1668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/c6988a840738760fae1a40d653fa2ccd0da425b9\"\u003e\u003ccode\u003ec6988a8\u003c/code\u003e\u003c/a\u003e Modernize RuboCop configuration and fix offenses (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/32e010f1c3d5cf0f854fd52df553adf9b29985f4\"\u003e\u003ccode\u003e32e010f\u003c/code\u003e\u003c/a\u003e Add Ruby 4 to CI (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jwt` from 3.1.2 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c\"\u003e\u003ccode\u003e0b6f800\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fa19073546360856e9f4dab221fc2c5d73a45e82\"\u003e\u003ccode\u003efa19073\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c\"\u003e\u003ccode\u003e4933c1e\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53\"\u003e\u003ccode\u003e707c0f1\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b8a1665824a43d71cd6406cf9adcae842ceb1c22\"\u003e\u003ccode\u003eb8a1665\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b\"\u003e\u003ccode\u003e8159a9c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 7.2.3 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.3...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.8 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.8...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erb` from 6.0.1 to 6.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/releases\"\u003eerb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.3...v6.0.4\"\u003ehttps://github.com/ruby/erb/compare/v6.0.3...v6.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude dependabot updates from release note by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/101\"\u003eruby/erb#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: rename BDSL to BSDL by \u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze src in initialize by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse tag instead of branch with lewagon/wait-on-check-action by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/107\"\u003eruby/erb#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: exclude some files from published gem by \u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/G-Rath\"\u003e\u003ccode\u003e@​G-Rath\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.3\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude dependabot updates from release note by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/101\"\u003eruby/erb#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: rename BDSL to BSDL by \u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFreeze src in initialize by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djkazunoko\"\u003e\u003ccode\u003e@​djkazunoko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/erb/pull/103\"\u003eruby/erb#103\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\"\u003ehttps://github.com/ruby/erb/compare/v6.0.1...v6.0.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/erb/blob/master/NEWS.md\"\u003eerb's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExclude some files from published gem \u003ca href=\"https://redirect.github.com/ruby/erb/pull/108\"\u003eruby/erb#108\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFreeze \u003ccode\u003esrc\u003c/code\u003e in \u003ccode\u003eERB#initialize\u003c/code\u003e for Ractor compatibility \u003ca href=\"https://redirect.github.com/ruby/erb/pull/105\"\u003eruby/erb#105\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit \u003ccode\u003edef_method\u003c/code\u003e on marshal-loaded ERB instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/4d2b45e140044f464794c0463d838d5cb4bba96c\"\u003e\u003ccode\u003e4d2b45e\u003c/code\u003e\u003c/a\u003e Version 6.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9d017be4e375cdd058650ce528ee6adfead20cac\"\u003e\u003ccode\u003e9d017be\u003c/code\u003e\u003c/a\u003e Prohibit def_method on marshal-loaded ERB instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9c8fa8a339605c6edf058805cc549a6afa70cb31\"\u003e\u003ccode\u003e9c8fa8a\u003c/code\u003e\u003c/a\u003e Version 6.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/0ebc6aef1caeb7c8df2e5e4b821d3eb539b5a166\"\u003e\u003ccode\u003e0ebc6ae\u003c/code\u003e\u003c/a\u003e Bump rubygems/release-gem from 1.1.2 to 1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/25a729a9985378a029b7df23f0b2795bf47c47e4\"\u003e\u003ccode\u003e25a729a\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.15.0 to 2.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/9820802399770bc56b986ee65510ae93fd20103a\"\u003e\u003ccode\u003e9820802\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/261136602a4e9079360575b805180df2c6877eb6\"\u003e\u003ccode\u003e2611366\u003c/code\u003e\u003c/a\u003e Bump lewagon/wait-on-check-action from 1.5.0 to 1.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/890d87f02d18be5735f18d817c7f6dc49f62dd4a\"\u003e\u003ccode\u003e890d87f\u003c/code\u003e\u003c/a\u003e Use github.token instead of missing MATZBOT_DEPENDABOT_MERGE_TOKEN secret\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/afc32b6dd1a6b2c41a15e6ac10ac3f6899de42f9\"\u003e\u003ccode\u003eafc32b6\u003c/code\u003e\u003c/a\u003e Fix dependabot auto-merge by using GH_TOKEN env var\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/erb/commit/2fd0a6b71c0db9d5b0b14aaaab4d1768d54e7600\"\u003e\u003ccode\u003e2fd0a6b\u003c/code\u003e\u003c/a\u003e fix: exclude some files from published gem (\u003ca href=\"https://redirect.github.com/ruby/erb/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/erb/compare/v6.0.1...v6.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json` from 2.19.1 to 2.19.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.6...v2.19.7\"\u003ehttps://github.com/ruby/json/compare/v2.19.6...v2.19.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.5...v2.19.6\"\u003ehttps://github.com/ruby/json/compare/v2.19.5...v2.19.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.4...v2.19.5\"\u003ehttps://github.com/ruby/json/compare/v2.19.4...v2.19.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.4\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/ruby/json/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/ruby/json/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2026-06-03 (2.19.8)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix 1-byte buffer overread on EOS errors.\u003c/li\u003e\n\u003cli\u003eHandle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.7)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix some more edge cases with out of range floats.\u003c/li\u003e\n\u003cli\u003eEnsure the string provided to \u003ccode\u003eJSON.parse\u003c/code\u003e can't be mutated during parsing.\u003c/li\u003e\n\u003cli\u003eAdd missing write barriers in \u003ccode\u003eState#dup\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFurther validate generator \u003ccode\u003edepth\u003c/code\u003e config.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-28 (2.19.6)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCleanly handle overly large \u003ccode\u003edepth\u003c/code\u003e generator argument.\u003c/li\u003e\n\u003cli\u003eAdd missing write barrier in \u003ccode\u003eParserConfig\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-05-04 (2.19.5)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCap the parser to emit a maximum of 5 deprecation warnings per document. Emitting more is not helpful.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-04-19 (2.19.4)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of out of range floats (very large exponents that lead to either \u003ccode\u003e0.0\u003c/code\u003e or \u003ccode\u003eInf\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-25 (2.19.3)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of unescaped control characters preceeded by a backslash.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e2026-03-18 (2.19.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a format string injection vulnerability in \u003ccode\u003eJSON.parse(doc, allow_duplicate_key: false)\u003c/code\u003e. \u003ccode\u003eCVE-2026-33210\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5233dd9b851a4924f793aec1a1658ed8b66a34c7\"\u003e\u003ccode\u003e5233dd9\u003c/code\u003e\u003c/a\u003e Release 2.19.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/3f44b26cf34f37e97065ff37f5eaecac69d5f28e\"\u003e\u003ccode\u003e3f44b26\u003c/code\u003e\u003c/a\u003e Prevent buffer over-read when generating EOF error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/be8d068a8eb1124fdc2273e102dc986edf1140f7\"\u003e\u003ccode\u003ebe8d068\u003c/code\u003e\u003c/a\u003e Handle invalid types passed as \u003ccode\u003emax_nesting\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/59501c07de4257714d94a2d5bd44f08fad1a4a4c\"\u003e\u003ccode\u003e59501c0\u003c/code\u003e\u003c/a\u003e Get rid of all_images gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c7a7b2be6f20e52439f4fdc5263e9b539fc6ad6c\"\u003e\u003ccode\u003ec7a7b2b\u003c/code\u003e\u003c/a\u003e Add a security note in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ab6c8f2cdbc9cfa6079f5d0679afbc407a227c6d\"\u003e\u003ccode\u003eab6c8f2\u003c/code\u003e\u003c/a\u003e Release 2.19.