{"id":15,"name":"rack","ecosystem":"rubygems","repository_url":"https://github.com/rack/rack","issues_count":11495,"created_at":"2025-06-06T15:01:32.379Z","updated_at":"2025-06-06T15:01:32.379Z","purl":"pkg:gem/rack","metadata":{"id":279331,"name":"rack","ecosystem":"rubygems","description":"Rack provides a minimal, modular and adaptable interface for developing\nweb applications in Ruby. By wrapping HTTP requests and responses in\nthe simplest way possible, it unifies and distills the API for web\nservers, web frameworks, and software in between (the so-called\nmiddleware) into a single method call.\n","homepage":"https://github.com/rack/rack","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/rack/rack","keywords_array":[],"namespace":null,"versions_count":160,"first_release_published_at":"2009-07-25T18:02:13.000Z","latest_release_published_at":"2025-06-04T22:28:38.984Z","latest_release_number":"3.1.16","last_synced_at":"2025-06-06T01:06:37.540Z","created_at":"2022-04-06T07:59:21.301Z","updated_at":"2025-06-06T17:00:22.842Z","registry_url":"https://rubygems.org/gems/rack","install_command":"gem install rack -s https://rubygems.org","documentation_url":"http://www.rubydoc.info/gems/rack/","metadata":{"funding":null},"repo_metadata":{"id":471102,"uuid":"96071","full_name":"rack/rack","owner":"rack","description":"A modular Ruby web server interface.","archived":false,"fork":false,"pushed_at":"2025-06-03T02:01:08.000Z","size":10397,"stargazers_count":4999,"open_issues_count":20,"forks_count":1646,"subscribers_count":160,"default_branch":"main","last_synced_at":"2025-06-04T02:28:59.294Z","etag":null,"topics":["rack","ruby","web"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"MIT-LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2008-12-24T03:03:12.000Z","updated_at":"2025-06-03T19:05:33.000Z","dependencies_parsed_at":"2023-07-05T14:56:26.099Z","dependency_job_id":"6440b9dc-988a-4040-ae84-aebeb15e21c8","html_url":"https://github.com/rack/rack","commit_stats":{"total_commits":2694,"total_committers":544,"mean_commits":4.952205882352941,"dds":0.902746844840386,"last_synced_commit":"49d4ed033f9c6d0bdba7b2a181437589049dbf7f"},"previous_names":[],"tags_count":156,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack","download_url":"https://codeload.github.com/rack/rack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":258301245,"owners_count":22680172,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"rack","name":"Official Rack repositories","uuid":"42379","kind":"organization","description":null,"email":null,"website":"http://rack.github.com","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/42379?v=4","repositories_count":10,"last_synced_at":"2024-03-25T19:32:49.958Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/rack","funding_links":[],"total_stars":12549,"followers":47,"following":0,"created_at":"2022-11-02T16:17:24.220Z","updated_at":"2024-03-25T19:32:56.784Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack/repositories"},"tags":[{"name":"v2.2.17","sha":"9163ac3f5fac795179f9935e2ba6533a0ca1cf82","kind":"tag","published_at":"2025-06-03T01:57:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.17","html_url":"https://github.com/rack/rack/releases/tag/v2.2.17","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.17/manifests"},{"name":"v3.0.18","sha":"e95f187b11c5f342d2de00a38ce10bc7ad435409","kind":"tag","published_at":"2025-05-22T06:06:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.18","html_url":"https://github.com/rack/rack/releases/tag/v3.0.18","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.18/manifests"},{"name":"v2.2.16","sha":"2a32ecaaa8460a9af9963ee46ba04afbd1b47220","kind":"tag","published_at":"2025-05-22T05:33:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.16","html_url":"https://github.com/rack/rack/releases/tag/v2.2.16","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.16/manifests"},{"name":"v3.1.15","sha":"835e15bf9e51846471e3da63ce474f6836ebd203","kind":"tag","published_at":"2025-05-18T02:39:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.15","html_url":"https://github.com/rack/rack/releases/tag/v3.1.15","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.15/manifests"},{"name":"v3.0.17","sha":"29094bd481b7849b1dd44423ac9ff22b225f52bf","kind":"tag","published_at":"2025-05-18T02:38:35.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.17","html_url":"https://github.com/rack/rack/releases/tag/v3.0.17","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.17/manifests"},{"name":"v2.2.15","sha":"d2b6af2062a4687f928491f801984b948a63ecbb","kind":"tag","published_at":"2025-05-18T02:37:23.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.15","html_url":"https://github.com/rack/rack/releases/tag/v2.2.15","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.15/manifests"},{"name":"v3.1.14","sha":"5440b2c8b006f1c2ef202c2bd60dd70924c9b1c1","kind":"tag","published_at":"2025-05-06T21:35:14.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.14","html_url":"https://github.com/rack/rack/releases/tag/v3.1.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.14/manifests"},{"name":"v3.0.16","sha":"5a1591960cbe28ed87e7fe5e00cbb7d6524f593b","kind":"tag","published_at":"2025-05-06T21:34:09.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.16","html_url":"https://github.com/rack/rack/releases/tag/v3.0.16","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.16/manifests"},{"name":"v2.2.14","sha":"d0dcf75706d72d7e874ee31934a97881c1a439ce","kind":"tag","published_at":"2025-05-06T21:33:05.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.14","html_url":"https://github.com/rack/rack/releases/tag/v2.2.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.14/manifests"},{"name":"v3.1.13","sha":"037953789da9cd49c4a3453ade6ede13619276e0","kind":"tag","published_at":"2025-04-13T12:27:44.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.13","html_url":"https://github.com/rack/rack/releases/tag/v3.1.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.13/manifests"},{"name":"v3.0.15","sha":"9413a87c2a88203ad06955aea29ede2d1f39526a","kind":"tag","published_at":"2025-04-13T12:19:23.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.15","html_url":"https://github.com/rack/rack/releases/tag/v3.0.15","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.15/manifests"},{"name":"v3.1.12","sha":"e8f47608668d507e0f231a932fa37c9ca551c0a5","kind":"tag","published_at":"2025-03-10T21:22:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.12","html_url":"https://github.com/rack/rack/releases/tag/v3.1.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.12/manifests"},{"name":"v3.0.14","sha":"340cd1f11f9d6c16c0c50bba2be0062aa661baf0","kind":"tag","published_at":"2025-03-10T21:20:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.14","html_url":"https://github.com/rack/rack/releases/tag/v3.0.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.14/manifests"},{"name":"v2.2.13","sha":"df6c47357f6c6bec2d585f45f417285d813d9b3a","kind":"tag","published_at":"2025-03-10T21:18:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.13","html_url":"https://github.com/rack/rack/releases/tag/v2.2.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.13/manifests"},{"name":"v2.2.12","sha":"78296637d7b35dcd357a64e8c76bd7f664c1cdbf","kind":"tag","published_at":"2025-03-04T05:45:05.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.12","html_url":"https://github.com/rack/rack/releases/tag/v2.2.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.12/manifests"},{"name":"v3.0.13","sha":"ef96f4aa2f6f670233eca3e9bc780809914dd93b","kind":"tag","published_at":"2025-03-04T05:37:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.13","html_url":"https://github.com/rack/rack/releases/tag/v3.0.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.13/manifests"},{"name":"v3.1.11","sha":"c827c3324827f3aefe73f0800d1a717c0c15537b","kind":"tag","published_at":"2025-03-04T05:36:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.11","html_url":"https://github.com/rack/rack/releases/tag/v3.1.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.11/manifests"},{"name":"v2.2.11","sha":"aa5a0f532aac7a57e4bc7e857eca1c38229f7b30","kind":"tag","published_at":"2025-02-12T03:54:10.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.11","html_url":"https://github.com/rack/rack/releases/tag/v2.2.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.11/manifests"},{"name":"v3.0.12","sha":"545951332eb66efb8e61ed51cb16c95443d85dc6","kind":"tag","published_at":"2025-02-12T03:32:58.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.12","html_url":"https://github.com/rack/rack/releases/tag/v3.0.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.12/manifests"},{"name":"v3.1.10","sha":"03494889c72513eee24a3fc715eb34869a7d4c88","kind":"tag","published_at":"2025-02-12T03:29:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.10","html_url":"https://github.com/rack/rack/releases/tag/v3.1.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.10/manifests"},{"name":"v3.1.9","sha":"e217a399eb116362710aac7c5b8dc691ea2189b3","kind":"tag","published_at":"2025-01-30T22:38:55.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.9","html_url":"https://github.com/rack/rack/releases/tag/v3.1.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.9/manifests"},{"name":"v3.1.8","sha":"0eabeb73b3fb590e187dacfd9a890fbb7ffb9477","kind":"tag","published_at":"2024-10-14T01:51:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.8","html_url":"https://github.com/rack/rack/releases/tag/v3.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.8/manifests"},{"name":"v2.2.10","sha":"14c9dec60bb4a1c5b848d829d5a0a6572b63293b","kind":"tag","published_at":"2024-10-14T01:47:19.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.10","html_url":"https://github.com/rack/rack/releases/tag/v2.2.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.10/manifests"},{"name":"v3.1.7","sha":"4bb2f723fa103de1351acd6a53d1889fd5578848","kind":"tag","published_at":"2024-07-11T01:45:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.7","html_url":"https://github.com/rack/rack/releases/tag/v3.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.7/manifests"},{"name":"v3.1.6","sha":"98aa9474180a09d722e7e1d8e75eb683be787b3c","kind":"tag","published_at":"2024-07-02T15:30:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.6","html_url":"https://github.com/rack/rack/releases/tag/v3.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.6/manifests"},{"name":"v3.1.5","sha":"3620bb1d140da996a95d941c64eda5dd7b54ed47","kind":"tag","published_at":"2024-07-02T06:41:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.5","html_url":"https://github.com/rack/rack/releases/tag/v3.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.5/manifests"},{"name":"v3.1.4","sha":"c108f08f23e9df8b2f741390a847cddb038e5f9a","kind":"tag","published_at":"2024-06-22T10:00:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.4","html_url":"https://github.com/rack/rack/releases/tag/v3.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.4/manifests"},{"name":"v3.1.3","sha":"e2020c155201e48dfcd87cd1d9cfa1b439fb66be","kind":"tag","published_at":"2024-06-12T07:24:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.3","html_url":"https://github.com/rack/rack/releases/tag/v3.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.3/manifests"},{"name":"v3.1.2","sha":"d43ab86513818c04dc27e89c6e426c12dfb05835","kind":"commit","published_at":"2024-06-11T20:38:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.2","html_url":"https://github.com/rack/rack/releases/tag/v3.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.2/manifests"},{"name":"v3.1.1","sha":"899a415498c591ece9dc28bcb78cd9e2b3ab776d","kind":"tag","published_at":"2024-06-11T20:02:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.1","html_url":"https://github.com/rack/rack/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"606365ba1353cbffdf94422c20166dc2e6d6286d","kind":"tag","published_at":"2024-06-11T05:49:54.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.0","html_url":"https://github.com/rack/rack/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.0/manifests"},{"name":"v2.2.9","sha":"b1deebdc0a4f61cc141cece5a911917ff1e4b901","kind":"tag","published_at":"2024-03-21T01:18:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.9","html_url":"https://github.com/rack/rack/releases/tag/v2.2.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.9/manifests"},{"name":"v3.0.10","sha":"d3c545e69d58e588622bcf9b1ab9f971b8a02112","kind":"tag","published_at":"2024-03-20T21:56:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.10","html_url":"https://github.com/rack/rack/releases/tag/v3.0.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.10/manifests"},{"name":"v3.0.9.1","sha":"a4bc5e0f41c750135969ceece8772ab112dc8f17","kind":"tag","published_at":"2024-02-21T19:23:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.9.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9.1/manifests"},{"name":"v2.2.8.1","sha":"e83001100ad9dd24e1744b13669dcb2736a13ebd","kind":"tag","published_at":"2024-02-21T19:22:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.8.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8.1/manifests"},{"name":"v2.1.4.4","sha":"c465c6389cc56ffdfa30718e490f31bcc2efbfc9","kind":"tag","published_at":"2024-02-21T19:21:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.4","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.4/manifests"},{"name":"v2.0.9.4","sha":"8eb8bc6c7c4d3dd912d169c850fe2695d1728555","kind":"tag","published_at":"2024-02-21T19:20:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.4","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.4/manifests"},{"name":"v3.0.9","sha":"0b3f997e7bb14c1dc42130e1eb50e62797d8c039","kind":"tag","published_at":"2024-01-31T07:51:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.9","html_url":"https://github.com/rack/rack/releases/tag/v3.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9/manifests"},{"name":"v2.2.8","sha":"f169ff75b0a0b84c031960ffc5fcd0414eb64a2e","kind":"tag","published_at":"2023-07-31T02:43:28.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.8","html_url":"https://github.com/rack/rack/releases/tag/v2.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8/manifests"},{"name":"v3.0.8","sha":"d28c464bcb55a9e26b9a9656e4ba484d327515ed","kind":"tag","published_at":"2023-06-14T02:01:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.8","html_url":"https://github.com/rack/rack/releases/tag/v3.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.8/manifests"},{"name":"v2.2.7","sha":"983b6e3b29a2048a86518c008fc46f4c86105683","kind":"tag","published_at":"2023-04-24T23:22:06.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.7","html_url":"https://github.com/rack/rack/releases/tag/v2.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.7/manifests"},{"name":"v3.0.7","sha":"2429b7ba38e402fc2e29405cab69395134020aed","kind":"tag","published_at":"2023-03-16T02:22:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.7","html_url":"https://github.com/rack/rack/releases/tag/v3.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.7/manifests"},{"name":"v2.2.6.4","sha":"27addc7f1ae290b6b84c1c351e5b6d75a05bb40b","kind":"tag","published_at":"2023-03-13T18:08:04.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.4","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.4/manifests"},{"name":"v3.0.6.1","sha":"098d8e12c1553411ee198d7890c1fd9f1e8cf979","kind":"tag","published_at":"2023-03-13T18:07:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.6.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6.1/manifests"},{"name":"v3.0.6","sha":"e9e9ae663d83f142d7666aee49622287828fa06f","kind":"tag","published_at":"2023-03-13T05:59:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.6","html_url":"https://github.com/rack/rack/releases/tag/v3.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6/manifests"},{"name":"v3.0.5","sha":"9f8ba5e1fdf860338af7a65519278b32de00f516","kind":"tag","published_at":"2023-03-12T06:27:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.5","html_url":"https://github.com/rack/rack/releases/tag/v3.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.5/manifests"},{"name":"v3.0.4.2","sha":"5c18f306ef0d26917d490aa1f686dd68de738384","kind":"tag","published_at":"2023-03-02T22:56:37.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4.2","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.2/manifests"},{"name":"v2.2.6.3","sha":"d6b5b2bab88f458fb048133604faebea952d8133","kind":"tag","published_at":"2023-03-02T22:56:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.3","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.3/manifests"},{"name":"v2.1.4.3","sha":"7bdc55dd21ec76811ad74c1ae14c1588d2f2ca49","kind":"tag","published_at":"2023-03-02T22:55:31.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.3","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.3/manifests"},{"name":"v2.0.9.3","sha":"9996d403584fb7609708f582f7647868b4444949","kind":"tag","published_at":"2023-03-02T22:54:34.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.3","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.3/manifests"},{"name":"v3.0.4.1","sha":"d1b4c2d82ac5444228d30e66f38156f7046b4296","kind":"tag","published_at":"2023-01-17T21:27:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.1/manifests"},{"name":"v2.1.4.2","sha":"8b8efd9591876cb6d40b3120388a8b9a0e083777","kind":"tag","published_at":"2023-01-17T21:26:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.2","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.2/manifests"},{"name":"v2.0.9.2","sha":"d573159067d8dc64db97beff67621654754e86f2","kind":"tag","published_at":"2023-01-17T21:26:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.2","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.2/manifests"},{"name":"v2.2.6.2","sha":"2606ac5d5d180c00a8cbcaa4d634276bab06500e","kind":"tag","published_at":"2023-01-17T21:22:10.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.2","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.2/manifests"},{"name":"v2.2.6.1","sha":"20bc90c2431d7fabcd1873410543cf3d72f65004","kind":"tag","published_at":"2023-01-17T21:21:54.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.1/manifests"},{"name":"v3.0.4","sha":"9a2f06e7c20ca89b9e12b305bbd21901bd106d1e","kind":"tag","published_at":"2023-01-16T22:40:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4/manifests"},{"name":"v2.2.6","sha":"ea39e49442e0008bfce4ad628ce52a4be2a20b5b","kind":"tag","published_at":"2023-01-16T21:04:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6/manifests"},{"name":"v3.0.3","sha":"081ae02a1e3fbd925c1dc85d6c4d91d09ca29514","kind":"tag","published_at":"2022-12-26T20:20:01.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.3","html_url":"https://github.com/rack/rack/releases/tag/v3.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.3/manifests"},{"name":"v2.2.5","sha":"8312a2fd6aee0950d7b2deb548aaf600cb871d80","kind":"tag","published_at":"2022-12-26T20:19:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.5","html_url":"https://github.com/rack/rack/releases/tag/v2.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.5/manifests"},{"name":"v3.0.2","sha":"dcbda319d807baab594820da58cf7bbf44702d1b","kind":"tag","published_at":"2022-12-05T05:12:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.2","html_url":"https://github.com/rack/rack/releases/tag/v3.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.2/manifests"},{"name":"v3.0.1","sha":"87984bf621be18c028a96f416bb222c68c8ae14c","kind":"tag","published_at":"2022-11-18T20:59:17.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.1/manifests"},{"name":"3.0.0","sha":"52901caf09ebcda879512a8605059963a49df55d","kind":"tag","published_at":"2022-09-06T16:28:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0","html_url":"https://github.com/rack/rack/releases/tag/3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0/manifests"},{"name":"3.0.0.rc1","sha":"12742a0610806acb769be67fd6c27fdc6c0ee593","kind":"tag","published_at":"2022-09-04T23:51:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0.rc1","html_url":"https://github.com/rack/rack/releases/tag/3.0.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.rc1/manifests"},{"name":"3.0.0.beta1","sha":"572a42a705b423ce98ef4e81435d4f60fb0ae53d","kind":"tag","published_at":"2022-08-08T20:34:36.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0.beta1","html_url":"https://github.com/rack/rack/releases/tag/3.0.0.beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.beta1/manifests"},{"name":"2.2.4","sha":"abca7d59c566320f1b60d1f5224beac9d201fa3b","kind":"tag","published_at":"2022-06-30T22:19:37.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.4","html_url":"https://github.com/rack/rack/releases/tag/2.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.4/manifests"},{"name":"2.2.3.1","sha":"925a4a6599ab26b4f3455b525393fe155d443655","kind":"tag","published_at":"2022-05-27T15:30:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.3.1","html_url":"https://github.com/rack/rack/releases/tag/2.2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3.1/manifests"},{"name":"2.1.4.1","sha":"374f89aaa9ee5dc1de0802bfecce988cabfa3ead","kind":"tag","published_at":"2022-05-27T15:29:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.4.1","html_url":"https://github.com/rack/rack/releases/tag/2.1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4.1/manifests"},{"name":"2.0.9.1","sha":"f9cc7c2ae161820e36635734cff6e932d99e6aa8","kind":"tag","published_at":"2022-05-27T15:29:26.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.9.1","html_url":"https://github.com/rack/rack/releases/tag/2.0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9.1/manifests"},{"name":"2.1.4","sha":"52808700e0ade4225625c6729529e13a6b31cc2f","kind":"tag","published_at":"2020-06-15T22:23:25.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.4","html_url":"https://github.com/rack/rack/releases/tag/2.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4/manifests"},{"name":"2.2.3","sha":"1741c580d71cfca8e541e96cc372305c8892ee74","kind":"tag","published_at":"2020-06-15T22:23:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.3","html_url":"https://github.com/rack/rack/releases/tag/2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3/manifests"},{"name":"2.1.3","sha":"b9b8652334e833e32b5fb8627463632867b5d6a8","kind":"tag","published_at":"2020-05-12T21:43:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.3","html_url":"https://github.com/rack/rack/releases/tag/2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.3/manifests"},{"name":"v2.2.2","sha":"a5e80f01947954af76b14c1d1fdd8e79dd8337f3","kind":"tag","published_at":"2020-02-10T22:24:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.2","html_url":"https://github.com/rack/rack/releases/tag/v2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.2/manifests"},{"name":"v2.2.1","sha":"961d9761bcb2bee17c80bba8b7bc9e285086d6c4","kind":"tag","published_at":"2020-02-09T06:19:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.1/manifests"},{"name":"2.2.0","sha":"39d501a28c1fe51284addfe6dacffafb69d49849","kind":"tag","published_at":"2020-02-08T18:25:48.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.0","html_url":"https://github.com/rack/rack/releases/tag/2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.0/manifests"},{"name":"2.0.9","sha":"85684323f8f58409e717af91e446d257d496f8b8","kind":"tag","published_at":"2020-02-08T18:21:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.9","html_url":"https://github.com/rack/rack/releases/tag/2.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9/manifests"},{"name":"1.6.13","sha":"47a1fd73fc77f094573f4215b0fc884f4ac1c03c","kind":"tag","published_at":"2020-02-08T18:19:31.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.13","html_url":"https://github.com/rack/rack/releases/tag/1.6.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.13/manifests"},{"name":"2.1.2","sha":"16a51d8e0b64964323c3719b8154106af5cc0feb","kind":"tag","published_at":"2020-01-27T22:42:13.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.2","html_url":"https://github.com/rack/rack/releases/tag/2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.2/manifests"},{"name":"2.1.1","sha":"799a520a015de5938bc01faa8e90b76589c6e7d3","kind":"tag","published_at":"2020-01-11T22:18:02.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.1","html_url":"https://github.com/rack/rack/releases/tag/2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.1/manifests"},{"name":"2.1.0","sha":"879ae7163a399a9ed36d876668f4ecae4ae8b9e4","kind":"tag","published_at":"2020-01-10T17:48:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.0","html_url":"https://github.com/rack/rack/releases/tag/2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.0/manifests"},{"name":"1.6.12","sha":"de902e48d1c971fe145002039121afb69e10af5a","kind":"tag","published_at":"2019-12-18T18:05:59.