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f033b9d3421c450108913d724810938e2d055e84\"\u003e\u003ccode\u003ef033b9d\u003c/code\u003e\u003c/a\u003e Fix some more edge cases with out of range floats\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/5ca8a67f52be73f68b7cd3b1f62809e3118c9d36\"\u003e\u003ccode\u003e5ca8a67\u003c/code\u003e\u003c/a\u003e parser.c: Ensure the user provided string can't be mutated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/dba1d885eae95ad2ca2b1986192ffd4397196525\"\u003e\u003ccode\u003edba1d88\u003c/code\u003e\u003c/a\u003e generator.c: trigger write barriers in cState_init_copy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e8800cb0c58cf8ecda0943f94cbf63606cdca13b\"\u003e\u003ccode\u003ee8800cb\u003c/code\u003e\u003c/a\u003e Further validate generator \u003ccode\u003edepth\u003c/code\u003e config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.19.1...v2.19.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `loofah` from 2.25.0 to 2.25.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/flavorjones/loofah/releases\"\u003eloofah's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.25.1 / 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003eLoofah::HTML5::Scrub.allowed_uri?\u003c/code\u003e recognizes unescaped whitespace entities and rejects schemas containing them. See \u003ca href=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-46fp-8f5p-pf2m\"\u003eGHSA-46fp-8f5p-pf2m\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md\"\u003eloofah's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.25.1 / 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure \u003ccode\u003eLoofah::HTML5::Scrub.allowed_uri?\u003c/code\u003e recognizes unescaped whitespace entities and rejects schemas containing them. See \u003ca href=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-46fp-8f5p-pf2m\"\u003eGHSA-46fp-8f5p-pf2m\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/c895c8b2ac9c7255ca10c4e3083b8f0b019b7189\"\u003e\u003ccode\u003ec895c8b\u003c/code\u003e\u003c/a\u003e version bump to v2.25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/f4ebc9c5193dde759a57541062e490e86fc7c068\"\u003e\u003ccode\u003ef4ebc9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/flavorjones/loofah/issues/302\"\u003e#302\u003c/a\u003e from flavorjones/flavorjones/better-allowed-uri\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/9f4e5dbd79f63775b3ad6196fa391f8e807da156\"\u003e\u003ccode\u003e9f4e5db\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003eallowed_uri?\u003c/code\u003e to handle unescaped whitespace entities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones/loofah/commit/e6f47515f642b1868f9025e85429301fa6f8bb20\"\u003e\u003ccode\u003ee6f4751\u003c/code\u003e\u003c/a\u003e doc: Move security reporting to Github\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/flavorjones/loofah/compare/v2.25.0...v2.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 0.8.0 to 0.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.9.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_delete\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eMCP::Client::Stdio\u003c/code\u003e transport (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProgress notifications per MCP specification (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAutomatic \u003ccode\u003e_meta\u003c/code\u003e parameter extraction support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCORS and Accept wildcard support for browser-based MCP clients (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eautoload\u003c/code\u003e to defer loading of unused subsystems (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce release package size (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse mutex-protected \u003ccode\u003esession_exists?\u003c/code\u003e in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/blob/main/CHANGELOG.md\"\u003emcp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.9.2] - 2026-03-27\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.9.1] - 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_delete\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/261\"\u003e#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.9.0] - 2026-03-20\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eMCP::Client::Stdio\u003c/code\u003e transport (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/262\"\u003e#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProgress notifications per MCP specification (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAutomatic \u003ccode\u003e_meta\u003c/code\u003e parameter extraction support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCORS and Accept wildcard support for browser-based MCP clients (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eautoload\u003c/code\u003e to defer loading of unused subsystems (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce release package size (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn 404 for invalid session ID in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse mutex-protected \u003ccode\u003esession_exists?\u003c/code\u003e in \u003ccode\u003ehandle_regular_request\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/3fc7bcd2683d2200d42f79ab46752dc65f896db1\"\u003e\u003ccode\u003e3fc7bcd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/272\"\u003e#272\u003c/a\u003e from koic/release_0_9_2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/8fbc2b46313479cdbf5afbb44045583f94e813e3\"\u003e\u003ccode\u003e8fbc2b4\u003c/code\u003e\u003c/a\u003e Release 0.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/6b092797c90183099b88f86ada44b27dea340d6f\"\u003e\u003ccode\u003e6b09279\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/273\"\u003e#273\u003c/a\u003e from koic/use_accessor_in_server_context_with_meta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/a2575b24e5f48943f4f0b66b6632b917fe803116\"\u003e\u003ccode\u003ea2575b2\u003c/code\u003e\u003c/a\u003e Use accessor method in \u003ccode\u003eserver_context_with_meta\u003c/code\u003e instead of ivar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/e189d7852a80d63c00bd488fe5f58420673aaa87\"\u003e\u003ccode\u003ee189d78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/db40143402d65b4fb6923cec42d2d72cb89b3874\"\u003e\u003ccode\u003edb40143\u003c/code\u003e\u003c/a\u003e Reject duplicate SSE connections with 409 to prevent stream hijacking\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/3b1fc72fb50dfe3685e5d5387820b86d25f60e94\"\u003e\u003ccode\u003e3b1fc72\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/267\"\u003e#267\u003c/a\u003e from koic/release_0_9_1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/f29259c0b1f540c56acd977ed17f938c3388b641\"\u003e\u003ccode\u003ef29259c\u003c/code\u003e\u003c/a\u003e Release 0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/ccddd87e96f66ddd00884fda906a08634303fa05\"\u003e\u003ccode\u003eccddd87\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/modelcontextprotocol/ruby-sdk/issues/266\"\u003e#266\u003c/a\u003e from koic/allow_client_call_tool_to_accept_a_tool_name\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/commit/73070f1fd7e8e69658c5f13e10212d537ffc3799\"\u003e\u003ccode\u003e73070f1\u003c/code\u003e\u003c/a\u003e Allow \u003ccode\u003eClient#call_tool\u003c/code\u003e to accept a tool name\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/ruby-sdk/compare/v0.8.0...v0.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `net-imap` from 0.5.12 to 0.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/net-imap/releases\"\u003enet-imap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e🔒 Security\u003c/h3\u003e\n\u003cp\u003eThis release contains fixes for \u003cstrong\u003emultiple vulnerabilities\u003c/strong\u003e concerning \u003cem\u003e\u003cstrong\u003e\u003ccode\u003eSTARTTLS\u003c/code\u003e stripping\u003c/strong\u003e\u003c/em\u003e, argument validation, and denial of service attacks.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/665\"\u003eruby/net-imap#665\u003c/a\u003e fixes a \u003ccode\u003eSTARTTLS\u003c/code\u003e stripping vulnerability (GHSA-vcgp-9326-pqcp).\nWithout this fix, a man-in-the-middle attacker can cause \u003ccode\u003eNet::IMAP#starttls\u003c/code\u003e to return \u0026quot;successfully\u0026quot;, \u003cstrong\u003e\u003cem\u003ewithout starting TLS\u003c/em\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nArgument validation is significantly improved.  Several command injection vulnerabilities have been fixed:\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via Symbol arguments (GHSA-75xq-5h9v-w6px).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003eattr\u003c/code\u003e argument to \u003ccode\u003e#store\u003c/code\u003e/\u003ccode\u003e#uid_store\u003c/code\u003e (GHSA-hm49-wcqc-g2xg)\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003estorage_limit\u003c/code\u003e argument to \u003ccode\u003e#setquota\u003c/code\u003e (GHSA-hm49-wcqc-g2xg).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e fixes CRLF/command injection via \u003ccode\u003eRawData\u003c/code\u003e (GHSA-hm49-wcqc-g2xg):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#search\u003c/code\u003e and \u003ccode\u003e#uid_search\u003c/code\u003e send \u003ccode\u003ecriteria\u003c/code\u003e as raw data, when it is a String\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e#fetch\u003c/code\u003e and \u003ccode\u003e#uid_fetch\u003c/code\u003e send \u003ccode\u003eattr\u003c/code\u003e as raw data, when it is a String.\nWhen \u003ccode\u003eattr\u003c/code\u003e is an Array, its String members are sent as raw data.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!CAUTION]\n\u003ccode\u003eRawData\u003c/code\u003e does not defend against \u003cem\u003eother\u003c/em\u003e forms of argument injection!  It is an intentionally low-level API.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nTwo denial of service vulnerabilities have been addressed.