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.12","html_url":"https://github.com/rack/rack/releases/tag/1.6.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.12/manifests"},{"name":"2.0.8","sha":"e7ee459546d217f32afc83e0b168c5eb9f95d784","kind":"tag","published_at":"2019-12-18T18:05:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.8","html_url":"https://github.com/rack/rack/releases/tag/2.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.8/manifests"},{"name":"2.0.7","sha":"7fb95dbec28dc70f3cfbba0a684db0735d8ab2ca","kind":"tag","published_at":"2019-04-02T16:53:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.7","html_url":"https://github.com/rack/rack/releases/tag/2.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.7/manifests"},{"name":"1.6.11","sha":"2bef132505cb2f80c432e3f4526dfef969cd2e25","kind":"tag","published_at":"2018-11-05T19:57:47.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.11","html_url":"https://github.com/rack/rack/releases/tag/1.6.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.11/manifests"},{"name":"2.0.6","sha":"8376dd11e6526a53432ee59b7a5d092bda9fc901","kind":"tag","published_at":"2018-11-05T19:29:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.6","html_url":"https://github.com/rack/rack/releases/tag/2.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.6/manifests"},{"name":"1.6.10","sha":"fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77","kind":"commit","published_at":"2018-04-23T17:50:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.10","html_url":"https://github.com/rack/rack/releases/tag/1.6.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.10/manifests"},{"name":"2.0.5","sha":"decd97682ec4c6345fe359b6a1d3c51e5fbdce5b","kind":"commit","published_at":"2018-04-23T17:44:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.5","html_url":"https://github.com/rack/rack/releases/tag/2.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.5/manifests"},{"name":"1.6.9","sha":"617aac0fb89f25603afc2b6497fdc3333354aee5","kind":"tag","published_at":"2018-02-28T18:51:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.9","html_url":"https://github.com/rack/rack/releases/tag/1.6.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.9/manifests"},{"name":"2.0.4","sha":"0a95875745ec65e91a57460a41373ae4d3a94934","kind":"commit","published_at":"2018-01-31T18:16:21.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.4","html_url":"https://github.com/rack/rack/releases/tag/2.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.4/manifests"},{"name":"1.6.8","sha":"90afdf309b4c0665f542579a21fbd1c285d05083","kind":"tag","published_at":"2017-05-16T21:28:21.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.8","html_url":"https://github.com/rack/rack/releases/tag/1.6.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.8/manifests"},{"name":"2.0.3","sha":"6a5f356cc12e5801843fbd95ecc603416c901cf3","kind":"commit","published_at":"2017-05-15T16:49:24.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.3","html_url":"https://github.com/rack/rack/releases/tag/2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.3/manifests"},{"name":"1.6.7","sha":"51e8891e4807495d972fcba9832c4fdb30d37b50","kind":"commit","published_at":"2017-05-15T16:45:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.7","html_url":"https://github.com/rack/rack/releases/tag/1.6.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.7/manifests"},{"name":"2.0.2","sha":"620766d061975a67f80fa5dc3887563c1563a64d","kind":"commit","published_at":"2017-05-08T17:03:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.2","html_url":"https://github.com/rack/rack/releases/tag/2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.2/manifests"},{"name":"1.6.6","sha":"2ed117a11a8ed0455260b10f6696d4d3919f7dc5","kind":"commit","published_at":"2017-05-08T17:02:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.6","html_url":"https://github.com/rack/rack/releases/tag/1.6.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.6/manifests"},{"name":"1.6.5","sha":"1886a60e9b96c2a4106fd89eb41dc817696c6369","kind":"commit","published_at":"2016-11-10T21:51:57.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.5","html_url":"https://github.com/rack/rack/releases/tag/1.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.5/manifests"},{"name":"2.0.1","sha":"25a549883b85fb33970b4a1530a365c0c9e51f95","kind":"tag","published_at":"2016-06-30T17:34:34.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.1","html_url":"https://github.com/rack/rack/releases/tag/2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.1/manifests"},{"name":"2.0.0","sha":"1a408687493175250408fe87c5046bf1adfa6386","kind":"tag","published_at":"2016-06-30T15:39:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0","html_url":"https://github.com/rack/rack/releases/tag/2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0/manifests"},{"name":"2.0.0.rc1","sha":"9073125f71afd615091f575d74ec468a0b1b79bf","kind":"commit","published_at":"2016-05-06T20:51:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0.rc1","html_url":"https://github.com/rack/rack/releases/tag/2.0.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.rc1/manifests"},{"name":"2.0.0.alpha","sha":"f4562619c3c669404e39d9b09924bed5a6b71c14","kind":"commit","published_at":"2015-12-17T21:28:44.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0.alpha","html_url":"https://github.com/rack/rack/releases/tag/2.0.0.alpha","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.alpha","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.alpha/manifests"},{"name":"1.6.4","sha":"ee18520bd9894e68a5d2b26c82835c2e67a43a8b","kind":"commit","published_at":"2015-06-18T21:51:01.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.4","html_url":"https://github.com/rack/rack/releases/tag/1.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.4/manifests"},{"name":"1.4.7","sha":"f5c09684fb93dbe76d7b9d0a0411d32ba5d66d04","kind":"commit","published_at":"2015-06-18T21:11:28.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.7","html_url":"https://github.com/rack/rack/releases/tag/1.4.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.7/manifests"},{"name":"1.5.5","sha":"e7e064611e1004ec62b593ec993a06d967d6c72e","kind":"commit","published_at":"2015-06-18T18:45:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.5","html_url":"https://github.com/rack/rack/releases/tag/1.5.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.5/manifests"},{"name":"1.6.3","sha":"134d6218d0881d87ae6a522e88eafbddb6cd1bb7","kind":"commit","published_at":"2015-06-18T18:40:38.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.3","html_url":"https://github.com/rack/rack/releases/tag/1.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.3/manifests"},{"name":"1.4.6","sha":"e4f4df517b73ee4e7d365891f4ac2fb6a09a026c","kind":"commit","published_at":"2015-06-16T20:46:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.6","html_url":"https://github.com/rack/rack/releases/tag/1.4.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.6/manifests"},{"name":"1.5.4","sha":"90e627ab60d4df281206621a34271a9867a84fc7","kind":"commit","published_at":"2015-06-16T14:56:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.4","html_url":"https://github.com/rack/rack/releases/tag/1.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.4/manifests"},{"name":"1.6.2","sha":"90d7d2a8f7ab50cb80adcc05a7fcdd1dfa60f2ad","kind":"commit","published_at":"2015-06-12T18:40:36.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.2","html_url":"https://github.com/rack/rack/releases/tag/1.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.2/manifests"},{"name":"1.5.3","sha":"14e139c4a87c2e1a94dd3e305d6f485a19719855","kind":"commit","published_at":"2015-05-06T18:42:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.3","html_url":"https://github.com/rack/rack/releases/tag/1.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.3/manifests"},{"name":"1.6.1","sha":"08e62f29164505e50f3b3acc09e4c67a843e0172","kind":"commit","published_at":"2015-05-06T18:36:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.1","html_url":"https://github.com/rack/rack/releases/tag/1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.1/manifests"},{"name":"1.6.0","sha":"65a7104b6b3e9ecd8f33c63a478ab9a33a103507","kind":"tag","published_at":"2014-12-18T22:44:42.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0","html_url":"https://github.com/rack/rack/releases/tag/1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0/manifests"},{"name":"1.6.0.beta2","sha":"8cb9b65b4e7c7157aba0f5421e59c70411c919cf","kind":"tag","published_at":"2014-11-27T18:51:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0.beta2","html_url":"https://github.com/rack/rack/releases/tag/1.6.0.beta2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta2/manifests"},{"name":"1.6.0.beta","sha":"e4e4c397e89c026f9c23500cf7fc14ccdb756010","kind":"tag","published_at":"2014-08-18T18:28:57.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0.beta","html_url":"https://github.com/rack/rack/releases/tag/1.6.0.beta","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta/manifests"},{"name":"1.5.2","sha":"ac590d055c936bb9a618e955a690dc836c625211","kind":"tag","published_at":"2013-02-08T03:13:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.2","html_url":"https://github.com/rack/rack/releases/tag/1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.2/manifests"},{"name":"1.4.5","sha":"9939d40a5e23dcb058751d1029b794aa2f551900","kind":"tag","published_at":"2013-02-08T03:12:48.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.5","html_url":"https://github.com/rack/rack/releases/tag/1.4.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.5/manifests"},{"name":"1.3.10","sha":"a176b537d9e083033819efbafac3271bbbde23fb","kind":"tag","published_at":"2013-02-08T03:10:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.10","html_url":"https://github.com/rack/rack/releases/tag/1.3.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.10/manifests"},{"name":"1.2.8","sha":"ba8c6c2b3a5d03675ce7efc0e2308225809a74b8","kind":"tag","published_at":"2013-02-08T03:09:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.8","html_url":"https://github.com/rack/rack/releases/tag/1.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.8/manifests"},{"name":"1.1.6","sha":"0232e227b1cf3e67fbb82b2198311fa8ca618fbd","kind":"tag","published_at":"2013-02-08T03:08:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.6","html_url":"https://github.com/rack/rack/releases/tag/1.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.6/manifests"},{"name":"1.5.1","sha":"42b11a7fb918127143ca570af9930b2e7ef7222c","kind":"tag","published_at":"2013-01-28T22:51:59.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.1","html_url":"https://github.com/rack/rack/releases/tag/1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.1/manifests"},{"name":"1.5.0","sha":"0cba6a4d5aeb1ac8768b6ca36320731487fb596b","kind":"tag","published_at":"2013-01-22T07:36:55.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.0","html_url":"https://github.com/rack/rack/releases/tag/1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.0/manifests"},{"name":"1.4.4","sha":"ffbdb982a731df7c5b166354a09a3d239f7b18c8","kind":"tag","published_at":"2013-01-13T22:07:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.4","html_url":"https://github.com/rack/rack/releases/tag/1.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.4/manifests"},{"name":"1.3.9","sha":"8ded2f72dce26a4f3e45ce810b8670e455c5ae9a","kind":"tag","published_at":"2013-01-13T22:06:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.9","html_url":"https://github.com/rack/rack/releases/tag/1.3.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.9/manifests"},{"name":"1.2.7","sha":"22ef9e18198eaa4cb7c6c38df296a2fa7c5d8581","kind":"tag","published_at":"2013-01-13T22:04:42.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.7","html_url":"https://github.com/rack/rack/releases/tag/1.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.7/manifests"},{"name":"1.1.5","sha":"966df947b0e826610409c63cdbff7ee325875393","kind":"tag","published_at":"2013-01-13T22:03:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.5","html_url":"https://github.com/rack/rack/releases/tag/1.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.5/manifests"},{"name":"1.4.3","sha":"55ea327306f9eb1fdc206e8f04c3c0e234591560","kind":"tag","published_at":"2013-01-07T18:49:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.3","html_url":"https://github.com/rack/rack/releases/tag/1.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.3/manifests"},{"name":"1.3.8","sha":"231d1a9d482695c8e93ed043c39473228fb4406d","kind":"tag","published_at":"2013-01-07T18:48:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.8","html_url":"https://github.com/rack/rack/releases/tag/1.3.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.8/manifests"},{"name":"1.4.2","sha":"15c0365365a1719eb70c45a2a5a92b4afb610d5a","kind":"tag","published_at":"2013-01-07T02:42:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.2","html_url":"https://github.com/rack/rack/releases/tag/1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.2/manifests"},{"name":"1.3.7","sha":"d711ed8e997884be06d3e64372c04df2402ca469","kind":"tag","published_at":"2013-01-07T02:41:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.7","html_url":"https://github.com/rack/rack/releases/tag/1.3.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.7/manifests"},{"name":"1.2.6","sha":"14c61738615efab12804b693891088aa72b10616","kind":"tag","published_at":"2013-01-07T02:38:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.6","html_url":"https://github.com/rack/rack/releases/tag/1.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.6/manifests"},{"name":"1.1.4","sha":"87e39bae4fdd43bf3b98ea820c13fe8c451b1cc4","kind":"tag","published_at":"2013-01-07T02:21:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.4","html_url":"https://github.com/rack/rack/releases/tag/1.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.4/manifests"},{"name":"test","sha":"87e39bae4fdd43bf3b98ea820c13fe8c451b1cc4","kind":"tag","published_at":"2013-01-07T02:13:13.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/test","html_url":"https://github.com/rack/rack/releases/tag/test","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/test","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/test/manifests"},{"name":"1.4.1","sha":"7d3c3fda71b2e5ad1f7d36c3c65b8413a2f3075b","kind":"tag","published_at":"2012-01-23T06:51:24.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.1","html_url":"https://github.com/rack/rack/releases/tag/1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.1/manifests"},{"name":"1.4.0","sha":"e932c585dd1c97e504697c41ce9a4d638275ae02","kind":"tag","published_at":"2011-12-28T02:56:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.0","html_url":"https://github.com/rack/rack/releases/tag/1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.0/manifests"},{"name":"1.3.6","sha":"341426fe1f1635f627fe6e18a09d09158351cb4a","kind":"tag","published_at":"2011-12-28T02:52:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.6","html_url":"https://github.com/rack/rack/releases/tag/1.3.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.6/manifests"},{"name":"1.2.5","sha":"e646792deb634132ceb9cd046df6b1b257ced099","kind":"tag","published_at":"2011-12-28T02:48:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.5","html_url":"https://github.com/rack/rack/releases/tag/1.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.5/manifests"},{"name":"1.1.3","sha":"44cbb9a570f0b31ad6b0d6ee6e0e405843b65385","kind":"tag","published_at":"2011-12-28T02:36:14.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.3","html_url":"https://github.com/rack/rack/releases/tag/1.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.3/manifests"},{"name":"1.3.5","sha":"d4f1d3583ea6938310b9215a60a1749ec4c88374","kind":"tag","published_at":"2011-10-18T05:33:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.5","html_url":"https://github.com/rack/rack/releases/tag/1.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.5/manifests"},{"name":"1.3.4","sha":"af62b15bb6649c392506f08721d177ffcd154ecc","kind":"tag","published_at":"2011-10-01T20:48:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.4","html_url":"https://github.com/rack/rack/releases/tag/1.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.4/manifests"},{"name":"1.3.3","sha":"698ec56418945e541d68af2cc81f56f35979859c","kind":"tag","published_at":"2011-09-17T00:03:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.3","html_url":"https://github.com/rack/rack/releases/tag/1.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.3/manifests"},{"name":"1.2.4","sha":"fccbe7ce4bb9409fdbb16e2e56828d9096695266","kind":"tag","published_at":"2011-09-17T00:02:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.4","html_url":"https://github.com/rack/rack/releases/tag/1.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.4/manifests"},{"name":"1.3.2","sha":"e804f5c5ae76626d6905010c8cad65e8847f220b","kind":"commit","published_at":"2011-07-16T21:45:19.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.2","html_url":"https://github.com/rack/rack/releases/tag/1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.2/manifests"},{"name":"1.3.1","sha":"f1d5fc34c54aeb9c936d5cb4951f6e47a496d735","kind":"commit","published_at":"2011-07-13T23:13:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.1","html_url":"https://github.com/rack/rack/releases/tag/1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.1/manifests"},{"name":"1.2.3","sha":"d2bc128f588942a5c2a724d815f180a05274d17e","kind":"tag","published_at":"2011-05-23T07:42:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.3","html_url":"https://github.com/rack/rack/releases/tag/1.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.3/manifests"},{"name":"1.3.0","sha":"a50dda57c1426b6b38ed06fa08cab154285c8057","kind":"tag","published_at":"2011-05-23T06:07:38.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0","html_url":"https://github.com/rack/rack/releases/tag/1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0/manifests"},{"name":"1.3.0.beta2","sha":"1e99b9bcc7e9519d32e028fb1f24d6ef3b34b597","kind":"commit","published_at":"2011-05-19T17:10:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0.beta2","html_url":"https://github.com/rack/rack/releases/tag/1.3.0.beta2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta2/manifests"},{"name":"1.3.0.beta","sha":"18040b59dad3f2efe96d5b70b2260764fcda4784","kind":"commit","published_at":"2011-05-03T10:38:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0.beta","html_url":"https://github.com/rack/rack/releases/tag/1.3.0.beta","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta/manifests"},{"name":"1.1.2","sha":"470fdfd7f4f7c2f06a011423046cdca6983f71d7","kind":"tag","published_at":"2011-03-13T14:02:17.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.2","html_url":"https://github.com/rack/rack/releases/tag/1.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.2/manifests"},{"name":"1.2.2","sha":"e226cc65aa493cf9826034002dae864306d52724","kind":"tag","published_at":"2011-03-13T13:34:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.2","html_url":"https://github.com/rack/rack/releases/tag/1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.2/manifests"},{"name":"1.2.1","sha":"dc6b54edca2b69a5653eed98c14a8d4d71b3f45c","kind":"tag","published_at":"2010-06-15T09:53:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.1","html_url":"https://github.com/rack/rack/releases/tag/1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.1/manifests"},{"name":"1.2","sha":"2ed515786322059f568c8a9df77a6e4b70f09225","kind":"tag","published_at":"2010-06-13T17:55:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2","html_url":"https://github.com/rack/rack/releases/tag/1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2/manifests"},{"name":"1.1","sha":"e6ebd831978adc3172ad487be18affab940f3d4d","kind":"tag","published_at":"2010-01-03T23:28:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1","html_url":"https://github.com/rack/rack/releases/tag/1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1/manifests"},{"name":"1.0.1","sha":"d0a2084e64f394068a80ea073e1910d7c3ffa44b","kind":"tag","published_at":"2009-10-18T19:45:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.0.1","html_url":"https://github.com/rack/rack/releases/tag/1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0.1/manifests"},{"name":"1.0","sha":"d221938a6401d956ac6cfdc892f9b1c11b1fa31a","kind":"tag","published_at":"2009-04-25T13:22:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.0","html_url":"https://github.com/rack/rack/releases/tag/1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0/manifests"},{"name":"0.9.1","sha":"488d67988ddfb7e13ad2f58272ee04809612cafe","kind":"tag","published_at":"2009-01-09T16:37:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.9.1","html_url":"https://github.com/rack/rack/releases/tag/0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9.1/manifests"},{"name":"0.9","sha":"a7229fd1bf2d4c5f77887a0d4925534163e842ec","kind":"tag","published_at":"2009-01-06T12:00:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.9","html_url":"https://github.com/rack/rack/releases/tag/0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9/manifests"},{"name":"0.4","sha":"e33cc65a013952935c6bb70e24f359023c075e84","kind":"tag","published_at":"2008-08-21T10:27:04.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.4","html_url":"https://github.com/rack/rack/releases/tag/0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.4/manifests"},{"name":"0.3","sha":"dcb6081279c0728e13658773d38c842c4de785aa","kind":"tag","published_at":"2008-02-26T12:29:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.3","html_url":"https://github.com/rack/rack/releases/tag/0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.3/manifests"},{"name":"0.2","sha":"046be71448cb048a295a5221c8636d57b3c148f3","kind":"commit","published_at":"2007-05-16T15:01:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.2","html_url":"https://github.com/rack/rack/releases/tag/0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.2/manifests"},{"name":"0.1","sha":"bee7489d36600eb87a9da0a1bb899088feea78c9","kind":"commit","published_at":"2007-03-03T12:40:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.1","html_url":"https://github.com/rack/rack/releases/tag/0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.1/manifests"}]},"repo_metadata_updated_at":"2025-06-06T01:10:00.553Z","dependent_packages_count":3634,"downloads":1088635238,"downloads_period":"total","dependent_repos_count":1043594,"rankings":{"downloads":0.006690380348122791,"dependent_repos_count":0.004460253565415194,"dependent_packages_count":0.01393829239192248,"stargazers_count":0.2754206576643882,"forks_count":0.1460733042673476,"docker_downloads_count":0.09812557843913426,"average":0.0907847444460551},"purl":"pkg:gem/rack","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3","url":"https://github.com/advisories/GHSA-5f9h-9pjv-v6j7","title":"Directory traversal in Rack::Directory app bundled with Rack","description":"A directory traversal vulnerability exists in rack \u003c 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-07-06T21:31:02.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2020-8161","https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA","https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA","https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","https://usn.ubuntu.com/4561-1/","https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","https://github.com/advisories/GHSA-5f9h-9pjv-v6j7"],"source_kind":"github","identifiers":["GHSA-5f9h-9pjv-v6j7","CVE-2020-8161"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.1.3","vulnerable_version_range":"\u003c 2.1.3"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:13:23.741Z","updated_at":"2023-08-28T12:27:22.000Z","epss_percentage":0.00281,"epss_percentile":0.51211},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cjctdzVtdi1jODQ5","url":"https://github.com/advisories/GHSA-85r7-w5mv-c849","title":"Rack Vulnerable to Path Traversal","description":"`rack/file.rb` (`Rack::File`) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted `PATH_INFO` environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0262","https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30","https://bugzilla.redhat.com/show_bug.cgi?id=909071","https://bugzilla.redhat.com/show_bug.cgi?id=909072","https://gist.github.com/rentzsch/4736940","https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56","https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml","https://github.com/advisories/GHSA-85r7-w5mv-c849"],"source_kind":"github","identifiers":["GHSA-85r7-w5mv-c849","CVE-2013-0262"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.4.5","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.5"},{"first_patched_version":"1.5.2","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.2"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:13:38.320Z","updated_at":"2023-08-25T23:30:16.000Z","epss_percentage":0.0089,"epss_percentile":0.7351},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnAtajQ3aC1taHBn","url":"https://github.com/advisories/GHSA-5r2p-j47h-mhpg","title":"Rack vulnerable to Cross-site Scripting","description":"There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2018-11-15T15:59:08.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2018-16471","https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag","https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html","https://usn.ubuntu.com/4089-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o","https://github.com/advisories/GHSA-5r2p-j47h-mhpg"],"source_kind":"github","identifiers":["GHSA-5r2p-j47h-mhpg","CVE-2018-16471"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.6.11","vulnerable_version_range":"\u003c 1.6.11"},{"first_patched_version":"2.0.6","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.6"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:13:33.597Z","updated_at":"2023-11-04T05:04:39.000Z","epss_percentage":0.00404,"epss_percentile":0.60057},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3gtbTVxOC1jMjlo","url":"https://github.com/advisories/GHSA-h77x-m5q8-c29h","title":"Rack vulnerable to REDoS","description":"`lib/rack/multipart.rb` in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2012-6109","https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5","https://bugzilla.redhat.com/show_bug.cgi?id=895277","https://github.com/rack/rack/blob/master/README.rdoc","https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ","https://access.redhat.com/errata/RHSA-2013:0544","https://access.redhat.com/security/cve/CVE-2012-6109","https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ","https://rhn.redhat.com/errata/RHSA-2013-0544.html","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml","https://github.com/advisories/GHSA-h77x-m5q8-c29h"],"source_kind":"github","identifiers":["GHSA-h77x-m5q8-c29h","CVE-2012-6109"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.4.2","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.2"},{"first_patched_version":"1.3.7","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.7"},{"first_patched_version":"1.2.6","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.6"},{"first_patched_version":"1.1.4","vulnerable_version_range":"\u003c 1.1.4"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:13:38.224Z","updated_at":"2023-08-25T23:23:24.000Z","epss_percentage":0.00828,"epss_percentile":0.73372},{"uuid":"GSA_kwCzR0hTQS04Y2dxLTZtaDItN2o2ds4ABFEg","url":"https://github.com/advisories/GHSA-8cgq-6mh2-7j6v","title":"Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection","description":"## Summary\n\n`Rack::Sendfile` can be exploited by crafting input that includes newline characters to manipulate log entries.\n\n## Details\n\nThe `Rack::Sendfile` middleware logs unsanitized header values from the `X-Sendfile-Type` header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection.\n\n## Impact\n\nThis vulnerability can distort log files, obscure attack traces, and complicate security auditing.\n\n## Mitigation\n\n- Update to the latest version of Rack, or\n- Remove usage of `Rack::Sendfile`.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-03-04T15:27:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.9,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","references":["https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v","https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53","https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b","https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3","https://nvd.nist.gov/vuln/detail/CVE-2025-27111","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml","https://github.com/advisories/GHSA-8cgq-6mh2-7j6v"],"source_kind":"github","identifiers":["GHSA-8cgq-6mh2-7j6v","CVE-2025-27111"],"repository_url":"https://github.com/rack/rack","blast_radius":41.52786785728138,"packages":[{"versions":[{"first_patched_version":"3.1.11","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.11"},{"first_patched_version":"3.0.13","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.13"},{"first_patched_version":"2.2.12","vulnerable_version_range":"\u003c 2.2.12"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2025-03-04T16:08:16.349Z","updated_at":"2025-03-05T21:49:38.000Z","epss_percentage":0.00193,"epss_percentile":0.41791},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzktZnY2cS0zcTUy","url":"https://github.com/advisories/GHSA-j6w9-fv6q-3q52","title":"Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names","description":"A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it possible for an attacker to forge a secure or host-only cookie prefix.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-06-24T17:15:00.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2020-8184","https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c","https://hackerone.com/reports/895727","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml","https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak","https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","https://usn.ubuntu.com/4561-1/","https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","https://github.com/advisories/GHSA-j6w9-fv6q-3q52"],"source_kind":"github","identifiers":["GHSA-j6w9-fv6q-3q52","CVE-2020-8184"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.2.3","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.3"},{"first_patched_version":"2.1.4","vulnerable_version_range":"\u003c 2.1.4"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:13:23.946Z","updated_at":"2023-08-28T12:14:00.000Z","epss_percentage":0.00641,"epss_percentile":0.69486},{"uuid":"GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC","url":"https://github.com/advisories/GHSA-54rr-7fvw-6x8f","title":"Rack Header Parsing leads to Possible Denial of Service Vulnerability","description":"# Possible Denial of Service Vulnerability in Rack Header Parsing\n\nThere is a possible denial of service vulnerability in the header parsing\nroutines in Rack.  This vulnerability has been assigned the CVE identifier\nCVE-2024-26146.\n\nVersions Affected:  All.\nNot affected:       None\nFixed Versions:     2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1\n\nImpact\n------\nCarefully crafted headers can cause header parsing in Rack to take longer than\nexpected resulting in a possible denial of service issue. Accept and Forwarded\nheaders are impacted.\n\nRuby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2\nor newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 2-0-header-redos.patch - Patch for 2.0 series\n* 2-1-header-redos.patch - Patch for 2.1 series\n* 2-2-header-redos.patch - Patch for 2.2 series\n* 3-0-header-redos.patch - Patch for 3.0 series\n\nCredits\n-------\n\nThanks to [svalkanov](https://hackerone.com/svalkanov) for reporting this and\nproviding patches!","origin":"UNSPECIFIED","severity":"LOW","published_at":"2024-02-28T22:57:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f","https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716","https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582","https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f","https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd","https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml","https://nvd.nist.gov/vuln/detail/CVE-2024-26146","https://github.com/advisories/GHSA-54rr-7fvw-6x8f"],"source_kind":"github","identifiers":["GHSA-54rr-7fvw-6x8f","CVE-2024-26146"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.0.9.4","vulnerable_version_range":"\u003c 2.0.9.4"},{"first_patched_version":"2.1.4.4","vulnerable_version_range":"\u003e= 2.1.0, \u003c 2.1.4.4"},{"first_patched_version":"2.2.8.1","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.8.1"},{"first_patched_version":"3.0.9.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.9.1"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2024-02-28T23:04:48.332Z","updated_at":"2024-02-29T02:30:58.000Z","epss_percentage":0.00572,"epss_percentile":0.67548},{"uuid":"GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt","url":"https://github.com/advisories/GHSA-65f5-mfpf-vfhj","title":"Denial of service via header parsing in Rack","description":"There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570.\n\nVersions Affected: \u003e= 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.0.1\nImpact\n\nCarefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.0 series\n    2-1-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.1 series\n    2-2-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.2 series\n    3-0-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 3.0 series","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-01-18T18:19:33.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/releases/tag/v3.0.4.1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml","https://nvd.nist.gov/vuln/detail/CVE-2022-44570","https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125","https://www.debian.org/security/2023/dsa-5530","https://security.netapp.com/advisory/ntap-20231208-0010","https://github.com/advisories/GHSA-65f5-mfpf-vfhj"],"source_kind":"github","identifiers":["GHSA-65f5-mfpf-vfhj","CVE-2022-44570"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"3.0.4.1","vulnerable_version_range":"\u003e= 3.0.0.0, \u003c 3.0.4.1"},{"first_patched_version":"2.2.6.2","vulnerable_version_range":"\u003e= 2.2.0.0, \u003c 2.2.6.2"},{"first_patched_version":"2.1.4.2","vulnerable_version_range":"\u003e= 2.1.0.0, \u003c 2.1.4.2"},{"first_patched_version":"2.0.9.2","vulnerable_version_range":"\u003e= 1.5.0, \u003c 2.0.9.2"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2023-01-18T19:03:22.116Z","updated_at":"2025-02-13T18:40:03.000Z","epss_percentage":0.02366,"epss_percentile":0.84148},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNzgtNGY2eC05OXdx","url":"https://github.com/advisories/GHSA-hg78-4f6x-99wq","title":"Rack vulnerable to Denial of Service","description":"There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-11-15T15:58:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2018-16470","https://access.redhat.com/errata/RHSA-2019:3172","https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk","https://github.com/advisories/GHSA-hg78-4f6x-99wq"],"source_kind":"github","identifiers":["GHSA-hg78-4f6x-99wq","CVE-2018-16470"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.0.6","vulnerable_version_range":"\u003e= 2.0.4, \u003c 2.0.6"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:13:33.588Z","updated_at":"2023-11-04T05:04:51.000Z","epss_percentage":0.00144,"epss_percentile":0.35954},{"uuid":"GSA_kwCzR0hTQS12ODgyLWNjajYtamM0OM3iGw","url":"https://github.com/advisories/GHSA-v882-ccj6-jc48","title":"Rack vulnerable to Denial of Service","description":"Unspecified vulnerability in `Rack::Auth::AbstractRequest` in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to \"symbolized arbitrary strings.\"","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-05T02:48:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0184","https://bugzilla.redhat.com/show_bug.cgi?id=895384","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","http://rhn.redhat.com/errata/RHSA-2013-0544.html","http://rhn.redhat.com/errata/RHSA-2013-0548.html","http://www.debian.org/security/2013/dsa-2783","https://access.redhat.com/errata/RHSA-2013:0544","https://access.redhat.com/errata/RHSA-2013:0548","https://access.redhat.com/security/cve/CVE-2013-0184","https://github.com/rack/rack/commit/1f61549529d07abd4aa512b8320ab0e97dcacc5d","https://github.com/advisories/GHSA-v882-ccj6-jc48"],"source_kind":"github","identifiers":["GHSA-v882-ccj6-jc48","CVE-2013-0184"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.4.4","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.4"},{"first_patched_version":"1.3.9","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.9"},{"first_patched_version":"1.2.7","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.7"},{"first_patched_version":"1.1.5","vulnerable_version_range":"\u003e= 1.1.0, \u003c 1.1.5"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2023-03-08T21:03:15.881Z","updated_at":"2023-03-08T20:16:52.000Z","epss_percentage":0.00677,"epss_percentile":0.70413},{"uuid":"GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD","url":"https://github.com/advisories/GHSA-xj5v-6v4g-jfw6","title":"Rack has possible DoS Vulnerability with Range Header","description":"# Possible DoS Vulnerability with Range Header in Rack\n\nThere is a possible DoS vulnerability relating to the Range request header in\nRack.  This vulnerability has been assigned the CVE identifier CVE-2024-26141.\n\nVersions Affected:  \u003e= 1.3.0.\nNot affected:       \u003c 1.3.0\nFixed Versions:     3.0.9.1, 2.2.8.1\n\nImpact\n------\nCarefully crafted Range headers can cause a server to respond with an\nunexpectedly large response. Responding with such large responses could lead\nto a denial of service issue.\n\nVulnerable applications will use the `Rack::File` middleware or the\n`Rack::Utils.byte_ranges` methods (this includes Rails applications).\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-0-range.patch - Patch for 3.0 series\n* 2-2-range.patch - Patch for 2.2 series\n\nCredits\n-------\n\nThank you [ooooooo_q](https://hackerone.com/ooooooo_q) for the report and\npatch","origin":"UNSPECIFIED","severity":"LOW","published_at":"2024-02-28T22:57:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6","https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9","https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b","https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml","https://nvd.nist.gov/vuln/detail/CVE-2024-26141","https://github.com/advisories/GHSA-xj5v-6v4g-jfw6"],"source_kind":"github","identifiers":["GHSA-xj5v-6v4g-jfw6","CVE-2024-26141"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.2.8.1","vulnerable_version_range":"\u003e= 1.3.0, \u003c 2.2.8.1"},{"first_patched_version":"3.0.9.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.9.1"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2024-02-28T23:04:48.311Z","updated_at":"2024-02-29T02:30:43.000Z","epss_percentage":0.00323,"epss_percentile":0.54828},{"uuid":"GSA_kwCzR0hTQS14Yzg1LTMybWYteHB2OM3iYQ","url":"https://github.com/advisories/GHSA-xc85-32mf-xpv8","title":"Rack arbitrary code execution via timing attack","description":"Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-05T02:48:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0263","https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07","https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11","https://bugzilla.redhat.com/show_bug.cgi?id=909071","https://gist.github.com/codahale/f9f3781f7b54985bee94","https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J","https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ","https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ","https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","http://rhn.redhat.com/errata/RHSA-2013-0686.html","http://www.debian.org/security/2013/dsa-2783","https://github.com/advisories/GHSA-xc85-32mf-xpv8"],"source_kind":"github","identifiers":["GHSA-xc85-32mf-xpv8","CVE-2013-0263"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.1.6","vulnerable_version_range":"\u003e= 1.1.0, \u003c 1.1.6"},{"first_patched_version":"1.2.8","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.8"},{"first_patched_version":"1.3.10","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.10"},{"first_patched_version":"1.4.5","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.5"},{"first_patched_version":"1.5.2","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.2"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:12:18.658Z","updated_at":"2023-02-13T16:42:06.000Z","epss_percentage":0.07962,"epss_percentile":0.91557},{"uuid":"GSA_kwCzR0hTQS03ZzJ2LWpqOXEtZzNyZ84ABEZ0","url":"https://github.com/advisories/GHSA-7g2v-jj9q-g3rg","title":"Possible Log Injection in Rack::CommonLogger","description":"## Summary\n\n`Rack::CommonLogger` can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs.\n\n## Details\n\nWhen a user provides the authorization credentials via `Rack::Auth::Basic`, if success, the username will be put in `env['REMOTE_USER']` and later be used by `Rack::CommonLogger` for logging purposes.\n\nThe issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile.\n\n## Impact\n\nAttackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files.\n\n## Mitigation\n\n- Update to the latest version of Rack.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-02-12T19:18:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P","references":["https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg","https://nvd.nist.gov/vuln/detail/CVE-2025-25184","https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml","https://github.com/advisories/GHSA-7g2v-jj9q-g3rg"],"source_kind":"github","identifiers":["GHSA-7g2v-jj9q-g3rg","CVE-2025-25184"],"repository_url":"https://github.com/rack/rack","blast_radius":34.30562996905853,"packages":[{"versions":[{"first_patched_version":"3.1.10","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.10"},{"first_patched_version":"3.0.12","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.12"},{"first_patched_version":"2.2.11","vulnerable_version_range":"\u003c 2.2.11"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2025-02-12T20:07:39.192Z","updated_at":"2025-02-18T15:04:50.000Z","epss_percentage":0.0018,"epss_percentile":0.40291},{"uuid":"GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb","url":"https://github.com/advisories/GHSA-cj83-2ww7-mvq7","title":"Rack ReDoS Vulnerability in HTTP Accept Headers Parsing","description":"### Summary\n\nA Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted `Accept-Encoding` or `Accept-Language` headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS).\n\n### Details\n\nThe fix for https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f was not applied to the main branch and thus while the issue was fixed for the Rack v3.0 release series, it was not fixed in the v3.1 release series until v3.1.5.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-07-03T17:03:45.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f","https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7","https://nvd.nist.gov/vuln/detail/CVE-2024-39316","https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-39316.yml","https://advisory.dw1.io/61","https://github.com/advisories/GHSA-cj83-2ww7-mvq7"],"source_kind":"github","identifiers":["GHSA-cj83-2ww7-mvq7","CVE-2024-39316"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"3.1.5","vulnerable_version_range":"\u003e= 3.1.0, \u003c 3.1.5"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2024-07-03T18:09:36.882Z","updated_at":"2024-11-05T18:12:50.000Z","epss_percentage":0.0073,"epss_percentile":0.71572},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2YzItcDM0eC1qaHho","url":"https://github.com/advisories/GHSA-9vc2-p34x-jhxh","title":"Moderate severity vulnerability that affects rack","description":"Withdrawn, accidental duplicate publish.\r\n\r\nlib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2018-09-17T21:56:30.000Z","withdrawn_at":"2020-06-16T21:29:41.000Z","classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2015-3225","https://github.com/advisories/GHSA-9vc2-p34x-jhxh"],"source_kind":"github","identifiers":["GHSA-9vc2-p34x-jhxh"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.6.2","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.2"},{"first_patched_version":"1.5.4","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.4"},{"first_patched_version":"1.4.6","vulnerable_version_range":"\u003c 1.4.6"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:13:36.155Z","updated_at":"2023-01-09T05:03:14.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS03d3FoLTc2N3gtcjY2ds4ABFQr","url":"https://github.com/advisories/GHSA-7wqh-767x-r66v","title":"Local File Inclusion in Rack::Static","description":"## Summary\n\n`Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly.\n\n## Details\n\nThe vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory.\n\n## Impact\n\nBy exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file.\n\n## Mitigation\n\n- Update to the latest version of Rack, or\n- Remove usage of `Rack::Static`, or\n- Ensure that `root:` points at a directory path which only contains files which should be accessed publicly.\n\nIt is likely that a CDN or similar static file server would also mitigate the issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-03-10T22:19:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v","https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583","https://nvd.nist.gov/vuln/detail/CVE-2025-27610","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml","https://github.com/advisories/GHSA-7wqh-767x-r66v"],"source_kind":"github","identifiers":["GHSA-7wqh-767x-r66v","CVE-2025-27610"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"3.1.12","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.12"},{"first_patched_version":"3.0.14","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.14"},{"first_patched_version":"2.2.13","vulnerable_version_range":"\u003c 2.2.13"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2025-03-10T23:07:48.263Z","updated_at":"2025-03-14T20:28:42.000Z","epss_percentage":0.00108,"epss_percentile":0.30363},{"uuid":"GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs","url":"https://github.com/advisories/GHSA-rqv2-275x-2jq5","title":"Denial of service via multipart parsing in Rack","description":"There is a denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44572.\n\nVersions Affected: \u003e= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1\nImpact\n\nCarefully crafted input can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Forbid-control-characters-in-attributes.patch - Patch for 2.0 series\n    2-1-Forbid-control-characters-in-attributes.patch - Patch for 2.1 series\n    2-2-Forbid-control-characters-in-attributes.patch - Patch for 2.2 series\n    3-0-Forbid-control-characters-in-attributes.patch - Patch for 3.0 series\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-01-18T18:19:21.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/releases/tag/v3.0.4.1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml","https://nvd.nist.gov/vuln/detail/CVE-2022-44572","https://hackerone.com/reports/1639882","https://www.debian.org/security/2023/dsa-5530","https://github.com/advisories/GHSA-rqv2-275x-2jq5"],"source_kind":"github","identifiers":["GHSA-rqv2-275x-2jq5","CVE-2022-44572"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"3.0.4.1","vulnerable_version_range":"\u003e= 3.0.0.0, \u003c 3.0.4.1"},{"first_patched_version":"2.2.6.1","vulnerable_version_range":"\u003e= 2.2.0.0, \u003c 2.2.6.1"},{"first_patched_version":"2.1.4.2","vulnerable_version_range":"\u003e= 2.1.0.0, \u003c 2.1.4.2"},{"first_patched_version":"2.0.9.2","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.9.2"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2023-01-18T19:03:22.126Z","updated_at":"2023-10-23T19:17:24.000Z","epss_percentage":0.0025,"epss_percentile":0.48439},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJncjQtOWpoNS1qNGo2","url":"https://github.com/advisories/GHSA-rgr4-9jh5-j4j6","title":"Rack vulnerable to Denial of Service via large parameter depth request","description":"lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2015-3225","https://github.com/rack/rack/blob/master/HISTORY.md","http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html","http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html","http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html","http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html","http://openwall.com/lists/oss-security/2015/06/16/14","http://rhn.redhat.com/errata/RHSA-2015-2290.html","http://www.debian.org/security/2015/dsa-3322","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc","https://github.com/advisories/GHSA-rgr4-9jh5-j4j6"],"source_kind":"github","identifiers":["GHSA-rgr4-9jh5-j4j6","CVE-2015-3225"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.4.6","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.6"},{"first_patched_version":"1.5.4","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.4"},{"first_patched_version":"1.6.2","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.2"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:13:39.106Z","updated_at":"2023-08-28T12:22:40.000Z","epss_percentage":0.16342,"epss_percentile":0.94499},{"uuid":"GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq","url":"https://github.com/advisories/GHSA-c6qg-cjj8-47qp","title":"Possible Denial of Service Vulnerability in Rack's header parsing","description":"There is a denial of service vulnerability in the header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27539.