\nThese are generally only relevant when connecting to an \u003cem\u003euntrusted hostile server\u003c/em\u003e (or without TLS).\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/650\"\u003eruby/net-imap#650\u003c/a\u003e fixes quadratic time complexity when reading large responses containing many string literals (GHSA-q2mw-fvj9-vvcw).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/656\"\u003eruby/net-imap#656\u003c/a\u003e adds a configurable \u003ccode\u003emax_iterations\u003c/code\u003e count for \u003ccode\u003eSCRAM-*\u003c/code\u003e authentication (GHSA-87pf-fpwv-p7m7).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 Add \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/654\"\u003e#654\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/656\"\u003eruby/net-imap#656\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 Fix STARTTLS stripping vulnerability (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/665\"\u003eruby/net-imap#665\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔒 Fix CRLF injection vulnerabilities (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/657\"\u003e#657\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/658\"\u003e#658\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/659\"\u003e#659\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/660\"\u003e#660\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/636\"\u003e#636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/661\"\u003e#661\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e, reported by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e⚡ Much faster ResponseReader performance (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/642\"\u003e#642\u003c/a\u003e) in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/650\"\u003eruby/net-imap#650\u003c/a\u003e, reported by \u003ca href=\"https://github.com/Masamuneee\"\u003e\u003ccode\u003e@​Masamuneee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 Config \u003ccode\u003eversion_defaults\u003c/code\u003e should be attr_reader (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/594\"\u003e#594\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/631\"\u003eruby/net-imap#631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 Wait to continue RawData literals (backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/660\"\u003e#660\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/662\"\u003eruby/net-imap#662\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️  Improve internal literal sending (partially backports \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/616\"\u003e#616\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/649\"\u003e#649\u003c/a\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/652\"\u003eruby/net-imap#652\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Fix Data polyfill tests for ruby 4.1 by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/632\"\u003eruby/net-imap#632\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/net-imap/compare/v0.5.13...v0.5.14\"\u003ehttps://github.com/ruby/net-imap/compare/v0.5.13...v0.5.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/4063bc1d1d3e21046544ed7a2c131e5f886bab01\"\u003e\u003ccode\u003e4063bc1\u003c/code\u003e\u003c/a\u003e 🔖 Bump version to 0.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da\"\u003e\u003ccode\u003ef79d35b\u003c/code\u003e\u003c/a\u003e 🔀 Merge pull request \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/665\"\u003e#665\u003c/a\u003e from ruby/backport/v0.5/STARTTLS-stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/b3ad198bdecd7f8f1342bf2f0191bc5261130383\"\u003e\u003ccode\u003eb3ad198\u003c/code\u003e\u003c/a\u003e 🍒 pick 24d5c773d: 🔒🥅 Handle tagged \u0026quot;OK\u0026quot; to incomplete command [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/7a233c57fdf319ad8f238072a60c27948dd44e89\"\u003e\u003ccode\u003e7a233c5\u003c/code\u003e\u003c/a\u003e 🍒 pick 62eea6ffe: 🔒🥅 Ensure STARTTLS tagged response was handled [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/a530fa7d0efba9e02aa88ea9b9835e4d5e58f308\"\u003e\u003ccode\u003ea530fa7\u003c/code\u003e\u003c/a\u003e 🍒 pick 46636cae8: ❌🔒 Add failing test for STARTTLS stripping [backport \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/6...\n\n_Description has been truncated_","html_url":"https://github.com/yuuki2014/shiroichizu/pull/217","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuuki2014%2Fshiroichizu/issues/217","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/217/packages"}},{"old_version":"2.10.2","new_version":"2.10.3","update_type":"patch","path":"the bundler group across 1 directory","pr_created_at":"2026-06-03T22:23:56.000Z","version_change":"2.10.2 → 2.10.3","issue":{"uuid":"4584107304","node_id":"PR_kwDOOcgMU87icG82","number":255,"state":"open","title":"Bump jwt from 2.10.2 to 2.10.3 in the bundler group across 1 directory","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T22:23:56.000Z","updated_at":"2026-06-05T02:22:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":"the bundler group across 1 directory","ecosystem":"rubygems"},"body":"Bumps the bundler group with 1 update in the / directory: [jwt](https://github.com/jwt/ruby-jwt).\n\nUpdates `jwt` from 2.10.2 to 2.10.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/orbot-android/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/orbot-android/pull/255","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Forbot-android/issues/255","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/255/packages"}},{"old_version":"2.5.0","new_version":"2.10.3","update_type":"minor","path":"/record-and-playback/core","pr_created_at":"2026-06-02T22:47:32.000Z","version_change":"2.5.0 → 2.10.3","issue":{"uuid":"4575501955","node_id":"PR_kwDOAApxXs7h_xxm","number":25218,"state":"open","title":"build(deps): bump jwt from 2.5.0 to 2.10.3 in /record-and-playback/core","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:47:32.000Z","updated_at":"2026-06-02T23:09:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"jwt","old_version":"2.5.0","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":"/record-and-playback/core","ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.5.0 to 2.10.3.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.1\"\u003ev3.2.1\u003c/a\u003e (NEXT)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.2.0...v3.2.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eYour contribution here\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix rejection of unknown algorithms from JWKs for RFC compliance and pquip \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/728\"\u003e#728\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/658275c3f20156df0656cf25d3e2129fa0fd2322\"\u003e\u003ccode\u003e658275c\u003c/code\u003e\u003c/a\u003e Version 2.10.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/67dc9d344ece2c18ff1f25621e10f5a692503191\"\u003e\u003ccode\u003e67dc9d3\u003c/code\u003e\u003c/a\u003e Backport: Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/c73c286901b88bd7c73ec72c5154da74b8533ba1\"\u003e\u003ccode\u003ec73c286\u003c/code\u003e\u003c/a\u003e Simplify CI on 2.10 branch (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7ff5f070ce696ed31d361238fda221d429786187\"\u003e\u003ccode\u003e7ff5f07\u003c/code\u003e\u003c/a\u003e Fix deprecation messages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/6e59d2620fd098e307fd671a3283be29fb95cdc3\"\u003e\u003ccode\u003e6e59d26\u003c/code\u003e\u003c/a\u003e Make version constants public\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a490892dc8016d2ddde9c852fbc9a762dd34ea40\"\u003e\u003ccode\u003ea490892\u003c/code\u003e\u003c/a\u003e Start the 3.0 iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d09d63b2b195822736df2ba2c19de896f7791e55\"\u003e\u003ccode\u003ed09d63b\u003c/code\u003e\u003c/a\u003e Prepare 2.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/3f38be053e71bad5f4eae27b3a34d151798ac4ec\"\u003e\u003ccode\u003e3f38be0\u003c/code\u003e\u003c/a\u003e Generate CNAME entry\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.5.0...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.5.0\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bigbluebutton/bigbluebutton/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/bigbluebutton/bigbluebutton/pull/25218","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bigbluebutton%2Fbigbluebutton/issues/25218","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25218/packages"}},{"old_version":"2.10.2","new_version":"2.10.3","update_type":"patch","path":null,"pr_created_at":"2026-06-02T22:31:56.000Z","version_change":"2.10.2 → 2.10.3","issue":{"uuid":"4575428650","node_id":"PR_kwDOO8tGQc7h_iaw","number":18,"state":"open","title":"chore(deps): bump jwt from 2.10.2 to 2.10.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:31:56.000Z","updated_at":"2026-06-02T22:35:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 2.10.3.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Fedihosting-Foundation-Forks/blorp/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Fedihosting-Foundation-Forks/blorp/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fedihosting-Foundation-Forks%2Fblorp/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"}},{"old_version":"2.10.2","new_version":"2.10.3","update_type":"patch","path":null,"pr_created_at":"2026-06-02T22:28:50.000Z","version_change":"2.10.2 → 2.10.3","issue":{"uuid":"4575413195","node_id":"PR_kwDOOT1pBs7h_fEY","number":210,"state":"open","title":"chore(deps): bump jwt from 2.10.2 to 2.10.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:28:50.000Z","updated_at":"2026-06-02T22:29:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 2.10.3.