\n\nVersions Affected: \u003e= 2.0.0 Not affected: None. Fixed Versions: 2.2.6.4, 3.0.6.1\n\n# Impact\nCarefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted.\n\n# Workarounds\nSetting Regexp.timeout in Ruby 3.2 is a possible workaround.\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-03-15T21:36:02.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-27539","https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml","https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c","https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff","https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html","https://security.netapp.com/advisory/ntap-20231208-0016","https://www.debian.org/security/2023/dsa-5530","https://github.com/advisories/GHSA-c6qg-cjj8-47qp"],"source_kind":"github","identifiers":["GHSA-c6qg-cjj8-47qp","CVE-2023-27539"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"3.0.6.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.6.1"},{"first_patched_version":"2.2.6.4","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.2.6.4"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2023-03-15T22:03:00.281Z","updated_at":"2025-01-09T15:36:59.000Z","epss_percentage":0.00226,"epss_percentile":0.45482},{"uuid":"GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV","url":"https://github.com/advisories/GHSA-wq4h-7r42-5hrr","title":"Possible shell escape sequence injection vulnerability in Rack","description":"There is a possible shell escape sequence injection vulnerability in the Lint\nand CommonLogger components of Rack.  This vulnerability has been assigned the\nCVE identifier CVE-2022-30123.\n\nVersions Affected:  All.\nNot affected:       None\nFixed Versions:     2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted requests can cause shell escape sequences to be written to\nthe terminal via Rack's Lint middleware and CommonLogger middleware.  These\nescape sequences can be leveraged to possibly execute commands in the victim's\nterminal.\n\nImpacted applications will have either of these middleware installed, and\nvulnerable apps may have something like this:\n\n```\nuse Rack::Lint\n```\n\nOr\n\n```\nuse Rack::CommonLogger\n```\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Workarounds\nRemove these middleware from your application\n","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-27T16:36:51.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml","https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8","https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88","https://nvd.nist.gov/vuln/detail/CVE-2022-30123","https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728","https://www.debian.org/security/2023/dsa-5530","https://security.gentoo.org/glsa/202310-18","https://security.netapp.com/advisory/ntap-20231208-0011/","https://github.com/advisories/GHSA-wq4h-7r42-5hrr"],"source_kind":"github","identifiers":["GHSA-wq4h-7r42-5hrr","CVE-2022-30123"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.2.3.1","vulnerable_version_range":"\u003e= 2.2, \u003c= 2.2.3.0"},{"first_patched_version":"2.1.4.1","vulnerable_version_range":"\u003e= 2.1, \u003c= 2.1.4.0"},{"first_patched_version":"2.0.9.1","vulnerable_version_range":"\u003c= 2.0.9.0"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:12:22.219Z","updated_at":"2023-12-17T05:05:18.000Z","epss_percentage":0.01751,"epss_percentile":0.81637},{"uuid":"GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE","url":"https://github.com/advisories/GHSA-22f2-v57c-j9cx","title":"Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)","description":"### Summary\n\n```ruby\nmodule Rack\n  class MediaType\n    SPLIT_PATTERN = %r{\\s*[;,]\\s*}\n```\nThe above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split.\n\n### PoC\n\nA simple HTTP request with lots of blank characters in the content-type header:\n\n```ruby\nrequest[\"Content-Type\"] = (\" \" * 50_000) + \"a,\"\n```\n\n### Impact\n\nIt's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-02-28T22:57:26.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx","https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462","https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49","https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml","https://nvd.nist.gov/vuln/detail/CVE-2024-25126","https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html","https://security.netapp.com/advisory/ntap-20240510-0005","https://github.com/advisories/GHSA-22f2-v57c-j9cx"],"source_kind":"github","identifiers":["GHSA-22f2-v57c-j9cx","CVE-2024-25126"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.2.8.1","vulnerable_version_range":"\u003e= 0.4, \u003c 2.2.8.1"},{"first_patched_version":"3.0.9.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.9.1"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2024-02-28T23:04:48.291Z","updated_at":"2024-06-10T18:31:57.000Z","epss_percentage":0.00253,"epss_percentile":0.48635},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycXItaHhwcC1jaHIz","url":"https://github.com/advisories/GHSA-hrqr-hxpp-chr3","title":"Possible Information Leak / Session Hijack Vulnerability in Rack","description":"There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.\n\nThe session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.\n\n### Impact\n\nThe session id stored in a cookie is the same id that is used when querying the backing session storage engine.  Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id.  By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.\n\n## Releases\n\nThe 1.6.12 and 2.0.8 releases are available at the normal locations.\n\n### Workarounds\n\nThere are no known workarounds.\n\n### Patches\n\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 1-6-session-timing-attack.patch - Patch for 1.6 series\n* 2-0-session-timing-attack.patch - Patch for 2.6 series\n\n### Credits\n\nThanks Will Leinweber for reporting this!","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2019-12-18T19:01:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3","https://nvd.nist.gov/vuln/detail/CVE-2019-16782","https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38","http://www.openwall.com/lists/oss-security/2019/12/18/2","http://www.openwall.com/lists/oss-security/2019/12/18/3","http://www.openwall.com/lists/oss-security/2019/12/19/3","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html","http://www.openwall.com/lists/oss-security/2020/04/08/1","http://www.openwall.com/lists/oss-security/2020/04/09/2","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX","https://github.com/advisories/GHSA-hrqr-hxpp-chr3"],"source_kind":"github","identifiers":["GHSA-hrqr-hxpp-chr3","CVE-2019-16782"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.0.8","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.8"},{"first_patched_version":"1.6.12","vulnerable_version_range":"\u003c 1.6.12"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:13:26.790Z","updated_at":"2025-02-13T18:33:18.000Z","epss_percentage":0.02214,"epss_percentile":0.83666},{"uuid":"GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0","url":"https://github.com/advisories/GHSA-93pm-5p5f-3ghx","title":"Denial of Service Vulnerability in Rack Content-Disposition parsing","description":"There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44571.\n\nVersions Affected: \u003e= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1\nImpact\n\nCarefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.0 series\n    2-1-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.1 series\n    2-2-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.2 series\n    3-0-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 3.0 series\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-01-18T18:24:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/releases/tag/v3.0.4.1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml","https://nvd.nist.gov/vuln/detail/CVE-2022-44571","https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126","https://www.debian.org/security/2023/dsa-5530","https://github.com/advisories/GHSA-93pm-5p5f-3ghx"],"source_kind":"github","identifiers":["GHSA-93pm-5p5f-3ghx","CVE-2022-44571"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"3.0.4.1","vulnerable_version_range":"\u003e= 3.0.0.0, \u003c 3.0.4.1"},{"first_patched_version":"2.2.6.1","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.6.1"},{"first_patched_version":"2.1.4.2","vulnerable_version_range":"\u003e= 2.1.0, \u003c 2.1.4.2"},{"first_patched_version":"2.0.9.2","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.9.2"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2023-01-18T19:03:22.042Z","updated_at":"2023-10-23T19:18:09.000Z","epss_percentage":0.02366,"epss_percentile":0.84148},{"uuid":"GSA_kwCzR0hTQS12NmozLTdqcnctaHEycM4AAe7J","url":"https://github.com/advisories/GHSA-v6j3-7jrw-hq2p","title":"Rack Gem Subject to Denial of Service via Hash Collisions","description":"Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T04:59:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2011-5036","https://gist.github.com/52bbc6b9cc19ce330829","http://www.debian.org/security/2013/dsa-2783","http://www.kb.cert.org/vuls/id/903934","http://www.ocert.org/advisories/ocert-2011-003.html","https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml","https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html","http://www.nruns.com/_downloads/advisory28122011.pdf","https://github.com/advisories/GHSA-v6j3-7jrw-hq2p"],"source_kind":"github","identifiers":["GHSA-v6j3-7jrw-hq2p","CVE-2011-5036"],"repository_url":null,"blast_radius":1.0,"packages":[{"versions":[{"first_patched_version":"1.6.5.1","vulnerable_version_range":"\u003c 1.6.5.1"}],"ecosystem":"maven","package_name":"org.jruby:jruby-parent"},{"versions":[{"first_patched_version":"1.3.6","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.6"},{"first_patched_version":"1.2.5","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.5"},{"first_patched_version":"1.1.3","vulnerable_version_range":"\u003c 1.1.3"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2023-03-27T17:03:16.616Z","updated_at":"2023-08-25T23:09:50.000Z","epss_percentage":0.01278,"epss_percentile":0.78503},{"uuid":"GSA_kwCzR0hTQS1namg3LXAyZngtOTl2eM4ABHo_","url":"https://github.com/advisories/GHSA-gjh7-p2fx-99vx","title":"Rack has an Unbounded-Parameter DoS in Rack::QueryParser","description":"## Summary\n\n`Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters.\n\n## Details\n\nThe vulnerability arises because `Rack::QueryParser` iterates over each `\u0026`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing.\n\n## Impact\n\nAn attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted.\n\n## Mitigation\n\n- Update to a version of Rack that limits the number of parameters parsed, or\n- Use middleware to enforce a maximum query string size or parameter count, or\n- Employ a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies.\n\nLimiting request body sizes and query string lengths at the web server or CDN level is an effective mitigation.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-05-08T14:45:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx","https://nvd.nist.gov/vuln/detail/CVE-2025-46727","https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712","https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3","https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml","https://github.com/advisories/GHSA-gjh7-p2fx-99vx"],"source_kind":"github","identifiers":["GHSA-gjh7-p2fx-99vx","CVE-2025-46727"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"3.1.14","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.14"},{"first_patched_version":"3.0.16","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.16"},{"first_patched_version":"2.2.14","vulnerable_version_range":"\u003c 2.2.14"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2025-05-08T15:09:22.844Z","updated_at":"2025-05-09T14:35:13.000Z","epss_percentage":0.01095,"epss_percentile":0.76883},{"uuid":"GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW","url":"https://github.com/advisories/GHSA-hxqx-xwvh-44m2","title":"Denial of Service Vulnerability in Rack Multipart Parsing","description":"There is a possible denial of service vulnerability in the multipart parsing component of Rack.  This vulnerability has been assigned the CVE identifier CVE-2022-30122.\n\nVersions Affected:  \u003e= 1.2\nNot affected:       \u003c 1.2\nFixed Versions:     2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service vulnerability.\n\nImpacted code will use Rack's multipart parser to parse multipart posts.  This includes directly using the multipart parser like this:\n\n```\nparams = Rack::Multipart.parse_multipart(env)\n```\n\nBut it also includes reading POST data from a Rack request object like this:\n\n```\np request.POST # read POST data\np request.params # reads both query params and POST data\n```\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\n## Workarounds\nThere are no feasible workarounds for this issue.\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-27T16:36:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml","https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk","https://nvd.nist.gov/vuln/detail/CVE-2022-30122","https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729","https://www.debian.org/security/2023/dsa-5530","https://security.gentoo.org/glsa/202310-18","https://security.netapp.com/advisory/ntap-20231208-0012/","https://github.com/advisories/GHSA-hxqx-xwvh-44m2"],"source_kind":"github","identifiers":["GHSA-hxqx-xwvh-44m2","CVE-2022-30122"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.2.3.1","vulnerable_version_range":"\u003e= 2.2, \u003c= 2.2.3.0"},{"first_patched_version":"2.1.4.1","vulnerable_version_range":"\u003e= 2.1, \u003c= 2.1.4.0"},{"first_patched_version":"2.0.9.1","vulnerable_version_range":"\u003e= 1.2, \u003c= 2.0.9.0"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:12:22.209Z","updated_at":"2023-12-09T00:35:04.000Z","epss_percentage":0.00902,"epss_percentile":0.7459},{"uuid":"GSA_kwCzR0hTQS00N20yLTI2cnctajJqd84ABIp_","url":"https://github.com/advisories/GHSA-47m2-26rw-j2jw","title":"ReDoS Vulnerability in Rack::Multipart handle_mime_head","description":"### Summary\nThere is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571.\n\n### Details\n\nCarefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.\n\n### Credits\n\nThanks to [scyoon](https://hackerone.com/scyoon) for reporting this to the Rails security team","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-06-05T05:21:34.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.6,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U","references":["https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw","https://nvd.nist.gov/vuln/detail/CVE-2025-49007","https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f","https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml","https://github.com/advisories/GHSA-47m2-26rw-j2jw"],"source_kind":"github","identifiers":["GHSA-47m2-26rw-j2jw","CVE-2025-49007"],"repository_url":"https://github.com/rack/rack","blast_radius":39.72230838522566,"packages":[{"versions":[{"first_patched_version":"3.1.16","vulnerable_version_range":"\u003e= 3.1.0, \u003c 3.1.16"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2025-06-05T06:08:07.219Z","updated_at":"2025-06-05T20:15:09.000Z","epss_percentage":0.00046,"epss_percentile":0.13675},{"uuid":"GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE","url":"https://github.com/advisories/GHSA-3h57-hmj3-gj3p","title":"Rack has possible DoS Vulnerability in Multipart MIME parsing","description":"There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530.\n\nVersions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3\n\n# Impact\nThe Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\n# Workarounds\nA proxy can be configured to limit the POST body size which will mitigate this issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-08T17:20:04.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-27530","https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml","https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html","https://www.debian.org/security/2023/dsa-5530","https://security.netapp.com/advisory/ntap-20231208-0015","https://github.com/advisories/GHSA-3h57-hmj3-gj3p"],"source_kind":"github","identifiers":["GHSA-3h57-hmj3-gj3p","CVE-2023-27530"],"repository_url":null,"blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"3.0.4.2","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.4.2"},{"first_patched_version":"2.2.6.3","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.6.3"},{"first_patched_version":"2.1.4.3","vulnerable_version_range":"\u003e= 2.1.0, \u003c 2.1.4.3"},{"first_patched_version":"2.0.9.3","vulnerable_version_range":"\u003c 2.0.9.3"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2023-03-08T18:03:17.449Z","updated_at":"2025-02-13T18:41:59.000Z","epss_percentage":0.02064,"epss_percentile":0.83019},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3","url":"https://github.com/advisories/GHSA-3pxh-h8hw-mj8w","title":"Rack rubygems receiving excessively long lines triggers out-of-memory error","description":"multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0183","https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff","https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18","https://bugzilla.redhat.com/show_bug.cgi?id=895282","https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI","https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","http://rack.github.com/","http://www.debian.org/security/2013/dsa-2783","https://access.redhat.com/errata/RHSA-2013:0544","https://access.redhat.com/security/cve/CVE-2013-0183","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml","https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI","https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs","http://rhn.redhat.com/errata/RHSA-2013-0544.html","http://rhn.redhat.com/errata/RHSA-2013-0548.html","https://github.com/advisories/GHSA-3pxh-h8hw-mj8w"],"source_kind":"github","identifiers":["GHSA-3pxh-h8hw-mj8w","CVE-2013-0183"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.4.3","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.3"},{"first_patched_version":"1.3.8","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.8"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2022-12-21T16:13:38.291Z","updated_at":"2023-08-28T12:50:31.000Z","epss_percentage":0.01824,"epss_percentile":0.81987},{"uuid":"GSA_kwCzR0hTQS12cGZ3LTQ3aDcteGo0Z84ABHo9","url":"https://github.com/advisories/GHSA-vpfw-47h7-xj4g","title":"Rack session gets restored after deletion","description":"### Summary\n\nWhen using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session.\n\n### Details\n\n[Rack session middleware](https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270) prepares the session at the beginning of request, then saves is back to the store with possible changes applied by host rack application. This way the session becomes to be a subject of race conditions in general sense over concurrent rack requests.\n\n### Impact\n\nWhen using the `Rack::Session::Pool` middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout.\n\n## Mitigation\n\n- Update to the latest version of `rack`, or\n- Ensure your application invalidates sessions atomically by marking them as logged out e.g., using a `logged_out` flag, instead of deleting them, and check this flag on every request to prevent reuse, or\n- Implement a custom session store that tracks session invalidation timestamps and refuses to accept session data if the session was invalidated after the request began.\n\n### Related\n\nAs this code was moved to `rack-session` in Rack 3+, see \u003chttps://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj\u003e for the equivalent advisory in `rack-session` (affecting Rack 3+ only).","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-05-08T14:45:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj","https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g","https://nvd.nist.gov/vuln/detail/CVE-2025-32441","https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d","https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml","https://github.com/advisories/GHSA-vpfw-47h7-xj4g"],"source_kind":"github","identifiers":["GHSA-vpfw-47h7-xj4g","CVE-2025-32441"],"repository_url":"https://github.com/rack/rack-session","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.2.14","vulnerable_version_range":"\u003c= 2.2.13"}],"ecosystem":"rubygems","package_name":"rack"}],"created_at":"2025-05-08T15:09:23.194Z","updated_at":"2025-05-09T14:34:18.000Z","epss_percentage":0.00018,"epss_percentile":0.02871}],"docker_usage_url":"https://docker.ecosyste.ms/usage/rubygems/rack","docker_dependents_count":2618,"docker_downloads_count":1346686159,"usage_url":"https://repos.ecosyste.ms/usage/rubygems/rack","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/rubygems/rack/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rack/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rack/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rack/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rack/related_packages","maintainers":[{"uuid":"207","login":"tenderlove","name":null,"email":null,"url":null,"packages_count":183,"html_url":"https://rubygems.org/profiles/tenderlove","role":null,"created_at":"2022-11-09T09:46:28.840Z","updated_at":"2022-11-09T09:46:28.840Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/tenderlove/packages"},{"uuid":"47349","login":"rafaelfranca","name":null,"email":null,"url":null,"packages_count":120,"html_url":"https://rubygems.org/profiles/rafaelfranca","role":null,"created_at":"2022-11-09T09:46:28.866Z","updated_at":"2022-11-09T09:46:28.866Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/rafaelfranca/packages"},{"uuid":"96878","login":"eileencodes","name":null,"email":null,"url":null,"packages_count":51,"html_url":"https://rubygems.org/profiles/eileencodes","role":null,"created_at":"2022-11-09T09:46:28.857Z","updated_at":"2022-11-09T09:46:28.857Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/eileencodes/packages"},{"uuid":"44200","login":"ioquatix","name":null,"email":null,"url":null,"packages_count":216,"html_url":"https://rubygems.org/profiles/ioquatix","role":null,"created_at":"2022-11-09T09:46:28.889Z","updated_at":"2022-11-09T09:46:28.889Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/ioquatix/packages"},{"uuid":"264","login":"raggi","name":null,"email":null,"url":null,"packages_count":25,"html_url":"https://rubygems.org/profiles/raggi","role":null,"created_at":"2022-11-09T09:46:28.830Z","updated_at":"2022-11-09T09:46:28.830Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/raggi/packages"},{"uuid":"31711","login":"chneukirchen","name":null,"email":null,"url":null,"packages_count":4,"html_url":"https://rubygems.org/profiles/chneukirchen","role":null,"created_at":"2022-11-09T09:46:28.819Z","updated_at":"2022-11-09T09:46:28.819Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/chneukirchen/packages"}],"registry":{"name":"rubygems.org","url":"https://rubygems.org","ecosystem":"rubygems","default":true,"packages_count":198115,"maintainers_count":66429,"namespaces_count":0,"keywords_count":17799,"github":"rubygems","metadata":{"funded_packages_count":7045},"icon_url":"https://github.com/rubygems.png","created_at":"2022-04-04T15:19:23.446Z","updated_at":"2025-06-06T05:59:27.395Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/namespaces"}},"unique_repositories_count":4504,"unique_repositories_count_past_30_days":1,"recent_issues":[{"uuid":"4472017836","node_id":"PR_kwDOPKm1Fs7cy_dL","number":34,"state":"closed","title":"Bump the bundler group across 9 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T20:32:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T19:37:07.000Z","updated_at":"2026-06-09T20:32:08.000Z","time_to_close":1904099,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":6,"packages":[{"name":"nokogiri","old_version":"1.13.8","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.4","new_version":"2.2.23","repository_url":"https://github.com/rack/rack"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"addressable","old_version":"2.8.4","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"faraday","old_version":"2.13.1","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"},{"name":"rack","old_version":"3.1.14","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"},{"name":"faraday","old_version":"2.11.0","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack), [addressable](https://github.com/sporkmonger/addressable), [faraday](https://github.com/lostisland/faraday), [rack-session](https://github.com/rack/rack-session) and [jwt](https://github.com/jwt/ruby-jwt) to permit the latest version.