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Shojin-App/shojin_app/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Shojin-App/shojin_app/pull/210","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Shojin-App%2Fshojin_app/issues/210","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/210/packages"}},{"old_version":"2.10.1","new_version":"2.10.3","update_type":"patch","path":null,"pr_created_at":"2026-06-02T22:28:47.000Z","version_change":"2.10.1 → 2.10.3","issue":{"uuid":"4575412978","node_id":"PR_kwDOQp4dK87h_fBe","number":3,"state":"open","title":"chore(deps): bump the bundler group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:28:47.000Z","updated_at":"2026-06-02T22:29:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"bundler","update_count":7,"packages":[{"name":"activesupport","old_version":"7.2.2.1","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"aws-sdk-s3","old_version":"1.181.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"faraday","old_version":"1.10.4","new_version":"1.10.5","repository_url":"https://github.com/lostisland/faraday"},{"name":"json","old_version":"2.10.1","new_version":"2.10.2","repository_url":"https://github.com/ruby/json"},{"name":"jwt","old_version":"2.10.1","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"},{"name":"rexml","old_version":"3.4.1","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [activesupport](https://github.com/rails/rails) | `7.2.2.1` | `7.2.3.1` |\n| [addressable](https://github.com/sporkmonger/addressable) | `2.8.7` | `2.9.0` |\n| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.181.0` | `1.208.0` |\n| [faraday](https://github.com/lostisland/faraday) | `1.10.4` | `1.10.5` |\n| [json](https://github.com/ruby/json) | `2.10.1` | `2.10.2` |\n| [jwt](https://github.com/jwt/ruby-jwt) | `2.10.1` | `2.10.3` |\n| [rexml](https://github.com/ruby/rexml) | `3.4.1` | `3.4.2` |\n\n\nUpdates `activesupport` from 7.2.2.1 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.2.1...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.181.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 1.10.4 to 1.10.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport CVE-2026-25765 by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1665\"\u003elostisland/faraday#1665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ehttps://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/5c1d68aae6020c7a5398147356e5a42ca205bf80\"\u003e\u003ccode\u003e5c1d68a\u003c/code\u003e\u003c/a\u003e Version bump to 1.10.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/ea02c0ecbcd7ecc5553767f0cd97ec94eae6142b\"\u003e\u003ccode\u003eea02c0e\u003c/code\u003e\u003c/a\u003e Update rubocop complexity thresholds for security fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d0fc049beb0b0e4e3bd4a52711189130bba7c5f4\"\u003e\u003ccode\u003ed0fc049\u003c/code\u003e\u003c/a\u003e Backport security fix for CVE-2026-25765 to 1.x branch (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1665\"\u003e#1665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lostisland/faraday/compare/v1.10.4...v1.10.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json` from 2.10.1 to 2.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/releases\"\u003ejson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e unadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/ruby/json/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/json/blob/master/CHANGES.md\"\u003ejson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e2025-03-12 (2.10.2)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential crash in the C extension parser.\u003c/li\u003e\n\u003cli\u003eRaise a ParserError on all incomplete unicode escape sequence. This was the behavior until \u003ccode\u003e2.10.0\u003c/code\u003e inadvertently changed it.\u003c/li\u003e\n\u003cli\u003eEnsure document snippets that are included in parser errors don't include truncated multibyte characters.\u003c/li\u003e\n\u003cli\u003eEnsure parser error snippets are valid UTF-8.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eJSON::GeneratorError#detailed_message\u003c/code\u003e on Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/350c1fd154eaf7840f696c623362478a9148166c\"\u003e\u003ccode\u003e350c1fd\u003c/code\u003e\u003c/a\u003e Release 2.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c56db31f800d5d508389793e69682f99749dbadf\"\u003e\u003ccode\u003ec56db31\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/cf242d89a0523bacd5238a59c77b33411b8c3208\"\u003e\u003ccode\u003ecf242d8\u003c/code\u003e\u003c/a\u003e Fix potential out of bound read in \u003ccode\u003ejson_string_unescape\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/57911f1ecf065c36cf36e6bc46fd037c675ceb55\"\u003e\u003ccode\u003e57911f1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/762\"\u003e#762\u003c/a\u003e from byroot/invalid-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/7d0637b9e6e0269c88418b142cb9a1ef2799587d\"\u003e\u003ccode\u003e7d0637b\u003c/code\u003e\u003c/a\u003e Raise a ParserError on all incomplete unicode escape sequence.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/c079793b7655b749a4d85f5c8e6bd2649fd31c0c\"\u003e\u003ccode\u003ec079793\u003c/code\u003e\u003c/a\u003e Avoid fast-path IO writes when IO has ext enc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/ac30b69c06a2e4d21cca4875a7265c24f6ede5ed\"\u003e\u003ccode\u003eac30b69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/757\"\u003e#757\u003c/a\u003e from rahim/fix-generator-error-no-method-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/2e015ff839ed2044ead0fd27b63a912766270a1b\"\u003e\u003ccode\u003e2e015ff\u003c/code\u003e\u003c/a\u003e Fix JSON::GeneratorError#detailed_message with Ruby \u0026lt; 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/f3e113654fb61cb670ab70f2470dc26183c369e1\"\u003e\u003ccode\u003ef3e1136\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/json/issues/756\"\u003e#756\u003c/a\u003e from byroot/utf8-snippets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/json/commit/e144793b7226c2df75c414749d6f87ab7fcf4dce\"\u003e\u003ccode\u003ee144793\u003c/code\u003e\u003c/a\u003e Ensure parser error snippets are valid UTF-8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/json/compare/v2.10.1...v2.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jwt` from 2.10.1 to 2.10.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.1\"\u003ev3.2.1\u003c/a\u003e (NEXT)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.2.0...v3.2.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eYour contribution here\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix rejection of unknown algorithms from JWKs for RFC compliance and pquip \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/728\"\u003e#728\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/658275c3f20156df0656cf25d3e2129fa0fd2322\"\u003e\u003ccode\u003e658275c\u003c/code\u003e\u003c/a\u003e Version 2.10.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/67dc9d344ece2c18ff1f25621e10f5a692503191\"\u003e\u003ccode\u003e67dc9d3\u003c/code\u003e\u003c/a\u003e Backport: Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/c73c286901b88bd7c73ec72c5154da74b8533ba1\"\u003e\u003ccode\u003ec73c286\u003c/code\u003e\u003c/a\u003e Simplify CI on 2.10 branch (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7ff5f070ce696ed31d361238fda221d429786187\"\u003e\u003ccode\u003e7ff5f07\u003c/code\u003e\u003c/a\u003e Fix deprecation messages\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.4.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.4.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/EmilynnJ/jitsi-meet/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade Bundler dependencies to pick up security fixes and SDK improvements. Bumps `activesupport`, `addressable`, `aws-sdk-s3`, `faraday`, `json`, `jwt`, and `rexml` with no app code changes.\n\n- **Dependencies**\n  - `activesupport` 7.2.3.1 — security fixes and minor perf updates\n  - `addressable` 2.9.0 — fixes ReDoS in Template#match\n  - `aws-sdk-s3` 1.208.0 — SDK updates incl. encryption and checksum behavior\n  - `faraday` 1.10.5 — security fix\n  - `json` 2.10.2 — parser stability fixes\n  - `jwt` 2.10.3 — reject nil/empty HMAC keys (security)\n  - `rexml` 3.4.2 — performance and parsing improvements\n\n\u003csup\u003eWritten for commit 9f6a056a79f5089917c2f9c93714eabeea5fc4ce. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/jitsi-meet/pull/3?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 7 bundler dependencies in Gemfile.lock\n\u003e Updates the Ruby bundler lockfile with 7 dependency version bumps. No application logic changes are included.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 9f6a056.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/jitsi-meet/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fjitsi-meet/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"2.10.2","new_version":"2.10.3","update_type":"patch","path":null,"pr_created_at":"2026-06-02T22:27:25.000Z","version_change":"2.10.2 → 2.10.3","issue":{"uuid":"4575406218","node_id":"PR_kwDOKADG287h_dmq","number":877,"state":"open","title":"build(deps): Bump jwt from 2.10.2 to 2.10.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T22:27:25.000Z","updated_at":"2026-06-02T22:50:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 2.10.3.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/govuk-one-login/mobile-android-one-login-app/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/govuk-one-login/mobile-android-one-login-app/pull/877","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/govuk-one-login%2Fmobile-android-one-login-app/issues/877","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/877/packages"}},{"old_version":"2.10.1","new_version":"2.10.3","update_type":"patch","path":"/fastlane","pr_created_at":"2026-06-02T22:26:03.000Z","version_change":"2.10.1 → 2.10.3","issue":{"uuid":"4575398920","node_id":"PR_kwDOCINW2s7h_cC6","number":9242,"state":"closed","title":"Bump jwt from 2.10.1 to 2.10.3 in /fastlane","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-04T05:09:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-02T22:26:03.000Z","updated_at":"2026-06-04T05:10:07.000Z","time_to_close":110632,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.1","new_version":"2.10.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":"/fastlane","ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.1 to 2.10.3.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.1\"\u003ev3.2.1\u003c/a\u003e (NEXT)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.2.0...v3.2.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eYour contribution here\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix rejection of unknown algorithms from JWKs for RFC compliance and pquip \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/728\"\u003e#728\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a52e81d2c6b6aa6ff4be929dfa69da6b52db2888\"\u003e\u003ccode\u003ea52e81d\u003c/code\u003e\u003c/a\u003e Version 2.10.3 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9820020869ad147b941e49d96ab8beba35532964\"\u003e\u003ccode\u003e9820020\u003c/code\u003e\u003c/a\u003e Backport to 2.x: Reject nil and empty HMAC keys (CVE-2026-45363) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/658275c3f20156df0656cf25d3e2129fa0fd2322\"\u003e\u003ccode\u003e658275c\u003c/code\u003e\u003c/a\u003e Version 2.10.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/67dc9d344ece2c18ff1f25621e10f5a692503191\"\u003e\u003ccode\u003e67dc9d3\u003c/code\u003e\u003c/a\u003e Backport: Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/c73c286901b88bd7c73ec72c5154da74b8533ba1\"\u003e\u003ccode\u003ec73c286\u003c/code\u003e\u003c/a\u003e Simplify CI on 2.10 branch (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7ff5f070ce696ed31d361238fda221d429786187\"\u003e\u003ccode\u003e7ff5f07\u003c/code\u003e\u003c/a\u003e Fix deprecation messages\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v2.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.1\u0026new-version=2.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/horizontalsystems/unstoppable-wallet-android/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/horizontalsystems/unstoppable-wallet-android/pull/9242","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/horizontalsystems%2Funstoppable-wallet-android/issues/9242","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9242/packages"}},{"old_version":"3.1.2","new_version":"3.2.0","update_type":"minor","path":null,"pr_created_at":"2026-05-18T20:15:17.000Z","version_change":"3.1.2 → 3.2.0","issue":{"uuid":"4472264350","node_id":"PR_kwDOBf2z7M7czys1","number":183,"state":"closed","title":"Bump jwt from 3.1.2 to 3.2.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T01:17:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T20:15:17.000Z","updated_at":"2026-05-19T01:17:40.000Z","time_to_close":18134,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 3.1.2 to 3.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=3.1.2\u0026new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dblock/slack-sup/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/dblock/slack-sup/pull/183","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dblock%2Fslack-sup/issues/183","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/183/packages"}},{"old_version":"3.1.2","new_version":"3.2.0","update_type":"minor","path":null,"pr_created_at":"2026-05-18T20:00:13.000Z","version_change":"3.1.2 → 3.2.0","issue":{"uuid":"4472164105","node_id":"PR_kwDOApUPbs7czd_J","number":2906,"state":"open","title":"chore: bump jwt from 3.1.2 to 3.2.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T20:00:13.000Z","updated_at":"2026-05-28T00:53:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 3.1.2 to 3.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/SFDigitalServices/sf-dahlia-web/pull/2906","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SFDigitalServices%2Fsf-dahlia-web/issues/2906","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2906/packages"}},{"old_version":"3.1.2","new_version":"3.2.0","update_type":"minor","path":null,"pr_created_at":"2026-05-18T19:44:08.000Z","version_change":"3.1.2 → 3.2.0","issue":{"uuid":"4472061852","node_id":"PR_kwDOJKDKxc7czIib","number":127,"state":"closed","title":"Bump jwt from 3.1.2 to 3.2.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T01:16:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T19:44:08.000Z","updated_at":"2026-05-19T01:17:03.000Z","time_to_close":19967,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 3.1.2 to 3.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=3.1.2\u0026new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dblock/slack-sup2/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/dblock/slack-sup2/pull/127","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dblock%2Fslack-sup2/issues/127","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/127/packages"}},{"old_version":"\u003e= 1.5, \u003c= 2.5","new_version":"\u003e= 1.5, \u003c= 3.3","update_type":null,"path":"the bundler group across 1 directory","pr_created_at":"2026-05-18T19:20:33.000Z","version_change":"\u003e= 1.5, \u003c= 2.5 → \u003e= 1.5, \u003c= 3.3","issue":{"uuid":"4471916622","node_id":"PR_kwDOGz0_gs7cyqKw","number":2,"state":"open","title":"chore(deps): update jwt requirement from \u003e= 1.5, \u003c= 2.5 to \u003e= 1.5, \u003c= 3.3 in the bundler group across 1 directory","user":"dependabot[bot]","labels":["dependencies","ruby","dependabot-semver-unknown","alert-severity-HIGH"],"assignees":[],"locked":false,"comments_count":87,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T19:20:33.000Z","updated_at":"2026-06-02T12:00:39.203Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): update","packages":[{"name":"jwt","old_version":"\u003e= 1.5, \u003c= 2.5","new_version":"\u003e= 1.5, \u003c= 3.3","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":"the bundler group across 1 directory","ecosystem":"rubygems"},"body":"Updates the requirements on [jwt](https://github.com/jwt/ruby-jwt) to permit the latest version.\nUpdates `jwt` to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/jwt-1.5.0...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/intercom/twilio-ruby/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/intercom/twilio-ruby/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/intercom%2Ftwilio-ruby/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"2.10.1","new_version":"3.2.0","update_type":"major","path":null,"pr_created_at":"2026-05-18T17:52:10.000Z","version_change":"2.10.1 → 3.2.0","issue":{"uuid":"4471323119","node_id":"PR_kwDOAHOAqs7cwtWa","number":40133,"state":"open","title":"DEPS: Bump jwt from 2.10.1 to 3.2.0","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T17:52:10.000Z","updated_at":"2026-05-18T17:53:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"DEPS: Bump","packages":[{"name":"jwt","old_version":"2.10.1","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.1 to 3.2.0.\n- [Release notes](https://github.com/jwt/ruby-jwt/releases)\n- [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.2.0)","html_url":"https://github.com/discourse/discourse/pull/40133","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/discourse%2Fdiscourse/issues/40133","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40133/packages"}},{"old_version":"3.1.2","new_version":"3.2.0","update_type":"minor","path":null,"pr_created_at":"2026-05-18T01:27:42.000Z","version_change":"3.1.2 → 3.2.0","issue":{"uuid":"4465636942","node_id":"PR_kwDOPbcsgM7ceYhM","number":70,"state":"open","title":"deps(deps): bump jwt from 3.1.2 to 3.2.0","user":"dependabot[bot]","labels":[],"assignees":["kanutocd"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T01:27:42.000Z","updated_at":"2026-05-18T01:27:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps)","packages":[{"name":"jwt","old_version":"3.1.2","new_version":"3.2.0","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 3.1.2 to 3.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.2.0\"\u003ev3.2.