\nUpdates `nokogiri` from 1.13.8 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.13.8...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 2.2.4 to 2.2.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.4 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.4...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.13.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/2ecd5e05388303087c3f6872ef7f98f260e9560f\"\u003e\u003ccode\u003e2ecd5e0\u003c/code\u003e\u003c/a\u003e Update version.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3f1280c69e93297d574e85a2d462d05ebadf1d09\"\u003e\u003ccode\u003e3f1280c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/81dc1688742ad30fa747daba5a82592a1e4df8a8\"\u003e\u003ccode\u003e81dc168\u003c/code\u003e\u003c/a\u003e Upgrade package.json packages using audit fix (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/8b4d1fd06fd47dd33f3720794d4df38498c240ec\"\u003e\u003ccode\u003e8b4d1fd\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a01039c948d3e9e41e03d152aed7244f0fb4d5ca\"\u003e\u003ccode\u003ea01039c\u003c/code\u003e\u003c/a\u003e fix(docs): fix incorrect link label in request-options and remove dead link i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/7df3f24bc32d309136c67d94a9f5e4679085af0d\"\u003e\u003ccode\u003e7df3f24\u003c/code\u003e\u003c/a\u003e Lint: Style/OneClassPerFile (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1668\"\u003e#1668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/c6988a840738760fae1a40d653fa2ccd0da425b9\"\u003e\u003ccode\u003ec6988a8\u003c/code\u003e\u003c/a\u003e Modernize RuboCop configuration and fix offenses (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/32e010f1c3d5cf0f854fd52df553adf9b29985f4\"\u003e\u003ccode\u003e32e010f\u003c/code\u003e\u003c/a\u003e Add Ruby 4 to CI (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.14 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.4...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/releases\"\u003erack-session's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.11.0 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"ht...\n\n_Description has been truncated_","html_url":"https://github.com/useplato/gitlabhq/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/useplato%2Fgitlabhq/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"},{"uuid":"4397358819","node_id":"PR_kwDOLTgSI87ZEe49","number":175,"state":"open","title":"Bump the bundler group across 2 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-07T08:42:01.000Z","updated_at":"2026-05-07T08:42:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":5,"packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"net-imap","old_version":"0.6.3","new_version":"0.6.4","repository_url":"https://github.com/ruby/net-imap"},{"name":"nokogiri","old_version":"1.19.2","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the /examples/stacks/jekyll/myblog directory: [addressable](https://github.com/sporkmonger/addressable) and [rexml](https://github.com/ruby/rexml).\nBumps the bundler group with 4 updates in the /examples/stacks/rails/blog directory: [addressable](https://github.com/sporkmonger/addressable), [net-imap](https://github.com/ruby/net-imap), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `net-imap` from 0.6.3 to 0.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/net-imap/releases\"\u003enet-imap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e🔒 Security\u003c/h3\u003e\n\u003cp\u003eThis release contains fixes for \u003cstrong\u003emultiple vulnerabilities\u003c/strong\u003e concerning \u003cem\u003e\u003cstrong\u003e\u003ccode\u003eSTARTTLS\u003c/code\u003e stripping\u003c/strong\u003e\u003c/em\u003e, argument validation, and denial of service attacks.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/664\"\u003eruby/net-imap#664\u003c/a\u003e fixes a \u003ccode\u003eSTARTTLS\u003c/code\u003e stripping vulnerability (GHSA-vcgp-9326-pqcp).\nWithout this fix, a man-in-the-middle attacker can cause \u003ccode\u003eNet::IMAP#starttls\u003c/code\u003e to return \u0026quot;successfully\u0026quot;, \u003cstrong\u003e\u003cem\u003ewithout starting TLS\u003c/em\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nArgument validation is significantly improved.  Several injection vulnerabilities have been fixed:\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/657\"\u003eruby/net-imap#657\u003c/a\u003e fixes CRLF/command/argument injection via Symbol arguments (GHSA-75xq-5h9v-w6px).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/658\"\u003eruby/net-imap#658\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003eattr\u003c/code\u003e argument to \u003ccode\u003e#store\u003c/code\u003e/\u003ccode\u003e#uid_store\u003c/code\u003e (GHSA-hm49-wcqc-g2xg)\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/659\"\u003eruby/net-imap#659\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003estorage_limit\u003c/code\u003e argument to \u003ccode\u003e#setquota\u003c/code\u003e (GHSA-hm49-wcqc-g2xg).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/660\"\u003eruby/net-imap#660\u003c/a\u003e fixes CRLF/command injection via \u003ccode\u003eRawData\u003c/code\u003e (GHSA-hm49-wcqc-g2xg):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#search\u003c/code\u003e and \u003ccode\u003e#uid_search\u003c/code\u003e send \u003ccode\u003ecriteria\u003c/code\u003e as raw data, when it is a String\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e#fetch\u003c/code\u003e and \u003ccode\u003e#uid_fetch\u003c/code\u003e send \u003ccode\u003eattr\u003c/code\u003e as raw data, when it is a String.\nWhen \u003ccode\u003eattr\u003c/code\u003e is an Array, its String members are sent as raw data.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!CAUTION]\n\u003ccode\u003eRawData\u003c/code\u003e does not defend against \u003cem\u003eother\u003c/em\u003e forms of argument injection!  It is an intentionally low-level API.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nTwo denial of service vulnerabilities have been addressed.\nThese are generally only relevant when connecting to an \u003cem\u003euntrusted hostile server\u003c/em\u003e (or without TLS).\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003eruby/net-imap#642\u003c/a\u003e fixes quadratic time complexity when reading large responses containing many string literals (GHSA-q2mw-fvj9-vvcw).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/654\"\u003eruby/net-imap#654\u003c/a\u003e adds a configurable \u003ccode\u003emax_iterations\u003c/code\u003e count for \u003ccode\u003eSCRAM-*\u003c/code\u003e authentication (GHSA-87pf-fpwv-p7m7).\u003c/p\u003e\n\u003cp\u003eThe default \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e is \u003ccode\u003e2**31 - 1\u003c/code\u003e (max 32-bit signed int), which was already OpenSSL's maximum value.  \u003cem\u003eIt provides no protection\u003c/em\u003e against hostile servers unless it is explicitly set to a lower value by the user.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⚡ \u003ccode\u003eResponseReader\u003c/code\u003e memoizes \u003ccode\u003eConfig#max_response_size\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003eruby/net-imap#642\u003c/a\u003e.\nChanges to \u003ccode\u003e#max_response_size\u003c/code\u003e now take effect once per response, not on every \u003ccode\u003eIO#read\u003c/code\u003e.\n\u003cem\u003eNOTE: It is not expected that this will affect any current usage.\u003c/em\u003e  See \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003ethe PR\u003c/a\u003e for details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Support \u003ccode\u003eBINARY\u003c/code\u003e extention to \u003ccode\u003e#append\u003c/code\u003e (RFC3516)  by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/616\"\u003eruby/net-imap#616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ Support \u003ccode\u003eLITERAL+\u003c/code\u003e and \u003ccode\u003eLITERAL-\u003c/code\u003e non-synchronizing literals (RFC7888) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/649\"\u003eruby/net-imap#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔒 Add \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/654\"\u003eruby/net-imap#654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🏷️ Add \u003ccode\u003enumber64\u003c/code\u003e and \u003ccode\u003enz-number64\u003c/code\u003e to NumValidator by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/625\"\u003eruby/net-imap#625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e♻️ Add \u003ccode\u003eMailboxQuota#quota_root\u003c/code\u003e alias by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/636\"\u003eruby/net-imap#636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔍 Simplify \u003ccode\u003eNet::IMAP#inspect\u003c/code\u003e with basic state by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/612\"\u003eruby/net-imap#612\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🥅 Add \u003ccode\u003eResponseParseError#parser_methods\u003c/code\u003e (and override \u003ccode\u003e#==\u003c/code\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/615\"\u003eruby/net-imap#615\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/3e490673dca65d0cfeeeb3fbf1fdaa188d6f27c4\"\u003e\u003ccode\u003e3e49067\u003c/code\u003e\u003c/a\u003e 🔖 Bump version to 0.6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618\"\u003e\u003ccode\u003e0ede4c4\u003c/code\u003e\u003c/a\u003e 🔀 Merge pull request \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e from ruby/security/STARTTLS-stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/51ae3604cabe1e8cfeeb888ff5ef6b9215fe1a65\"\u003e\u003ccode\u003e51ae360\u003c/code\u003e\u003c/a\u003e ♻️ Add command response handler before command is sent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/24d5c773d1bb76ca1cd0a26b2218195011c16969\"\u003e\u003ccode\u003e24d5c77\u003c/code\u003e\u003c/a\u003e 🔒🥅 Handle tagged \u0026quot;OK\u0026quot; to incomplete command\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/62eea6ffe1e390060065169474f97edbc42bd2b2\"\u003e\u003ccode\u003e62eea6f\u003c/code\u003e\u003c/a\u003e 🔒🥅 Ensure STARTTLS tagged response was handled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/46636cae8af68a4080c434b853fba1738c7c2587\"\u003e\u003ccode\u003e46636ca\u003c/code\u003e\u003c/a\u003e ❌🔒 Add failing test for STARTTLS stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/e3b010509109eb4acc1d7e4365624e848ef0b45b\"\u003e\u003ccode\u003ee3b0105\u003c/code\u003e\u003c/a\u003e ✅♻️ Inline current STARTLS stripping test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/be32e712eb2ee90a0a2c78752bf19196582ed4d8\"\u003e\u003ccode\u003ebe32e71\u003c/code\u003e\u003c/a\u003e 📚 Improve documentation of RawData arguments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f\"\u003e\u003ccode\u003e47c7218\u003c/code\u003e\u003c/a\u003e 🐛 Validate RawData and wait to continue literals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974\"\u003e\u003ccode\u003e0ec4fd3\u003c/code\u003e\u003c/a\u003e 🥅 Validate \u003ccode\u003e#setquota\u003c/code\u003e storage limit argument\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/net-imap/compare/v0.6.3...v0.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.19.2 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.2...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SherfeyInv/devbox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SherfeyInv/devbox/pull/175","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Fdevbox/issues/175","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/175/packages"},{"uuid":"4364698277","node_id":"PR_kwDOB4ZGwM7XbtFU","number":306,"state":"open","title":"Bump the ruby-dependencies group with 29 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-01T13:48:42.000Z","updated_at":"2026-05-01T13:48:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"ruby-dependencies","update_count":29,"packages":[{"name":"sqlite3","old_version":"1.6.1","new_version":"2.9.3","repository_url":"https://github.com/sparklemotion/sqlite3-ruby"},{"name":"puma","old_version":"6.6.1","new_version":"8.0.1","repository_url":"https://github.com/puma/puma"},{"name":"turbo-rails","old_version":"1.4.0","new_version":"2.0.23","repository_url":"https://github.com/hotwired/turbo-rails"},{"name":"jbuilder","old_version":"2.11.5","new_version":"2.14.1","repository_url":"https://github.com/rails/jbuilder"},{"name":"config","old_version":"4.1.0","new_version":"5.6.1","repository_url":"https://github.com/rubyconfig/config"},{"name":"google-apis-analyticsdata_v1beta","old_version":"0.32.0","new_version":"0.40.0","repository_url":"https://github.com/googleapis/google-api-ruby-client"},{"name":"googleauth","old_version":"1.3.0","new_version":"1.16.2","repository_url":"https://github.com/googleapis/google-auth-library-ruby"},{"name":"aws-sdk-core","old_version":"3.243.0","new_version":"3.246.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"rspec-core","old_version":"3.12.1","new_version":"3.13.6","repository_url":"https://github.com/rspec/rspec"},{"name":"jquery-rails","old_version":"4.5.1","new_version":"4.6.1","repository_url":"https://github.com/rails/jquery-rails"},{"name":"aws-sdk-rails","old_version":"3.7.1","new_version":"5.1.0","repository_url":"https://github.com/aws/aws-sdk-rails"},{"name":"aws-sdk-s3","old_version":"1.216.0","new_version":"1.220.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"sprockets","old_version":"3.7.2","new_version":"4.2.2","repository_url":"https://github.com/rails/sprockets"},{"name":"rubyzip","old_version":"2.3.2","new_version":"3.2.2","repository_url":"https://github.com/rubyzip/rubyzip"},{"name":"ffi","old_version":"1.15.5","new_version":"1.17.4","repository_url":"https://github.com/ffi/ffi"},{"name":"nokogiri","old_version":"1.18.10","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.23","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"net-imap","old_version":"0.5.13","new_version":"0.6.4","repository_url":"https://github.com/ruby/net-imap"},{"name":"json","old_version":"2.19.3","new_version":"2.19.4","repository_url":"https://github.com/ruby/json"},{"name":"sentry-ruby","old_version":"5.28.1","new_version":"6.5.0","repository_url":"https://github.com/getsentry/sentry-ruby"},{"name":"sentry-rails","old_version":"5.28.1","new_version":"6.5.0","repository_url":"https://github.com/getsentry/sentry-ruby"},{"name":"pg","old_version":"1.4.6","new_version":"1.6.3","repository_url":"https://github.com/ged/ruby-pg"},{"name":"byebug","old_version":"11.1.3","new_version":"13.0.0","repository_url":"https://github.com/deivid-rodriguez/byebug"},{"name":"capybara","old_version":"3.38.0","new_version":"3.40.0","repository_url":"https://github.com/teamcapybara/capybara"},{"name":"selenium-webdriver","old_version":"4.8.1","new_version":"4.43.0","repository_url":"https://github.com/SeleniumHQ/selenium"},{"name":"rspec-rails","old_version":"6.0.1","new_version":"8.0.4","repository_url":"https://github.com/rspec/rspec-rails"},{"name":"web-console","old_version":"4.2.0","new_version":"4.2.1","repository_url":"https://github.com/rails/web-console"},{"name":"listen","old_version":"3.8.0","new_version":"3.10.0","repository_url":"https://github.com/guard/listen"},{"name":"spring","old_version":"4.1.1","new_version":"4.4.2","repository_url":"https://github.com/rails/spring"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the ruby-dependencies group with 29 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) | `1.6.1` | `2.9.3` |\n| [puma](https://github.com/puma/puma) | `6.6.1` | `8.0.1` |\n| [turbo-rails](https://github.com/hotwired/turbo-rails) | `1.4.0` | `2.0.23` |\n| [jbuilder](https://github.com/rails/jbuilder) | `2.11.5` | `2.14.1` |\n| [config](https://github.com/rubyconfig/config) | `4.1.0` | `5.6.1` |\n| [google-apis-analyticsdata_v1beta](https://github.com/googleapis/google-api-ruby-client) | `0.32.0` | `0.40.0` |\n| [googleauth](https://github.com/googleapis/google-auth-library-ruby) | `1.3.0` | `1.16.2` |\n| [aws-sdk-core](https://github.com/aws/aws-sdk-ruby) | `3.243.0` | `3.246.0` |\n| [rspec-core](https://github.com/rspec/rspec) | `3.12.1` | `3.13.6` |\n| [jquery-rails](https://github.com/rails/jquery-rails) | `4.5.1` | `4.6.1` |\n| [aws-sdk-rails](https://github.com/aws/aws-sdk-rails) | `3.7.1` | `5.1.0` |\n| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.216.0` | `1.220.0` |\n| [sprockets](https://github.com/rails/sprockets) | `3.7.2` | `4.2.2` |\n| [rubyzip](https://github.com/rubyzip/rubyzip) | `2.3.2` | `3.2.2` |\n| [ffi](https://github.com/ffi/ffi) | `1.15.5` | `1.17.4` |\n| [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.18.10` | `1.19.3` |\n| [rack](https://github.com/rack/rack) | `2.2.23` | `3.2.6` |\n| [net-imap](https://github.com/ruby/net-imap) | `0.5.13` | `0.6.4` |\n| [json](https://github.com/ruby/json) | `2.19.3` | `2.19.4` |\n| [sentry-ruby](https://github.com/getsentry/sentry-ruby) | `5.28.1` | `6.5.0` |\n| [sentry-rails](https://github.com/getsentry/sentry-ruby) | `5.28.1` | `6.5.0` |\n| [pg](https://github.com/ged/ruby-pg) | `1.4.6` | `1.6.3` |\n| [byebug](https://github.com/deivid-rodriguez/byebug) | `11.1.3` | `13.0.0` |\n| [capybara](https://github.com/teamcapybara/capybara) | `3.38.0` | `3.40.0` |\n| [selenium-webdriver](https://github.com/SeleniumHQ/selenium) | `4.8.1` | `4.43.0` |\n| [rspec-rails](https://github.com/rspec/rspec-rails) | `6.0.1` | `8.0.4` |\n| [web-console](https://github.com/rails/web-console) | `4.2.0` | `4.2.1` |\n| [listen](https://github.com/guard/listen) | `3.8.0` | `3.10.0` |\n| [spring](https://github.com/rails/spring) | `4.1.1` | `4.4.2` |\n\nUpdates `sqlite3` from 1.6.1 to 2.9.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/releases\"\u003esqlite3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.9.3 / 2026-04-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_53_0.html\"\u003ev3.53.0\u003c/a\u003e (from v3.51.3). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/696\"\u003e#696\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003eca6dd1cf6c037ccc8d3e5837190cc61ef15466092014951235641b5c4c8ab4ee  sqlite3-2.9.3-aarch64-linux-gnu.gem\r\nff017a36c463d02e9f0be7a6224521371128024e6a05ed16994afa5c037afbba  sqlite3-2.9.3-aarch64-linux-musl.gem\r\nfd8b74337a66bdaf746b97d65e6c9a2faff803c8f72d6b107fb880972815d072  sqlite3-2.9.3-arm-linux-gnu.gem\r\n792ae9a786bb37dbdc4c443c527bc91df423aac10e472f76d5cf5a9ac6d51980  sqlite3-2.9.3-arm-linux-musl.gem\r\n76b265d3d57362d3e38338f24f50a0c9cd47a4599c9cfbb578fac125d2299906  sqlite3-2.9.3-arm64-darwin.gem\r\n61edb2ce7a58e800478602e88b67e99f029b44747405c94c0cce7d165b0d0a96  sqlite3-2.9.3-x64-mingw-ucrt.gem\r\nceb2417f01563a2800836fbbc6d59aa0ca591882c99f6c50fdc0c8090da7a03b  sqlite3-2.9.3-x86-linux-gnu.gem\r\n1688e37da36a4513a1a1d6e9abb643f68723599abbe564cb1a1bf496c9ae8dca  sqlite3-2.9.3-x86-linux-musl.gem\r\n087e7cc4efc73d83e76354f028c4d1dc14552a05acc74f60e77a55f1bee6ef22  sqlite3-2.9.3-x86_64-darwin.gem\r\n85200a10c6cf5c60085fcca411a3168c5fba8fda3e2b1b0109ec277d7c226d46  sqlite3-2.9.3-x86_64-linux-gnu.gem\r\nb6d0437046d9180335dea1aa0592802e65c4f7b57409d63f14408211bf28536b  sqlite3-2.9.3-x86_64-linux-musl.gem\r\ne5ca871c87241bfdaf0e4a90d5177f4e4fe7af5f6951f88b4644339cc76e47ae  sqlite3-2.9.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003e2.9.2 / 2026-03-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_3.html\"\u003ev3.51.3\u003c/a\u003e (from v3.51.2). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/688\"\u003e#688\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003eeeb86db55645b85327ba75129e3614658d974bf4da8fdc87018a0d42c59f6e42  sqlite3-2.9.2-aarch64-linux-gnu.gem\r\n4feff91fb8c2b13688da34b5627c9d1ed9cedb3ee87a7114ec82209147f07a6d  sqlite3-2.9.2-aarch64-linux-musl.gem\r\n1ee2eb06b5301aaf5ce343a6e88d99ac932d95202d7b350f0e7b6d8d588580d7  sqlite3-2.9.2-arm-linux-gnu.gem\r\n8ca0de6aceede968de0394e22e95d549834c4d8e318f69a92a52f049878a0057  sqlite3-2.9.2-arm-linux-musl.gem\r\nd15bd9609a05f9d54930babe039585efc8cadd57517c15b64ec7dfa75158a5e9  sqlite3-2.9.2-arm64-darwin.gem\r\nb1b10d8c45a495b1e5b6338f7baa11297522bb9809b01e7e575090edd685953e  sqlite3-2.9.2-x64-mingw-ucrt.gem\r\n066bc904522f8a7072236a81237c03a4a1dfe070a25107e392de03d1e4ad0e6d  sqlite3-2.9.2-x86-linux-gnu.gem\r\n6503c76278f5e8629b12b6518ff43a9a4f6d9381de73f0b086c9fa1226db5ede  sqlite3-2.9.2-x86-linux-musl.gem\r\ned691b5021674d72582d03c5a38e89634b961902735fb6225273892805421d13  sqlite3-2.9.2-x86_64-darwin.gem\r\ndce83ffcb7e72f9f7aeb6e5404f15d277a45332fe18ccce8a8b3ed51e8d23aee  sqlite3-2.9.2-x86_64-linux-gnu.gem\r\ne8dd906a613f13b60f6d47ae9dda376384d9de1ab3f7e3f2fdf2fd18a871a2d7  sqlite3-2.9.2-x86_64-linux-musl.gem\r\n86814150714b6b06a328d083f46408e7a4a83b5f0a9673ed934ee3a1cb7a73b1  sqlite3-2.9.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003e2.9.1 / 2026-02-28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_2.html\"\u003ev3.51.2\u003c/a\u003e (from v3.51.1). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/683\"\u003e#683\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md\"\u003esqlite3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.9.3 / 2026-04-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_53_0.html\"\u003ev3.53.0\u003c/a\u003e (from v3.51.3). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/696\"\u003e#696\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.9.2 / 2026-03-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_3.html\"\u003ev3.51.3\u003c/a\u003e (from v3.51.2). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/688\"\u003e#688\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.9.1 / 2026-02-28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_2.html\"\u003ev3.51.2\u003c/a\u003e (from v3.51.1). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/683\"\u003e#683\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.9.0 / 2025-12-27\u003c/h2\u003e\n\u003ch3\u003eRuby\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem packages for Ruby 4.0. \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for Ruby 3.1. \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce \u003ccode\u003eStatement#named_params\u003c/code\u003e to introspect on a parameterized SQL statement. \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/627\"\u003e#627\u003c/a\u003e \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/642\"\u003e#642\u003c/a\u003e \u003ca href=\"https://github.com/captn3m0\"\u003e\u003ccode\u003e@​captn3m0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImproved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSmall improvements to docstrings and comments. \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/houyuanjie\"\u003e\u003ccode\u003e@​houyuanjie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.8.1 / 2025-11-29\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_1.html\"\u003ev3.51.1\u003c/a\u003e (from v3.51.0). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/659\"\u003e#659\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrecompiled native gems are built with rake-compiler-dock v1.10.0 (previously v1.9.1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.8.0 / 2025-11-05\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_0.html\"\u003ev3.51.0\u003c/a\u003e (from v3.50.4). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/652\"\u003e#652\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.7.4 / 2025-09-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_50_4.html\"\u003ev3.50.4\u003c/a\u003e (from v3.50.3). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/644\"\u003e#644\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.7.3 / 2025-07-18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://sqlite.org/releaselog/3_50_3.html\"\u003ev3.50.3\u003c/a\u003e (from v3.50.2). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/638\"\u003e#638\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/2e8172c0a7699902b8630433e988903edab10d18\"\u003e\u003ccode\u003e2e8172c\u003c/code\u003e\u003c/a\u003e version bump to v2.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/3dee3f2c737cbc48b68e3b4632287b13521a60ea\"\u003e\u003ccode\u003e3dee3f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/696\"\u003e#696\u003c/a\u003e from sparklemotion/dep-sqlite-3.53.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/6d1ae38f33c4528c0ac56951c052b90cdfad9c81\"\u003e\u003ccode\u003e6d1ae38\u003c/code\u003e\u003c/a\u003e build(deps): update vendored sqlite to 3.53.