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenforce_hmac_key_length\u003c/code\u003e configuration option \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/716\"\u003e#716\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003enil\u003c/code\u003e and empty HMAC keys when signing and verifying (\u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-45363\"\u003eCVE-2026-45363\u003c/a\u003e / \u003ca href=\"https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x\"\u003eGHSA-c32j-vqhx-rx3x\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix compatibility with the openssl 4.0 gem \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/706\"\u003e#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest against Ruby 4.0 on CI \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/707\"\u003e#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix type error when header is not a JSON object \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/715\"\u003e#715\u003c/a\u003e - (\u003ca href=\"https://github.com/304\"\u003e\u003ccode\u003e@​304\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f\"\u003e\u003ccode\u003edb560b7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ffef4f2cc49f4c07447fa67601b396880e519704\"\u003e\u003ccode\u003effef4f2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/719\"\u003e#719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/69a343da4dcf990bfc5a3b51295a42b1c41abab9\"\u003e\u003ccode\u003e69a343d\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/78e7ed26cb8df3bb4d8cdcbf867d3d330c8b88f5\"\u003e\u003ccode\u003e78e7ed2\u003c/code\u003e\u003c/a\u003e Fix Style/PredicateWithKind RuboCop issue (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/1a1d877483e118400c1e4c66a8a0b66f84b39d85\"\u003e\u003ccode\u003e1a1d877\u003c/code\u003e\u003c/a\u003e Extract context classes into separate files for better organization (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/d3e52e9864c5afd94829acb6cb3167603d0cba72\"\u003e\u003ccode\u003ed3e52e9\u003c/code\u003e\u003c/a\u003e Add enforce_hmac_key_length configuration option (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/24ec3d8c3c985fb418ee7da4b09c7461f058f0ef\"\u003e\u003ccode\u003e24ec3d8\u003c/code\u003e\u003c/a\u003e Fix type error when header is not a JSON object (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/8c655d44af49509bc4969111ff4dd214a40e8e41\"\u003e\u003ccode\u003e8c655d4\u003c/code\u003e\u003c/a\u003e Fix typo in \u0026quot;Rubocop\u0026quot; to use correct casing \u0026quot;RuboCop\u0026quot; (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7af2ac0e36455b94543e47c3e042e9835b247965\"\u003e\u003ccode\u003e7af2ac0\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4 to 7 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/708\"\u003e#708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/efd5e6f529a758c3f227466d657abf767c0b0a08\"\u003e\u003ccode\u003eefd5e6f\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 4 to 6 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.2...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=3.1.2\u0026new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kanutocd/rack_jwt_aegis/pull/70","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kanutocd%2Frack_jwt_aegis/issues/70","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/70/packages"}},{"old_version":"2.10.2","new_version":"3.1.2","update_type":"major","path":null,"pr_created_at":"2026-05-07T22:47:30.000Z","version_change":"2.10.2 → 3.1.2","issue":{"uuid":"4402472928","node_id":"PR_kwDOR94zmc7ZVMpH","number":8,"state":"closed","title":"Bump jwt from 2.10.2 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-14T22:47:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-07T22:47:30.000Z","updated_at":"2026-05-14T22:47:12.000Z","time_to_close":604780,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 3.1.2.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire token signature to be verified before accessing payload \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/648\"\u003e#648\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for the HS512256 algorithm \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/650\"\u003e#650\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated claim verification methods \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/654\"\u003e#654\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dependency to rbnacl \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/655\"\u003e#655\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport only stricter base64 decoding (RFC 4648) \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/658\"\u003e#658\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCustom algorithms are required to include \u003ccode\u003eJWT::JWA::SigningAlgorithm\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/660\"\u003e#660\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire RSA keys to be at least 2048 bits \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/661\"\u003e#661\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBase64 encode and decode the k value for HMAC JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/662\"\u003e#662\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTake a look at the \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/UPGRADING.md\"\u003eupgrade guide\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWT::EncodedToken#verify! method that bundles signature and claim validation \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/647\"\u003e#647\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not override the alg header if already given \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/659\"\u003e#659\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/bbe7ae3786568b041f03f50cb2e48d2b964a4eb4\"\u003e\u003ccode\u003ebbe7ae3\u003c/code\u003e\u003c/a\u003e Version 3.1.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/700\"\u003e#700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/205a58d9b65ee337291eadafa274b60f71220c53\"\u003e\u003ccode\u003e205a58d\u003c/code\u003e\u003c/a\u003e Fix signing with EC JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/699\"\u003e#699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7231ef5927b4dcd3da97000b3ba3db9617255ba2\"\u003e\u003ccode\u003e7231ef5\u003c/code\u003e\u003c/a\u003e Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9524614ff5135c6fa0e876061ac9280df7c36cb7\"\u003e\u003ccode\u003e9524614\u003c/code\u003e\u003c/a\u003e Re-enable Truffleruby on the CI (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/698\"\u003e#698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ad4fc0439f7ee8a8e8b855dad54bfc5f98bfa65e\"\u003e\u003ccode\u003ead4fc04\u003c/code\u003e\u003c/a\u003e Prepare next iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/50c01e07b53ea5a33bf29ac08d6c61775b6d5d1e\"\u003e\u003ccode\u003e50c01e0\u003c/code\u003e\u003c/a\u003e Prepare 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/b45219d7c98473a1a7603d2bf5961f6b5ea89576\"\u003e\u003ccode\u003eb45219d\u003c/code\u003e\u003c/a\u003e Do not automatically trust the JWA in the JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/5c4fb4cfc6ff823744ce9db4fcf95ad058dc5efe\"\u003e\u003ccode\u003e5c4fb4c\u003c/code\u003e\u003c/a\u003e Prepare next iteration (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/646febebe8f26f353ce28e86ff9ace0bb0737314\"\u003e\u003ccode\u003e646febe\u003c/code\u003e\u003c/a\u003e Fix date for 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a93b803adc6bc698e34e3f8244b26cb8cd40bea5\"\u003e\u003ccode\u003ea93b803\u003c/code\u003e\u003c/a\u003e Prepare release of 3.1.0 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/smakthe/e-commerce-server/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/smakthe%2Fe-commerce-server/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"2.10.1","new_version":"3.1.2","update_type":"major","path":null,"pr_created_at":"2026-05-02T15:02:40.000Z","version_change":"2.10.1 → 3.1.2","issue":{"uuid":"4369241844","node_id":"PR_kwDOEkq3Oc7Xp6bf","number":669,"state":"open","title":"DEPS: Bump jwt from 2.10.1 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T15:02:40.000Z","updated_at":"2026-05-02T18:11:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"DEPS: Bump","packages":[{"name":"jwt","old_version":"2.10.1","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.1 to 3.1.2.\n- [Release notes](https://github.com/jwt/ruby-jwt/releases)\n- [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.1.2)","html_url":"https://github.com/ForgottenWorld/discourse/pull/669","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ForgottenWorld%2Fdiscourse/issues/669","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/669/packages"}},{"old_version":"2.10.2","new_version":"3.1.2","update_type":"major","path":null,"pr_created_at":"2026-04-25T11:12:54.000Z","version_change":"2.10.2 → 3.1.2","issue":{"uuid":"4327932330","node_id":"PR_kwDOSF3XhM7VlYug","number":2,"state":"closed","title":"Bump jwt from 2.10.2 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-16T11:13:05.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T11:12:54.000Z","updated_at":"2026-05-16T11:13:06.000Z","time_to_close":1814411,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 3.1.2.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire token signature to be verified before accessing payload \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/648\"\u003e#648\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for the HS512256 algorithm \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/650\"\u003e#650\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated claim verification methods \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/654\"\u003e#654\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dependency to rbnacl \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/655\"\u003e#655\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport only stricter base64 decoding (RFC 4648) \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/658\"\u003e#658\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCustom algorithms are required to include \u003ccode\u003eJWT::JWA::SigningAlgorithm\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/660\"\u003e#660\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire RSA keys to be at least 2048 bits \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/661\"\u003e#661\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBase64 encode and decode the k value for HMAC JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/662\"\u003e#662\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTake a look at the \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/UPGRADING.md\"\u003eupgrade guide\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWT::EncodedToken#verify! method that bundles signature and claim validation \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/647\"\u003e#647\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not override the alg header if already given \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/659\"\u003e#659\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/bbe7ae3786568b041f03f50cb2e48d2b964a4eb4\"\u003e\u003ccode\u003ebbe7ae3\u003c/code\u003e\u003c/a\u003e Version 3.1.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/700\"\u003e#700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/205a58d9b65ee337291eadafa274b60f71220c53\"\u003e\u003ccode\u003e205a58d\u003c/code\u003e\u003c/a\u003e Fix signing with EC JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/699\"\u003e#699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7231ef5927b4dcd3da97000b3ba3db9617255ba2\"\u003e\u003ccode\u003e7231ef5\u003c/code\u003e\u003c/a\u003e Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9524614ff5135c6fa0e876061ac9280df7c36cb7\"\u003e\u003ccode\u003e9524614\u003c/code\u003e\u003c/a\u003e Re-enable Truffleruby on the CI (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/698\"\u003e#698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ad4fc0439f7ee8a8e8b855dad54bfc5f98bfa65e\"\u003e\u003ccode\u003ead4fc04\u003c/code\u003e\u003c/a\u003e Prepare next iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/50c01e07b53ea5a33bf29ac08d6c61775b6d5d1e\"\u003e\u003ccode\u003e50c01e0\u003c/code\u003e\u003c/a\u003e Prepare 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/b45219d7c98473a1a7603d2bf5961f6b5ea89576\"\u003e\u003ccode\u003eb45219d\u003c/code\u003e\u003c/a\u003e Do not automatically trust the JWA in the JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/5c4fb4cfc6ff823744ce9db4fcf95ad058dc5efe\"\u003e\u003ccode\u003e5c4fb4c\u003c/code\u003e\u003c/a\u003e Prepare next iteration (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/646febebe8f26f353ce28e86ff9ace0bb0737314\"\u003e\u003ccode\u003e646febe\u003c/code\u003e\u003c/a\u003e Fix date for 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a93b803adc6bc698e34e3f8244b26cb8cd40bea5\"\u003e\u003ccode\u003ea93b803\u003c/code\u003e\u003c/a\u003e Prepare release of 3.1.0 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/benjo-m/cohort-api/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/benjo-m%2Fcohort-api/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"2.10.2","new_version":"3.1.2","update_type":"major","path":null,"pr_created_at":"2026-04-07T17:58:26.000Z","version_change":"2.10.2 → 3.1.2","issue":{"uuid":"4219628277","node_id":"PR_kwDOR8VvF87QlA_V","number":3,"state":"closed","title":"Bump jwt from 2.10.2 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T23:23:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-07T17:58:26.000Z","updated_at":"2026-05-19T23:23:58.000Z","time_to_close":3648330,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 3.1.2.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire token signature to be verified before accessing payload \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/648\"\u003e#648\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for the HS512256 algorithm \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/650\"\u003e#650\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated claim verification methods \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/654\"\u003e#654\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dependency to rbnacl \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/655\"\u003e#655\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport only stricter base64 decoding (RFC 4648) \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/658\"\u003e#658\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCustom algorithms are required to include \u003ccode\u003eJWT::JWA::SigningAlgorithm\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/660\"\u003e#660\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire RSA keys to be at least 2048 bits \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/661\"\u003e#661\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBase64 encode and decode the k value for HMAC JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/662\"\u003e#662\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTake a look at the \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/UPGRADING.md\"\u003eupgrade guide\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWT::EncodedToken#verify! method that bundles signature and claim validation \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/647\"\u003e#647\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not override the alg header if already given \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/659\"\u003e#659\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/bbe7ae3786568b041f03f50cb2e48d2b964a4eb4\"\u003e\u003ccode\u003ebbe7ae3\u003c/code\u003e\u003c/a\u003e Version 3.1.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/700\"\u003e#700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/205a58d9b65ee337291eadafa274b60f71220c53\"\u003e\u003ccode\u003e205a58d\u003c/code\u003e\u003c/a\u003e Fix signing with EC JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/699\"\u003e#699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7231ef5927b4dcd3da97000b3ba3db9617255ba2\"\u003e\u003ccode\u003e7231ef5\u003c/code\u003e\u003c/a\u003e Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9524614ff5135c6fa0e876061ac9280df7c36cb7\"\u003e\u003ccode\u003e9524614\u003c/code\u003e\u003c/a\u003e Re-enable Truffleruby on the CI (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/698\"\u003e#698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ad4fc0439f7ee8a8e8b855dad54bfc5f98bfa65e\"\u003e\u003ccode\u003ead4fc04\u003c/code\u003e\u003c/a\u003e Prepare next iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/50c01e07b53ea5a33bf29ac08d6c61775b6d5d1e\"\u003e\u003ccode\u003e50c01e0\u003c/code\u003e\u003c/a\u003e Prepare 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/b45219d7c98473a1a7603d2bf5961f6b5ea89576\"\u003e\u003ccode\u003eb45219d\u003c/code\u003e\u003c/a\u003e Do not automatically trust the JWA in the JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/5c4fb4cfc6ff823744ce9db4fcf95ad058dc5efe\"\u003e\u003ccode\u003e5c4fb4c\u003c/code\u003e\u003c/a\u003e Prepare next iteration (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/646febebe8f26f353ce28e86ff9ace0bb0737314\"\u003e\u003ccode\u003e646febe\u003c/code\u003e\u003c/a\u003e Fix date for 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a93b803adc6bc698e34e3f8244b26cb8cd40bea5\"\u003e\u003ccode\u003ea93b803\u003c/code\u003e\u003c/a\u003e Prepare release of 3.1.0 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/umesh1196/wedding-gallery-backend/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/umesh1196%2Fwedding-gallery-backend/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"2.10.2","new_version":"3.1.2","update_type":"major","path":null,"pr_created_at":"2026-03-30T15:37:28.000Z","version_change":"2.10.2 → 3.1.2","issue":{"uuid":"4171779293","node_id":"PR_kwDORt93SM7OqbYa","number":56,"state":"closed","title":"chore(deps): bump jwt from 2.10.2 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-12T23:14:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T15:37:28.000Z","updated_at":"2026-05-12T23:14:40.000Z","time_to_close":3742622,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 3.1.2.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire token signature to be verified before accessing payload \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/648\"\u003e#648\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for the HS512256 algorithm \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/650\"\u003e#650\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated claim verification methods \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/654\"\u003e#654\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dependency to rbnacl \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/655\"\u003e#655\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport only stricter base64 decoding (RFC 4648) \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/658\"\u003e#658\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCustom algorithms are required to include \u003ccode\u003eJWT::JWA::SigningAlgorithm\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/660\"\u003e#660\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire RSA keys to be at least 2048 bits \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/661\"\u003e#661\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBase64 encode and decode the k value for HMAC JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/662\"\u003e#662\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTake a look at the \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/UPGRADING.md\"\u003eupgrade guide\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWT::EncodedToken#verify! method that bundles signature and claim validation \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/647\"\u003e#647\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not override the alg header if already given \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/659\"\u003e#659\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/bbe7ae3786568b041f03f50cb2e48d2b964a4eb4\"\u003e\u003ccode\u003ebbe7ae3\u003c/code\u003e\u003c/a\u003e Version 3.1.