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/45611fd3f415338875407bcb0f67f6ae92bef65f\"\u003e\u003ccode\u003e45611fd\u003c/code\u003e\u003c/a\u003e build(deps): bump the actions group with 3 updates (\u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/c1724fc7f816b1fd13071000a25976c0e7f3cd95\"\u003e\u003ccode\u003ec1724fc\u003c/code\u003e\u003c/a\u003e build(deps): bump vmactions/freebsd-vm in the actions group (\u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/8a7709e34196d1e37b7180fcddb0e6021a60ec97\"\u003e\u003ccode\u003e8a7709e\u003c/code\u003e\u003c/a\u003e build(deps-dev): update minitest requirement from 6.0.2 to 6.0.3 (\u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/b7c076de9b9d6658b2f77af788a55144cda0db69\"\u003e\u003ccode\u003eb7c076d\u003c/code\u003e\u003c/a\u003e build(deps): bump the actions group with 3 updates (\u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/704beb8b35cf060268b2d6eb32bcb33297846622\"\u003e\u003ccode\u003e704beb8\u003c/code\u003e\u003c/a\u003e build(deps): bump the actions group with 2 updates (\u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/efc56aa1e407a7aa6a96caefecd2c900e1f39223\"\u003e\u003ccode\u003eefc56aa\u003c/code\u003e\u003c/a\u003e version bump to v2.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/8635618dca7edca3a804175610d0a81381e3554b\"\u003e\u003ccode\u003e8635618\u003c/code\u003e\u003c/a\u003e doc: new automated release process\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/compare/v1.6.1...v2.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `puma` from 6.6.1 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eprune_bundler\u003c/code\u003e stripping user-configured \u003ccode\u003eBUNDLE_*\u003c/code\u003e env vars (e.g. \u003ccode\u003eBUNDLE_WITHOUT\u003c/code\u003e) on re-exec, which caused workers to crash on boot (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3929\"\u003e#3929\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse blocks for debug logging to avoid creating log messages when debug is disabled (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3920\"\u003e#3920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect hook names in gRPC docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3923\"\u003e#3923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReword v8 upgrade guide IPv6 bullet for clarity (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3928\"\u003e#3928\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.0 - Into the Arena\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eRead our \u003ca href=\"https://github.com/puma/puma/blob/main/docs/8.0-Upgrade.md\"\u003eVersion 8 Upgrade Guide.\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.2.0 - On The Corner\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workers \u003ccode\u003e:auto\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3827\"\u003e#3827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake it possible to restrict control server commands to stats (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3787\"\u003e#3787\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDon't break if \u003ccode\u003eWEB_CONCURRENCY\u003c/code\u003e is set to a blank string (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3837\"\u003e#3837\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.1 / 2026-04-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eprune_bundler\u003c/code\u003e stripping user-configured \u003ccode\u003eBUNDLE_*\u003c/code\u003e env vars (e.g. \u003ccode\u003eBUNDLE_WITHOUT\u003c/code\u003e) on re-exec, which caused workers to crash on boot (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3929\"\u003e#3929\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse blocks for debug logging to avoid creating log messages when debug is disabled (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3920\"\u003e#3920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect hook names in gRPC docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3923\"\u003e#3923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReword v8 upgrade guide IPv6 bullet for clarity (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3928\"\u003e#3928\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.0 / 2026-03-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2.0 / 2026-01-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workers \u003ccode\u003e:auto\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3827\"\u003e#3827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake it possible to restrict control server commands to stats (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3787\"\u003e#3787\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDon't break if \u003ccode\u003eWEB_CONCURRENCY\u003c/code\u003e is set to a blank string (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3837\"\u003e#3837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't share server between worker 0 and descendants on refork (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3602\"\u003e#3602\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/cee7e613c0d6e072b1ae9993c6dec63cbf259ec3\"\u003e\u003ccode\u003ecee7e61\u003c/code\u003e\u003c/a\u003e Release v8.0.1 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3932\"\u003e#3932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/f955cafec47be2ac8c296a7ab278288737984243\"\u003e\u003ccode\u003ef955caf\u003c/code\u003e\u003c/a\u003e Fix prune_bundler stripping user-configured BUNDLE_* env vars on re-exec (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3929\"\u003e#3929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/97996aa025b9ad9ef5252af4a4b0f859cc3c0c23\"\u003e\u003ccode\u003e97996aa\u003c/code\u003e\u003c/a\u003e ci: test_error_logger.rb - fix TruffleRuby error (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3930\"\u003e#3930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/03825bc90fd04dc00dd63d1bf6bf72c224ccbed9\"\u003e\u003ccode\u003e03825bc\u003c/code\u003e\u003c/a\u003e Build(deps): Bump actions/github-script from 8 to 9 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3925\"\u003e#3925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/053efae42144c65cdc7110085512216647a68bdc\"\u003e\u003ccode\u003e053efae\u003c/code\u003e\u003c/a\u003e Reword v8 upgrade guide ipv6 bullet (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3928\"\u003e#3928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/b19f35ae64d23d4d870089f2b199b0213bac00cc\"\u003e\u003ccode\u003eb19f35a\u003c/code\u003e\u003c/a\u003e Fix incorrect hook names in gRPC docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3923\"\u003e#3923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/eeabe4bf4d887dc3fbac3f6bdbee1eadf807c9e9\"\u003e\u003ccode\u003eeeabe4b\u003c/code\u003e\u003c/a\u003e Use blocks for debug logging to avoid creating messages if debug disabled (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/08f63d495955eaee065d0ee18849f4ddcd52fe72\"\u003e\u003ccode\u003e08f63d4\u003c/code\u003e\u003c/a\u003e Release v8.0.0 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3914\"\u003e#3914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7406cc192480ce9d01c9a47e6f41fcb1548217a6\"\u003e\u003ccode\u003e7406cc1\u003c/code\u003e\u003c/a\u003e Fix IPv4-mapped IPv6 addresses in \u003ccode\u003eREMOTE_ADDR\u003c/code\u003e and request logs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3916\"\u003e#3916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/e090243320eb743a6c03f77f4ffa9e1a24c677b1\"\u003e\u003ccode\u003ee090243\u003c/code\u003e\u003c/a\u003e Build(deps): Bump actions/checkout from 4 to 6 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3915\"\u003e#3915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/puma/puma/compare/v6.6.1...v8.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `turbo-rails` from 1.4.0 to 2.0.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hotwired/turbo-rails/releases\"\u003eturbo-rails's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.23\u003c/h2\u003e\n\u003cp\u003eUpdates the bundled JS to freshen stale dependencies from the previous release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v2.0.22...v2.0.23\"\u003ehttps://github.com/hotwired/turbo-rails/compare/v2.0.22...v2.0.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdates the bundled JS to \u003ca href=\"https://github.com/hotwired/turbo/compare/v8.0.21...v8.0.22\"\u003ev8.0.22\u003c/a\u003e for renamed \u003ccode\u003esession.navigator\u003c/code\u003e to avoid clobbering \u003ccode\u003ewindow.navigator\u003c/code\u003e. See \u003ca href=\"https://redirect.github.com/hotwired/turbo/pull/1489\"\u003ehotwired/turbo#1489\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v2.0.21...v2.0.22\"\u003ehttps://github.com/hotwired/turbo-rails/compare/v2.0.21...v2.0.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003erails@8.1\u003c/code\u003e to the CI matrix by \u003ca href=\"https://github.com/seanpdoyle\"\u003e\u003ccode\u003e@​seanpdoyle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/758\"\u003ehotwired/turbo-rails#758\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse an immediate debouncer for tests by \u003ca href=\"https://github.com/djmb\"\u003e\u003ccode\u003e@​djmb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/761\"\u003ehotwired/turbo-rails#761\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude hidden elements for turbo-cable-stream-source selector by \u003ca href=\"https://github.com/excid3\"\u003e\u003ccode\u003e@​excid3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/740\"\u003ehotwired/turbo-rails#740\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CI for \u003ccode\u003eruby@3.2.x\u003c/code\u003e-\u003ccode\u003erails@7.2.x\u003c/code\u003e by \u003ca href=\"https://github.com/seanpdoyle\"\u003e\u003ccode\u003e@​seanpdoyle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/764\"\u003ehotwired/turbo-rails#764\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd turbo frame assertion test helpers by \u003ca href=\"https://github.com/excid3\"\u003e\u003ccode\u003e@​excid3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/742\"\u003ehotwired/turbo-rails#742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAcccept meta tag string arguments as well by \u003ca href=\"https://github.com/frenkel\"\u003e\u003ccode\u003e@​frenkel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/754\"\u003ehotwired/turbo-rails#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[fix \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/issues/762\"\u003e#762\u003c/a\u003e] Forward broadcast_refresh_to options by \u003ca href=\"https://github.com/OutlawAndy\"\u003e\u003ccode\u003e@​OutlawAndy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/763\"\u003ehotwired/turbo-rails#763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Model Class in Action and Frame helpers by \u003ca href=\"https://github.com/afrase\"\u003e\u003ccode\u003e@​afrase\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/597\"\u003ehotwired/turbo-rails#597\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove legacy workaround for Rails \u0026lt; 7 by \u003ca href=\"https://github.com/drjayvee\"\u003e\u003ccode\u003e@​drjayvee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/766\"\u003ehotwired/turbo-rails#766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix debouncer tests to wait on correct debouncer by \u003ca href=\"https://github.com/djmb\"\u003e\u003ccode\u003e@​djmb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/767\"\u003ehotwired/turbo-rails#767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestrict tests to \u003ccode\u003eminitest \u0026lt; 6\u003c/code\u003e by \u003ca href=\"https://github.com/seanpdoyle\"\u003e\u003ccode\u003e@​seanpdoyle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/774\"\u003ehotwired/turbo-rails#774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly return messages produced by block in \u003ccode\u003ecapture_turbo_stream_broadcasts\u003c/code\u003e by \u003ca href=\"https://github.com/Vivalldi\"\u003e\u003ccode\u003e@​Vivalldi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/736\"\u003ehotwired/turbo-rails#736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect broadcast suppressions on before/after actions by \u003ca href=\"https://github.com/stowersjoshua\"\u003e\u003ccode\u003e@​stowersjoshua\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/770\"\u003ehotwired/turbo-rails#770\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djmb\"\u003e\u003ccode\u003e@​djmb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/761\"\u003ehotwired/turbo-rails#761\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/frenkel\"\u003e\u003ccode\u003e@​frenkel\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/754\"\u003ehotwired/turbo-rails#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OutlawAndy\"\u003e\u003ccode\u003e@​OutlawAndy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/763\"\u003ehotwired/turbo-rails#763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/afrase\"\u003e\u003ccode\u003e@​afrase\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/597\"\u003ehotwired/turbo-rails#597\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drjayvee\"\u003e\u003ccode\u003e@​drjayvee\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/766\"\u003ehotwired/turbo-rails#766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Vivalldi\"\u003e\u003ccode\u003e@​Vivalldi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/736\"\u003ehotwired/turbo-rails#736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stowersjoshua\"\u003e\u003ccode\u003e@​stowersjoshua\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/770\"\u003ehotwired/turbo-rails#770\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v2.0.20...v2.0.21\"\u003ehttps://github.com/hotwired/turbo-rails/compare/v2.0.20...v2.0.21\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.20\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v2.0.19...v2.0.20\"\u003ehttps://github.com/hotwired/turbo-rails/compare/v2.0.19...v2.0.20\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.19\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v2.0.17...v2.0.19\"\u003ehttps://github.com/hotwired/turbo-rails/compare/v2.0.17...v2.0.19\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix typo in README.md by \u003ca href=\"https://github.com/brunocalmels\"\u003e\u003ccode\u003e@​brunocalmels\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/746\"\u003ehotwired/turbo-rails#746\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove compact call on locals in broadcast_rendering_with_defaults by \u003ca href=\"https://github.com/mathias234\"\u003e\u003ccode\u003e@​mathias234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/720\"\u003ehotwired/turbo-rails#720\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/435135b26a4b62e49d2f55bb4b1fd419e3bfb228\"\u003e\u003ccode\u003e435135b\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/22701f1fa326fc936b878c47b6f3d42ebef727ed\"\u003e\u003ccode\u003e22701f1\u003c/code\u003e\u003c/a\u003e \u003ccode\u003e@​hotwired/turbo-rails\u003c/code\u003e v8.0.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/27030b956b107e864258aff0c48c2ed7a36ef3fc\"\u003e\u003ccode\u003e27030b9\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/52cde052aa00c6f7b0ce8cd10d2fefdcbe1e3255\"\u003e\u003ccode\u003e52cde05\u003c/code\u003e\u003c/a\u003e \u003ccode\u003e@​hotwired/turbo-rails\u003c/code\u003e v8.0.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/e511fb28c464ea9f3b3ddec3c1250d2b2c4b5313\"\u003e\u003ccode\u003ee511fb2\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/99dc9c5445166f0335d0a2fc15da3e7969fc913a\"\u003e\u003ccode\u003e99dc9c5\u003c/code\u003e\u003c/a\u003e \u003ccode\u003e@​hotwired/turbo-rails\u003c/code\u003e v8.0.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/c2cd99fae9440aee6c1c836578c6dbf6067f7ee0\"\u003e\u003ccode\u003ec2cd99f\u003c/code\u003e\u003c/a\u003e v8.0.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/31c78af6c1d16070bbb25b68402a2c700a386c1a\"\u003e\u003ccode\u003e31c78af\u003c/code\u003e\u003c/a\u003e Respect broadcast suppressions on before/after actions (\u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/issues/770\"\u003e#770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/16f76133cbef0cfec65a3c8693d795670fb725ac\"\u003e\u003ccode\u003e16f7613\u003c/code\u003e\u003c/a\u003e Only return messages produced by block in \u003ccode\u003ecapture_turbo_stream_broadcasts\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/dda27a8b903a27958fd2e4086babcfbaba648a94\"\u003e\u003ccode\u003edda27a8\u003c/code\u003e\u003c/a\u003e Restrict tests to \u003ccode\u003eminitest\u0026lt;6\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v1.4.0...v2.0.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jbuilder` from 2.11.5 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/jbuilder/releases\"\u003ejbuilder's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure that \u003ccode\u003eJbuilder.encode\u003c/code\u003e properly forwards arguments to \u003ccode\u003e.new\u003c/code\u003e by \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/601\"\u003erails/jbuilder#601\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/601\"\u003erails/jbuilder#601\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rails/jbuilder/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/rails/jbuilder/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support to Ruby \u0026lt; 3.0 and Rails \u0026lt; 7.0\u003c/li\u003e\n\u003cli\u003eTest against Rails 8 and fix Rails 7 logger dependency by \u003ca href=\"https://github.com/excid3\"\u003e\u003ccode\u003e@​excid3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/582\"\u003erails/jbuilder#582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd status: :see_other to update action by \u003ca href=\"https://github.com/excid3\"\u003e\u003ccode\u003e@​excid3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/583\"\u003erails/jbuilder#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eForce close final statement in templates by \u003ca href=\"https://github.com/ienders\"\u003e\u003ccode\u003e@​ienders\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/578\"\u003erails/jbuilder#578\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize \u003ccode\u003e_is_collection?\u003c/code\u003e method by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/590\"\u003erails/jbuilder#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e#frozen_string_literal: true\u003c/code\u003e to all files by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/599\"\u003erails/jbuilder#599\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize \u003ccode\u003e_key\u003c/code\u003e to prevent string allocation when formatting \u003ccode\u003eSymbol\u003c/code\u003es by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/593\"\u003erails/jbuilder#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize key formatter by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/597\"\u003erails/jbuilder#597\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize internal \u003ccode\u003eextract!\u003c/code\u003e calls to save on memory allocation by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/598\"\u003erails/jbuilder#598\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix regression in API controllers with view_cache_dependencies helper by \u003ca href=\"https://github.com/excid3\"\u003e\u003ccode\u003e@​excid3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/575\"\u003erails/jbuilder#575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize \u003ccode\u003emethod_missing\u003c/code\u003e via \u003ccode\u003ealias_method\u003c/code\u003e by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/600\"\u003erails/jbuilder#600\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup project for Rails 7+ support by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/594\"\u003erails/jbuilder#594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix warnings and prevent Jbuilder::VERSION constant from being obliterated by \u003ca href=\"https://github.com/pixeltrix\"\u003e\u003ccode\u003e@​pixeltrix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/574\"\u003erails/jbuilder#574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize memory allocation when rendering partials by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/591\"\u003erails/jbuilder#591\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/richardvenneman\"\u003e\u003ccode\u003e@​richardvenneman\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/576\"\u003erails/jbuilder#576\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ienders\"\u003e\u003ccode\u003e@​ienders\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/578\"\u003erails/jbuilder#578\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/590\"\u003erails/jbuilder#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rails/jbuilder/compare/v2.13.0...v2.14.0\"\u003ehttps://github.com/rails/jbuilder/compare/v2.13.0...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRedirect to \u003ccode\u003e@record\u003c/code\u003e or path in controller generator by \u003ca href=\"https://github.com/jeromedalbert\"\u003e\u003ccode\u003e@​jeromedalbert\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/569\"\u003erails/jbuilder#569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn early from collection partial rendering if blank by \u003ca href=\"https://github.com/tylerjc\"\u003e\u003ccode\u003e@​tylerjc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/560\"\u003erails/jbuilder#560\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing ':see_other' status code in generated destroy controller method by \u003ca href=\"https://github.com/ldeld\"\u003e\u003ccode\u003e@​ldeld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/538\"\u003erails/jbuilder#538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove OpenStruct references from Jbuilder by \u003ca href=\"https://github.com/mtsmfm\"\u003e\u003ccode\u003e@​mtsmfm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/567\"\u003erails/jbuilder#567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse new \u003ccode\u003eparams.expect\u003c/code\u003e syntax instead of \u003ccode\u003eparams.require\u003c/code\u003e by \u003ca href=\"https://github.com/jeromedalbert\"\u003e\u003ccode\u003e@​jeromedalbert\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/573\"\u003erails/jbuilder#573\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jeromedalbert\"\u003e\u003ccode\u003e@​jeromedalbert\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/570\"\u003erails/jbuilder#570\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerjc\"\u003e\u003ccode\u003e@​tylerjc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/560\"\u003erails/jbuilder#560\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ldeld\"\u003e\u003ccode\u003e@​ldeld\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/538\"\u003erails/jbuilder#538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtsmfm\"\u003e\u003ccode\u003e@​mtsmfm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/567\"\u003erails/jbuilder#567\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rails/jbuilder/compare/v2.12.0...v2.13.0\"\u003ehttps://github.com/rails/jbuilder/compare/v2.12.0...v2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/38339adaa9d44ba89c0dde2a795338a886941e6f\"\u003e\u003ccode\u003e38339ad\u003c/code\u003e\u003c/a\u003e Prepare for 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/2400fd9ce631ec9689b535e9af6ad866781f8ef9\"\u003e\u003ccode\u003e2400fd9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/jbuilder/issues/601\"\u003e#601\u003c/a\u003e from flavorjones/flavorjones/fix-encode-arguments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/a6863b5d582b966fcfbef8686c829c950efd1f5c\"\u003e\u003ccode\u003ea6863b5\u003c/code\u003e\u003c/a\u003e Ensure that Jbuilder.encode properly forwards arguments to .new\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/30ba7df152aacdf20b6267a82b9d2b1f9e947636\"\u003e\u003ccode\u003e30ba7df\u003c/code\u003e\u003c/a\u003e Prepare for 2.