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/700\"\u003e#700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/205a58d9b65ee337291eadafa274b60f71220c53\"\u003e\u003ccode\u003e205a58d\u003c/code\u003e\u003c/a\u003e Fix signing with EC JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/699\"\u003e#699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7231ef5927b4dcd3da97000b3ba3db9617255ba2\"\u003e\u003ccode\u003e7231ef5\u003c/code\u003e\u003c/a\u003e Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9524614ff5135c6fa0e876061ac9280df7c36cb7\"\u003e\u003ccode\u003e9524614\u003c/code\u003e\u003c/a\u003e Re-enable Truffleruby on the CI (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/698\"\u003e#698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ad4fc0439f7ee8a8e8b855dad54bfc5f98bfa65e\"\u003e\u003ccode\u003ead4fc04\u003c/code\u003e\u003c/a\u003e Prepare next iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/50c01e07b53ea5a33bf29ac08d6c61775b6d5d1e\"\u003e\u003ccode\u003e50c01e0\u003c/code\u003e\u003c/a\u003e Prepare 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/b45219d7c98473a1a7603d2bf5961f6b5ea89576\"\u003e\u003ccode\u003eb45219d\u003c/code\u003e\u003c/a\u003e Do not automatically trust the JWA in the JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/5c4fb4cfc6ff823744ce9db4fcf95ad058dc5efe\"\u003e\u003ccode\u003e5c4fb4c\u003c/code\u003e\u003c/a\u003e Prepare next iteration (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/646febebe8f26f353ce28e86ff9ace0bb0737314\"\u003e\u003ccode\u003e646febe\u003c/code\u003e\u003c/a\u003e Fix date for 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a93b803adc6bc698e34e3f8244b26cb8cd40bea5\"\u003e\u003ccode\u003ea93b803\u003c/code\u003e\u003c/a\u003e Prepare release of 3.1.0 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/himratesdev/himrate-platform/pull/56","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/himratesdev%2Fhimrate-platform/issues/56","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/56/packages"}},{"old_version":"2.10.2","new_version":"3.1.2","update_type":"major","path":null,"pr_created_at":"2026-03-23T11:28:09.000Z","version_change":"2.10.2 → 3.1.2","issue":{"uuid":"4120167595","node_id":"PR_kwDORuYcns7Mp3KF","number":2,"state":"closed","title":"Bump jwt from 2.10.2 to 3.1.2","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T22:21:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-23T11:28:09.000Z","updated_at":"2026-05-18T22:21:42.000Z","time_to_close":4877611,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jwt","old_version":"2.10.2","new_version":"3.1.2","repository_url":"https://github.com/jwt/ruby-jwt"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 3.1.2.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md\"\u003ejwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.2\"\u003ev3.1.2\u003c/a\u003e (2025-06-28)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.1...v3.1.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/697\"\u003e#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix signing with a EC JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/699\"\u003e#699\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.1\"\u003ev3.1.1\u003c/a\u003e (2025-06-24)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.1.0...v3.1.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFixes and enhancements:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire the algorithm to be provided when signing and verifying tokens using JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/695\"\u003e#695\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.1.0\"\u003ev3.1.0\u003c/a\u003e (2025-06-23)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v3.0.0...v3.1.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for x5t header parameter for X.509 certificate thumbprint verification \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/669\"\u003e#669\u003c/a\u003e (\u003ca href=\"https://github.com/hieuk09\"\u003e\u003ccode\u003e@​hieuk09\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise an error if the ECDSA signing or verification key is not an instance of \u003ccode\u003eOpenSSL::PKey::EC\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/688\"\u003e#688\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eOpenSSL::PKey::EC::Point\u003c/code\u003e to be used as the verification key in ECDSA \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/689\"\u003e#689\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire claims to have been verified before accessing the \u003ccode\u003eJWT::EncodedToken#payload\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/690\"\u003e#690\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport signing and verifying tokens using a JWK \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/692\"\u003e#692\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/tree/v3.0.0\"\u003ev3.0.0\u003c/a\u003e (2025-06-14)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.1...v3.0.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire token signature to be verified before accessing payload \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/648\"\u003e#648\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for the HS512256 algorithm \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/650\"\u003e#650\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated claim verification methods \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/654\"\u003e#654\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dependency to rbnacl \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/655\"\u003e#655\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport only stricter base64 decoding (RFC 4648) \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/658\"\u003e#658\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCustom algorithms are required to include \u003ccode\u003eJWT::JWA::SigningAlgorithm\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/660\"\u003e#660\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire RSA keys to be at least 2048 bits \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/661\"\u003e#661\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBase64 encode and decode the k value for HMAC JWKs \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/662\"\u003e#662\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTake a look at the \u003ca href=\"https://github.com/jwt/ruby-jwt/blob/main/UPGRADING.md\"\u003eupgrade guide\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeatures:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWT::EncodedToken#verify! method that bundles signature and claim validation \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/647\"\u003e#647\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not override the alg header if already given \u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/pull/659\"\u003e#659\u003c/a\u003e (\u003ca href=\"https://github.com/anakinj\"\u003e\u003ccode\u003e@​anakinj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/bbe7ae3786568b041f03f50cb2e48d2b964a4eb4\"\u003e\u003ccode\u003ebbe7ae3\u003c/code\u003e\u003c/a\u003e Version 3.1.2 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/700\"\u003e#700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/205a58d9b65ee337291eadafa274b60f71220c53\"\u003e\u003ccode\u003e205a58d\u003c/code\u003e\u003c/a\u003e Fix signing with EC JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/699\"\u003e#699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/7231ef5927b4dcd3da97000b3ba3db9617255ba2\"\u003e\u003ccode\u003e7231ef5\u003c/code\u003e\u003c/a\u003e Avoid using the same digest across calls (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/9524614ff5135c6fa0e876061ac9280df7c36cb7\"\u003e\u003ccode\u003e9524614\u003c/code\u003e\u003c/a\u003e Re-enable Truffleruby on the CI (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/698\"\u003e#698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/ad4fc0439f7ee8a8e8b855dad54bfc5f98bfa65e\"\u003e\u003ccode\u003ead4fc04\u003c/code\u003e\u003c/a\u003e Prepare next iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/50c01e07b53ea5a33bf29ac08d6c61775b6d5d1e\"\u003e\u003ccode\u003e50c01e0\u003c/code\u003e\u003c/a\u003e Prepare 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/b45219d7c98473a1a7603d2bf5961f6b5ea89576\"\u003e\u003ccode\u003eb45219d\u003c/code\u003e\u003c/a\u003e Do not automatically trust the JWA in the JWK (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/5c4fb4cfc6ff823744ce9db4fcf95ad058dc5efe\"\u003e\u003ccode\u003e5c4fb4c\u003c/code\u003e\u003c/a\u003e Prepare next iteration (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/646febebe8f26f353ce28e86ff9ace0bb0737314\"\u003e\u003ccode\u003e646febe\u003c/code\u003e\u003c/a\u003e Fix date for 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jwt/ruby-jwt/commit/a93b803adc6bc698e34e3f8244b26cb8cd40bea5\"\u003e\u003ccode\u003ea93b803\u003c/code\u003e\u003c/a\u003e Prepare release of 3.1.0 (\u003ca href=\"https://redirect.github.com/jwt/ruby-jwt/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jwt/ruby-jwt/compare/v2.10.2...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jwt\u0026package-manager=bundler\u0026previous-version=2.10.2\u0026new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/cesarm29/ruby_rails_hexagonal_api/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cesarm29%2Fruby_rails_hexagonal_api/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}}]}