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/5f4af71c859c6b234eef1682f81aac225534f048\"\u003e\u003ccode\u003e5f4af71\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/jbuilder/issues/591\"\u003e#591\u003c/a\u003e from moberegger/moberegger/optimize_options_merges\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/6fd6c0662f6507be951ba842857c663adb000f56\"\u003e\u003ccode\u003e6fd6c06\u003c/code\u003e\u003c/a\u003e Small _set_inline_partial optimization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/b7b5abb02d9bb2ed1fc584a08142838a05cafc08\"\u003e\u003ccode\u003eb7b5abb\u003c/code\u003e\u003c/a\u003e Stop mutating options in partial! method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/7e16adf446c9da701e1e5fdbe9c93f7f8095630d\"\u003e\u003ccode\u003e7e16adf\u003c/code\u003e\u003c/a\u003e Stop mutating options in set! method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/8474b41f666b13055b9368107c783cdae7903fb6\"\u003e\u003ccode\u003e8474b41\u003c/code\u003e\u003c/a\u003e Remove _partial micro-optimization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/9ffacf75a64f5f595bee3cfb28dcfe3307d8e2da\"\u003e\u003ccode\u003e9ffacf7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/jbuilder/issues/574\"\u003e#574\u003c/a\u003e from pixeltrix/fix-warnings-and-version-constant\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/jbuilder/compare/v2.11.5...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `config` from 4.1.0 to 5.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rubyconfig/config/releases\"\u003econfig's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.6.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(security): replace \u003ccode\u003eIO.read\u003c/code\u003e with \u003ccode\u003eFile.read\u003c/code\u003e by \u003ca href=\"https://github.com/pkuczynski\"\u003e\u003ccode\u003e@​pkuczynski\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/378\"\u003erubyconfig/config#378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rubyconfig/config/compare/5.6.0...5.6.1\"\u003ehttps://github.com/rubyconfig/config/compare/5.6.0...5.6.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: added extra sources in initializer by \u003ca href=\"https://github.com/Nuzair46\"\u003e\u003ccode\u003e@​Nuzair46\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/366\"\u003erubyconfig/config#366\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rubyconfig/config/compare/5.5.2...5.6.0\"\u003ehttps://github.com/rubyconfig/config/compare/5.5.2...5.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.5.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix warning: ostruct was loaded from the standard library by \u003ca href=\"https://github.com/taketo1113\"\u003e\u003ccode\u003e@​taketo1113\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/363\"\u003erubyconfig/config#363\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taketo1113\"\u003e\u003ccode\u003e@​taketo1113\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/363\"\u003erubyconfig/config#363\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rubyconfig/config/compare/5.5.0...5.5.2\"\u003ehttps://github.com/rubyconfig/config/compare/5.5.0...5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow arrays to be passed through env variables by \u003ca href=\"https://github.com/dominh\"\u003e\u003ccode\u003e@​dominh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/354\"\u003erubyconfig/config#354\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typos in the tests and documentation by \u003ca href=\"https://github.com/ydah\"\u003e\u003ccode\u003e@​ydah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/359\"\u003erubyconfig/config#359\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003efunding_url\u003c/code\u003e rather than \u003ccode\u003epost_install_message\u003c/code\u003e by \u003ca href=\"https://github.com/pda\"\u003e\u003ccode\u003e@​pda\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/360\"\u003erubyconfig/config#360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dominh\"\u003e\u003ccode\u003e@​dominh\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/354\"\u003erubyconfig/config#354\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ydah\"\u003e\u003ccode\u003e@​ydah\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/359\"\u003erubyconfig/config#359\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pda\"\u003e\u003ccode\u003e@​pda\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/360\"\u003erubyconfig/config#360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rubyconfig/config/compare/5.4.0...5.5.0\"\u003ehttps://github.com/rubyconfig/config/compare/5.4.0...5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.4.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd configuration option \u003ccode\u003eenvironment\u003c/code\u003e to override the use of \u003ccode\u003eRails.env\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/356\"\u003e#356\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003edry-validation\u003c/code\u003e from dependencies (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/333\"\u003e#333\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow to use custom filename \u0026amp;\u0026amp; directory name to store configs (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rubyconfig/config/blob/master/CHANGELOG.md\"\u003econfig's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(security): replace IO.read with File.read \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/378\"\u003e#378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eextra_sources\u003c/code\u003e in initializer (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/366\"\u003e#366\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix warning: ostruct was loaded from the standard library with Ruby 3.3.5 and 3.4+ (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/363\"\u003e#363\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.1\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix funding_url to funding_uri in gemspec (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow arrays to be passed through env variables (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/354\"\u003e#354\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse funding_url rather than post_install_message (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typos in the tests and documentation (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.4.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd configuration option \u003ccode\u003eenvironment\u003c/code\u003e to override the use of \u003ccode\u003eRails.env\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/356\"\u003e#356\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003edry-validation\u003c/code\u003e from dependencies (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/333\"\u003e#333\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow to use custom filename \u0026amp;\u0026amp; directory name to store configs (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent name collision with private methods from ancestors (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/351\"\u003e#351\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/8b6ffe6dcc91f52f06d5a1502333108d1c6033ca\"\u003e\u003ccode\u003e8b6ffe6\u003c/code\u003e\u003c/a\u003e release: 5.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/d639f9db7355195f1ea7d21ddae32f0c166759ae\"\u003e\u003ccode\u003ed639f9d\u003c/code\u003e\u003c/a\u003e ci: limit workflow permissions (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/379\"\u003e#379\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/e0bf18fab4feed4f5413c6528c198009b36fa536\"\u003e\u003ccode\u003ee0bf18f\u003c/code\u003e\u003c/a\u003e fix(security): replace \u003ccode\u003eIO.read\u003c/code\u003e with \u003ccode\u003eFile.read\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/378\"\u003e#378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/263e66a4a70c053f1181f8f65d666d22a6f60b64\"\u003e\u003ccode\u003e263e66a\u003c/code\u003e\u003c/a\u003e test: bump puma in rails 5.2 test app to fix security warning (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/377\"\u003e#377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/c833d1964b0e10ae71ccc780bc46766baeb7e22e\"\u003e\u003ccode\u003ec833d19\u003c/code\u003e\u003c/a\u003e release: 5.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/4dc0f3e6e945a6159f35630098f8de0311a6908a\"\u003e\u003ccode\u003e4dc0f3e\u003c/code\u003e\u003c/a\u003e ci: fix jruby rails \u0026gt;= 7.2 (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/376\"\u003e#376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/1f17cd8d6215cf38e702f58c0f701e813c7ce0ef\"\u003e\u003ccode\u003e1f17cd8\u003c/code\u003e\u003c/a\u003e feat: added extra sources in initializer (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/366\"\u003e#366\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/97b3e8cbf47f022a27ff4962c059b0fc139a1369\"\u003e\u003ccode\u003e97b3e8c\u003c/code\u003e\u003c/a\u003e ci: add rails 7.2 and 8.0 to the test matrix and bump some older dependencies...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/1b5581d23b47c81a233d61c28f0c6716d74d8f63\"\u003e\u003ccode\u003e1b5581d\u003c/code\u003e\u003c/a\u003e ci: add Ruby 3.4 to the test matrix (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/369\"\u003e#369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/a4c978f4a64975fd609780541b2b243883217e4f\"\u003e\u003ccode\u003ea4c978f\u003c/code\u003e\u003c/a\u003e ci: remove unnecessary ubuntu packages installation (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rubyconfig/config/compare/4.1.0...5.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-apis-analyticsdata_v1beta` from 0.32.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-api-ruby-client/blob/main/generated/google-apis-analyticsdata_v1beta/CHANGELOG.md\"\u003egoogle-apis-analyticsdata_v1beta's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.40.0 (2025-05-04)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated using generator version 0.17.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.39.0 (2024-11-24)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated from discovery document revision 20241117\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.38.0 (2024-09-01)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated from discovery document revision 20240825\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.37.0 (2024-08-04)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated from discovery document revision 20240731\u003c/li\u003e\n\u003cli\u003eRegenerated using generator version 0.15.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.36.0 (2024-05-19)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated from discovery document revision 20240512\u003c/li\u003e\n\u003cli\u003eRegenerated using generator version 0.15.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.35.0 (2024-02-24)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated using generator version 0.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.34.0 (2024-02-04)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated from discovery document revision 20240128\u003c/li\u003e\n\u003cli\u003eRegenerated using generator version 0.13.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.33.0 (2024-01-22)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated using generator version 0.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/googleapis/google-api-ruby-client/compare/0.32.0...0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleauth` from 1.3.0 to 1.16.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/releases\"\u003egoogleauth's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003egoogleauth: v1.16.2\u003c/h2\u003e\n\u003ch3\u003e1.16.2 (2026-02-26)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003einitialize the JWT credentials without JSON roundtrip (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereturn response body from revoke! for logging pipeline (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/562\"\u003e#562\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogleauth: v1.16.1\u003c/h2\u003e\n\u003ch3\u003e1.16.1 (2026-01-15)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003erestore support for JSON keys missing 'type' field (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogleauth: v1.16.0\u003c/h2\u003e\n\u003ch3\u003e1.16.0 (2025-11-21)\u003c/h3\u003e\n\u003ch4\u003eFeatures\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ADC support for impersonated credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/547\"\u003e#547\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eInclude security warning in ExternalAccount and ImpersonatedServiceAccount credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogleauth: v1.15.1\u003c/h2\u003e\n\u003ch3\u003e1.15.1 (2025-10-14)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate method make_creds in DefaultCredentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogleauth: v1.15.0\u003c/h2\u003e\n\u003ch3\u003e1.15.0 (2025-08-25)\u003c/h3\u003e\n\u003ch4\u003eFeatures\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eadd typed errors to authentication library (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/533\"\u003e#533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for JWT 3.x (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/542\"\u003e#542\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efix incorrect error and apply some code complexity refactoring (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport Pathname for cred loading (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/537\"\u003e#537\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDocumentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eadd summary documentation on credentials types and improve YARD comments\u003c/li\u003e\n\u003cli\u003eadd summary documentation on credentials types and improve YARD comments (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogleauth: v1.14.0\u003c/h2\u003e\n\u003ch3\u003e1.14.0 (2025-03-14)\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/blob/main/CHANGELOG.md\"\u003egoogleauth's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e1.16.2 (2026-02-26)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003einitialize the JWT credentials without JSON roundtrip (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereturn response body from revoke! for logging pipeline (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/562\"\u003e#562\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e1.16.1 (2026-01-15)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003erestore support for JSON keys missing 'type' field (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e1.16.0 (2025-11-21)\u003c/h3\u003e\n\u003ch4\u003eFeatures\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ADC support for impersonated credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/547\"\u003e#547\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eInclude security warning in ExternalAccount and ImpersonatedServiceAccount credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e1.15.1 (2025-10-14)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate method make_creds in DefaultCredentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e1.15.0 (2025-08-25)\u003c/h3\u003e\n\u003ch4\u003eFeatures\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eadd typed errors to authentication library (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/533\"\u003e#533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for JWT 3.x (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/542\"\u003e#542\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efix incorrect error and apply some code complexity refactoring (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport Pathname for cred loading (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/537\"\u003e#537\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDocumentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eadd summary documentation on credentials types and improve YARD comments\u003c/li\u003e\n\u003cli\u003eadd summary documentation on credentials types and improve YARD comments (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e1.14.0 (2025-03-14)\u003c/h3\u003e\n\u003ch4\u003eFeatures\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eadd API key credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/520\"\u003e#520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Bearer token credentials\u003c/li\u003e\n\u003cli\u003eadd BearerToken credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/522\"\u003e#522\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/1ef191b1342c19736ebe7a5640bfb86a7d989c68\"\u003e\u003ccode\u003e1ef191b\u003c/code\u003e\u003c/a\u003e chore(main): release googleauth 1.16.2 (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/565\"\u003e#565\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/fb5b7978d66b43465081a024aaf7ebc17354ed9d\"\u003e\u003ccode\u003efb5b797\u003c/code\u003e\u003c/a\u003e fix: return response body from revoke! for logging pipeline (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/562\"\u003e#562\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/b0ec7d8b1e7a722839a196cb7a56b9c6f43e8159\"\u003e\u003ccode\u003eb0ec7d8\u003c/code\u003e\u003c/a\u003e fix: initialize the JWT credentials without JSON roundtrip (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/5c4ab1cfc3517d5490633c878cb5136ca4da75e6\"\u003e\u003ccode\u003e5c4ab1c\u003c/code\u003e\u003c/a\u003e chore: replace old ruby teams with cloud-sdk-ruby-team (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/560\"\u003e#560\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/43ab9db5f237fb337cbd8d8db562f28cc2bfcff8\"\u003e\u003ccode\u003e43ab9db\u003c/code\u003e\u003c/a\u003e chore(main): release googleauth 1.16.1 (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/559\"\u003e#559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/d7193fc6364f099d8110271a65d474227573aa91\"\u003e\u003ccode\u003ed7193fc\u003c/code\u003e\u003c/a\u003e fix: restore support for JSON keys missing 'type' field (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/a59a1df96d4bf476d1fd96544b309ce4a6a70ec9\"\u003e\u003ccode\u003ea59a1df\u003c/code\u003e\u003c/a\u003e chore(main): release googleauth 1.16.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/317474db5f5889755f309704a9304d4fb86f06f6\"\u003e\u003ccode\u003e317474d\u003c/code\u003e\u003c/a\u003e fix: Include security warning in ExternalAccount and ImpersonatedServiceAccou...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/4c31b17f02d0f46c991418ab6f909383623d489c\"\u003e\u003ccode\u003e4c31b17\u003c/code\u003e\u003c/a\u003e feat: Add ADC support for impersonated credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/547\"\u003e#547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/1c6724ffd2e7a9c8bf171f9858bcd334d03df98b\"\u003e\u003ccode\u003e1c6724f\u003c/code\u003e\u003c/a\u003e chore(main): release googleauth 1.15.1 (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/compare/googleauth/v1.3.0...googleauth/v1.16.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-core` from 3.243.0 to 3.246.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-core/CHANGELOG.md\"\u003eaws-sdk-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.246.0 (2026-04-23)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updated configuration values for \u003ccode\u003edefaults_mode\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.245.0 (2026-04-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Updated Aws::STS::Client with the latest API changes.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - The STS client now supports configuring SigV4a through the auth scheme preference setting. SigV4a uses asymmetric cryptography, enabling customers using long-term IAM credentials to continue making STS API calls even when a region is isolated from the partition leader.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Explicitly set 0600 permissions on SSO/login cache files.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.244.0 (2026-03-18)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Support waiter error matcher to handle both boolean and boolean-string acceptors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rspec-core` from 3.12.1 to 3.13.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rspec/rspec/blob/rspec-core-v3.13.6/rspec-core/Changelog.md\"\u003erspec-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e3.13.6 / 2025-10-19\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec/compare/rspec-core-v3.13.4...rspec-core-v3.13.5\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug Fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit block parameter to \u003ccode\u003eRSpec::World::Null.traverse_example_group_trees_until\u003c/code\u003e to\nprevent warning. (\u003ca href=\"https://github.com/viralpraxis\"\u003e\u003ccode\u003e@​viralpraxis\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rspec/rspec/issues/240\"\u003erspec/rspec#240\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.5 / 2025-06-25\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec/compare/rspec-core-v3.13.4...rspec-core-v3.13.5\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug Fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix finding failed lines from frozen backtrace arrays. (Jon Rowe, \u003ca href=\"https://redirect.github.com/rspec/rspec/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.4 / 2025-05-27\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec/compare/rspec-core-v3.13.3...rspec-core-v3.13.4\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug Fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix links in gemspec to point to the monorepo / homepage.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.3 / 2025-02-06\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec/compare/rspec-core-v3.13.4...rspec-core-v3.13.3\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix reporter memorisation of \u003ccode\u003eExamplesNotification\u003c/code\u003e used in \u003ccode\u003eRSpec::Core::Reporter#finish\u003c/code\u003e\nby reusing an instance across notifcations. (Maxime Lapointe, \u003ca href=\"https://redirect.github.com/rspec/rspec/issues/172\"\u003erspec/rspec#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix memorisation of \u003ccode\u003eRSpec::Core::Example#location_rerun_argument\u003c/code\u003e.\n(Maxime Lapointe, \u003ca href=\"https://redirect.github.com/rspec/rspec/issues/173\"\u003erspec/rspec#173\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.2 / 2024-10-18\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec-core/compare/v3.13.1...v3.13.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eRSpec::Configuration#requires\u003c/code\u003e will reflect files already required, whilst requiring\nthem. (Jon Rowe, \u003ca href=\"https://redirect.github.com/rspec/rspec-core/issues/3117\"\u003erspec/rspec-core#3117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.1 / 2024-09-02\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec-core/compare/v3.13.0...v3.13.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSort ids to run as the original order to fix \u003ccode\u003e--bisect\u003c/code\u003e. (Maki Kawahara, \u003ca href=\"https://redirect.github.com/rspec/rspec-core/issues/3093\"\u003erspec/rspec-core#3093\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.0 / 2024-02-04\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec-core/compare/v3.12.3...v3.13.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rspec/rspec/commits/rspec-core-v3.13.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleauth` from 1.3.0 to 1.16.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/dpla/dashboard-analytics/pull/306","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpla%2Fdashboard-analytics/issues/306","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/306/packages"},{"uuid":"4341314422","node_id":"PR_kwDOAAXsEc7WPO-i","number":2039,"state":"open","title":"Bump rack from 3.2.4 to 3.2.6","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T07:21:11.000Z","updated_at":"2026-05-01T03:56:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"rack","old_version":"3.2.4","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [rack](https://github.com/rack/rack) from 3.2.4 to 3.2.6.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.5] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.4...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/openaustralia/planningalerts/pull/2039","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/openaustralia%2Fplanningalerts/issues/2039","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2039/packages"},{"uuid":"4323694450","node_id":"PR_kwDORfLItc7VXyIk","number":150,"state":"closed","title":"build(deps): bump the bundler-production-dependencies group across 1 directory with 72 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T00:36:04.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-24T14:47:13.000Z","updated_at":"2026-05-20T00:36:06.000Z","time_to_close":2195331,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"bundler-production-dependencies","update_count":72,"packages":[{"name":"puma","old_version":"7.2.0","new_version":"8.0.0","repository_url":"https://github.com/puma/puma"},{"name":"google-protobuf","old_version":"4.34.0","new_version":"4.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"opentelemetry-sdk","old_version":"1.10.0","new_version":"1.11.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-common","old_version":"0.23.0","new_version":"0.24.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-logs-sdk","old_version":"0.4.0","new_version":"0.5.1","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-metrics-sdk","old_version":"0.12.0","new_version":"0.13.1","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp","old_version":"0.31.1","new_version":"0.33.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-metrics","old_version":"0.6.1","new_version":"0.8.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-logs","old_version":"0.2.2","new_version":"0.4.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-instrumentation-all","old_version":"0.90.1","new_version":"0.92.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby-contrib"},{"name":"openfeature-sdk","old_version":"0.5.0","new_version":"0.6.5","repository_url":"https://github.com/open-feature/ruby-sdk"},{"name":"grpc","old_version":"1.78.1","new_version":"1.80.0","repository_url":"https://github.com/google/grpc"},{"name":"mustermann","old_version":"3.0.4","new_version":"3.1.1","repository_url":"https://github.com/sinatra/mustermann"},{"name":"net-imap","old_version":"0.6.3","new_version":"0.6.4","repository_url":"https://github.com/ruby/net-imap"},{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler-production-dependencies group with 16 updates in the /src/email directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [puma](https://github.com/puma/puma) | `7.2.0` | `8.0.0` |\n| [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.34.0` | `4.34.1` |\n| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `1.10.0` | `1.11.0` |\n| [opentelemetry-common](https://github.com/open-telemetry/opentelemetry-ruby) | `0.23.0` | `0.24.0` |\n| [opentelemetry-logs-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.4.0` | `0.5.1` |\n| [opentelemetry-metrics-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.12.0` | `0.13.1` |\n| [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-ruby) | `0.31.1` | `0.33.0` |\n| [opentelemetry-exporter-otlp-metrics](https://github.com/open-telemetry/opentelemetry-ruby) | `0.6.1` | `0.8.0` |\n| [opentelemetry-exporter-otlp-logs](https://github.com/open-telemetry/opentelemetry-ruby) | `0.2.2` | `0.4.0` |\n| [opentelemetry-instrumentation-all](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.90.1` | `0.92.0` |\n| [openfeature-sdk](https://github.com/open-feature/ruby-sdk) | `0.5.0` | `0.6.5` |\n| [grpc](https://github.com/google/grpc) | `1.78.1` | `1.80.0` |\n| [mustermann](https://github.com/sinatra/mustermann) | `3.0.4` | `3.1.1` |\n| [net-imap](https://github.com/ruby/net-imap) | `0.6.3` | `0.6.4` |\n| [rack](https://github.com/rack/rack) | `3.2.5` | `3.2.6` |\n| [rack-session](https://github.com/rack/rack-session) | `2.1.1` | `2.1.2` |\n\n\nUpdates `puma` from 7.2.0 to 8.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0 - Into the Arena\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eRead our \u003ca href=\"https://github.com/puma/puma/blob/main/docs/8.0-Upgrade.md\"\u003eVersion 8 Upgrade Guide.\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.0 / 2026-03-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/08f63d495955eaee065d0ee18849f4ddcd52fe72\"\u003e\u003ccode\u003e08f63d4\u003c/code\u003e\u003c/a\u003e Release v8.0.0 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3914\"\u003e#3914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7406cc192480ce9d01c9a47e6f41fcb1548217a6\"\u003e\u003ccode\u003e7406cc1\u003c/code\u003e\u003c/a\u003e Fix IPv4-mapped IPv6 addresses in \u003ccode\u003eREMOTE_ADDR\u003c/code\u003e and request logs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3916\"\u003e#3916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/e090243320eb743a6c03f77f4ffa9e1a24c677b1\"\u003e\u003ccode\u003ee090243\u003c/code\u003e\u003c/a\u003e Build(deps): Bump actions/checkout from 4 to 6 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3915\"\u003e#3915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7d5dca1a561a95c2a6b8742b52c81c73cd2b95ca\"\u003e\u003ccode\u003e7d5dca1\u003c/code\u003e\u003c/a\u003e Update SECURITY.md, native Github vuln reports [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3913\"\u003e#3913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/66e6a32de52d9beed43e1c598bda360f906ccbef\"\u003e\u003ccode\u003e66e6a32\u003c/code\u003e\u003c/a\u003e Minor correction to defaults documented in dsl.rb (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/3788eca453a64ffb05a67115d3e2a276bbaf21a3\"\u003e\u003ccode\u003e3788eca\u003c/code\u003e\u003c/a\u003e ci: limit rack-conform to main pushes and scope ragel PR runs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3908\"\u003e#3908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/57b7799201adf43cdf508f90c57b95e23f49bbcd\"\u003e\u003ccode\u003e57b7799\u003c/code\u003e\u003c/a\u003e ci: run turbo-rails only on latest stable Ruby and Rails (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3909\"\u003e#3909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/6685d6b8024c5480774b790808e4f0343e414fa5\"\u003e\u003ccode\u003e6685d6b\u003c/code\u003e\u003c/a\u003e ci: replace skip-duplicate jobs with concurrency and trigger filters (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3907\"\u003e#3907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/2848c823dfc9838033d6ce342fee917e81aeedc1\"\u003e\u003ccode\u003e2848c82\u003c/code\u003e\u003c/a\u003e ci: run push workflows only on main and release branches (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3906\"\u003e#3906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/97a37bb7c6a457f8846eb3ce307daadd4b38b4f8\"\u003e\u003ccode\u003e97a37bb\u003c/code\u003e\u003c/a\u003e Add release pre-merge checks and align Release.md [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3904\"\u003e#3904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/puma/puma/compare/v7.2.0...v8.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-protobuf` from 4.34.0 to 4.34.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-sdk` from 1.10.0 to 1.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-sdk 1.11.0\u003c/h2\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/sdk/CHANGELOG.md\"\u003eopentelemetry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/1933d4c18e5f5e45c53fa9e902e58aa91e85cc38\"\u003e\u003ccode\u003e1933d4c\u003c/code\u003e\u003c/a\u003e chore: add explicit logger dependency to api and sdk gems (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1951\"\u003e#1951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-sdk/v1.10.0...opentelemetry-sdk/v1.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-common` from 0.23.0 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-common 0.24.0\u003c/h2\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/common/CHANGELOG.md\"\u003eopentelemetry-common's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-common/v0.23.0...opentelemetry-common/v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-logs-sdk` from 0.4.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-logs-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-logs-sdk 0.5.1\u003c/h2\u003e\n\u003ch3\u003ev0.5.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the logs-sdk requires to support \u0026quot;require 'opentelemetry/sdk/logs'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-logs-sdk 0.5.0\u003c/h2\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/logs_sdk/CHANGELOG.md\"\u003eopentelemetry-logs-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.5.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the logs-sdk requires to support \u0026quot;require 'opentelemetry/sdk/logs'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/65863064ace194de643d55e9dc9ab38207e8170a\"\u003e\u003ccode\u003e6586306\u003c/code\u003e\u003c/a\u003e release: Release 2 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/ba74c81d83cdc06a01303040325f5b2982291bc1\"\u003e\u003ccode\u003eba74c81\u003c/code\u003e\u003c/a\u003e fix: Move the logs-sdk and metrics-sdk requires (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/c3cf68e8ac491457591c52ed69fedc3fe9190616\"\u003e\u003ccode\u003ec3cf68e\u003c/code\u003e\u003c/a\u003e chore: Skip flaky test on CI (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-logs-sdk/v0.4.0...opentelemetry-logs-sdk/v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-metrics-sdk` from 0.12.0 to 0.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-metrics-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-metrics-sdk 0.13.1\u003c/h2\u003e\n\u003ch3\u003ev0.13.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the metrics-sdk requires to support \u0026quot;require 'opentelemetry/sdk/metrics'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-metrics-sdk 0.13.0\u003c/h2\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/metrics_sdk/CHANGELOG.md\"\u003eopentelemetry-metrics-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.13.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the metrics-sdk requires to support \u0026quot;require 'opentelemetry/sdk/metrics'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/65863064ace194de643d55e9dc9ab38207e8170a\"\u003e\u003ccode\u003e6586306\u003c/code\u003e\u003c/a\u003e release: Release 2 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/aaf78f11ee3f63aabfc5826655c5999c66d0fc86\"\u003e\u003ccode\u003eaaf78f1\u003c/code\u003e\u003c/a\u003e chore(readme): clean up and docs for exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/ba74c81d83cdc06a01303040325f5b2982291bc1\"\u003e\u003ccode\u003eba74c81\u003c/code\u003e\u003c/a\u003e fix: Move the logs-sdk and metrics-sdk requires (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/60ffa1ecce42200d0d552d78a9d00a61eb703f29\"\u003e\u003ccode\u003e60ffa1e\u003c/code\u003e\u003c/a\u003e chore(readme): update metrics sdk readme (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2051\"\u003e#2051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-metrics-sdk/v0.12.0...opentelemetry-metrics-sdk/v0.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp` from 0.31.1 to 0.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.33.0\u003c/h2\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.32.0\u003c/h2\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp/v0.31.1...opentelemetry-exporter-otlp/v0.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-metrics` from 0.6.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-metrics's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.8.0\u003c/h2\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.7.0\u003c/h2\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-metrics/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-metrics's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-metrics/v0.6.1...opentelemetry-exporter-otlp-metrics/v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-logs` from 0.2.2 to 0.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-logs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.4.0\u003c/h2\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.3.0\u003c/h2\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-logs/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-logs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/86e979e6c607dab253ca8110566880afd5e192cf\"\u003e\u003ccode\u003e86e979e\u003c/code\u003e\u003c/a\u003e docs: fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-logs/v0.2.2...opentelemetry-exporter-otlp-logs/v0.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-instrumentation-all` from 0.90.1 to 0.92.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases\"\u003eopentelemetry-instrumentation-all's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.92.0\u003c/h2\u003e\n\u003ch2\u003ev0.92.0 / 2026-04-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBREAKING CHANGE: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add release tag into source code url of gem metadata (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/1984\"\u003e#1984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCHANGED: Update transitive dependencies for all instrumentation gems to new versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.91.0\u003c/h2\u003e\n\u003ch3\u003ev0.91.0 / 2026-03-17\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-anthropic to 0.4.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-dalli to 0.29.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-ethon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-excon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-faraday to 0.32.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-grape to 0.6.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-graphql to 0.31.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http_client to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-httpx to 0.7.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-net_http to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-racecar to 0.6.1\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rack to 0.30.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rails to 0.40.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-restclient to 0.27.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-sinatra to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-trilogy to 0.67.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/compare/opentelemetry-instrumentation-all/v0.90.1...opentelemetry-instrumentation-all/v0.92.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openfeature-sdk` from 0.5.0 to 0.6.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/releases\"\u003eopenfeature-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.3...v0.6.4\"\u003e0.6.4\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd OTel-compatible telemetry utility (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/240\"\u003e#240\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a03e524681a38c8762257049fae360fa15fcfba3\"\u003ea03e524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.2...v0.6.3\"\u003e0.6.3\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose spec compliance gaps for OpenFeature v0.8.0 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/237\"\u003e#237\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/9a87d04d5f261ea06e073f405c15613db7099d8a\"\u003e9a87d04\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eenable Gherkin feature tests (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/50\"\u003e#50\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/233\"\u003e#233\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/95845ba6ec26357d9c0895d310361e411f85da11\"\u003e95845ba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose remaining MUST-level spec compliance gaps (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/238\"\u003e#238\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/1d084911964c8672dd66b23834eec6f14e453749\"\u003e1d08491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.1...v0.6.2\"\u003e0.6.2\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd logging hook (spec Appendix A) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/229\"\u003e#229\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/2f681c910198d2bfa16389018f42ca9dc3270936\"\u003e2f681c9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd transaction context propagation (spec 3.3) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/230\"\u003e#230\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0aff30f77a0b680341cfd3d1f43e9d1f0ede1b75\"\u003e0aff30f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.0...v0.6.1\"\u003e0.6.1\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd flag metadata defaulting and immutability (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/221\"\u003e#221\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a300fc559293169f22eb1ce26f738cdee664cd26\"\u003ea300fc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd hook data per-hook mutable state (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/222\"\u003e#222\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/28518a0e08143d167b9d34c86e57a583fe5ee0de\"\u003e28518a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd InMemoryProvider context callbacks and event emission (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/224\"\u003e#224\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0a148f66abc815fc2ec9fd70027075125dbd504a\"\u003e0a148f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd shutdown API, provider status, and status short-circuit (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/223\"\u003e#223\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9c32ad1b467af25697423a542bc568597f39743\"\u003ef9c32ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement Tracking API (spec section 6) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/227\"\u003e#227\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/5576fce1c3bcf6e7510d8957c7e40e85c4b83b6f\"\u003e5576fce\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/blob/main/CHANGELOG.md\"\u003eopenfeature-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.3...v0.6.4\"\u003e0.6.4\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd OTel-compatible telemetry utility (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/240\"\u003e#240\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a03e524681a38c8762257049fae360fa15fcfba3\"\u003ea03e524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.2...v0.6.3\"\u003e0.6.3\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose spec compliance gaps for OpenFeature v0.8.0 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/237\"\u003e#237\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/9a87d04d5f261ea06e073f405c15613db7099d8a\"\u003e9a87d04\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eenable Gherkin feature tests (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/50\"\u003e#50\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/233\"\u003e#233\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/95845ba6ec26357d9c0895d310361e411f85da11\"\u003e95845ba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose remaining MUST-level spec compliance gaps (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/238\"\u003e#238\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/1d084911964c8672dd66b23834eec6f14e453749\"\u003e1d08491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.1...v0.6.2\"\u003e0.6.2\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd logging hook (spec Appendix A) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/229\"\u003e#229\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/2f681c910198d2bfa16389018f42ca9dc3270936\"\u003e2f681c9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd transaction context propagation (spec 3.3) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/230\"\u003e#230\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0aff30f77a0b680341cfd3d1f43e9d1f0ede1b75\"\u003e0aff30f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.0...v0.6.1\"\u003e0.6.1\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd flag metadata defaulting and immutability (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/221\"\u003e#221\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a300fc559293169f22eb1ce26f738cdee664cd26\"\u003ea300fc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd hook data per-hook mutable state (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/222\"\u003e#222\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/28518a0e08143d167b9d34c86e57a583fe5ee0de\"\u003e28518a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd InMemoryProvider context callbacks and event emission (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/224\"\u003e#224\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0a148f66abc815fc2ec9fd70027075125dbd504a\"\u003e0a148f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd shutdown API, provider status, and status short-circuit (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/223\"\u003e#223\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9c32ad1b467af25697423a542bc568597f39743\"\u003ef9c32ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement Tracking API (spec section 6) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/227\"\u003e#227\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/5576fce1c3bcf6e7510d8957c7e40e85c4b83b6f\"\u003e5576fce\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epopulate event details payload with error_code and message (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/225\"\u003e#225\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a185003dc09a69b2dda1fe569d1f82c45979cdad\"\u003ea185003\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.5.1...v0.6.0\"\u003e0.6.0\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/fa8026fb4edb1541e3eeb382709da2f389f68e6a\"\u003e\u003ccode\u003efa8026f\u003c/code\u003e\u003c/a\u003e chore(main): release 0.6.5 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/602d9723f56ed04c56834d0e185c4f0ab1c71f38\"\u003e\u003ccode\u003e602d972\u003c/code\u003e\u003c/a\u003e chore(deps): update codecov/codecov-action action to v5.5.3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e\u003ccode\u003e506e999\u003c/code\u003e\u003c/a\u003e feat: add RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/3f339dc391d35e2509b85e40be22a6d5a35b399d\"\u003e\u003ccode\u003e3f339dc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v4.0.2 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/250\"\u003e#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/c9472a40cc09620be9ffed546abbf34967d3207c\"\u003e\u003ccode\u003ec9472a4\u003c/code\u003e\u003c/a\u003e ci: add Claude Code GitHub Action (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/998c06c4220f854d5f5c7b8d1d1f738fde29d359\"\u003e\u003ccode\u003e998c06c\u003c/code\u003e\u003c/a\u003e chore(deps): update marocchino/sticky-pull-request-comment action to v3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a86856b9b5cbd4bb41de4824fe3f6ff00791cfec\"\u003e\u003ccode\u003ea86856b\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v3.4.9 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/cfdf4789d2a2105c7d38f69255d85afe820d0a3f\"\u003e\u003ccode\u003ecfdf478\u003c/code\u003e\u003c/a\u003e chore: remove known providers table from README (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9d5cfa014ed72ad6a33f67ed2a73651acbf58a5\"\u003e\u003ccode\u003ef9d5cfa\u003c/code\u003e\u003c/a\u003e chore: remove Claude plans and prevent future commits (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a10e3baf916331f902b9f525f62797fd0136f9c7\"\u003e\u003ccode\u003ea10e3ba\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rspec to \u0026quot;~\u0026gt; 3.13.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.5.0...v0.6.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bigdecimal` from 4.0.1 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/releases\"\u003ebigdecimal's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize BigDecimal#to_s by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/519\"\u003eruby/bigdecimal#519\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix calloc-transposed-args warning by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/520\"\u003eruby/bigdecimal#520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse '0'+n for converting single digit to char by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/521\"\u003eruby/bigdecimal#521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Add a workaround for slow BigDecimal#to_f when it has large N_significant_digits\u0026quot; by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/522\"\u003eruby/bigdecimal#522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBigMath.exp overflow/underflow check by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/523\"\u003eruby/bigdecimal#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unary minus on unsigned type warning by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/525\"\u003eruby/bigdecimal#525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dtoa to version from Ruby 4.0 by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/528\"\u003eruby/bigdecimal#528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to v4.1.2 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/529\"\u003eruby/bigdecimal#529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/528\"\u003eruby/bigdecimal#528\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/bigdecimal/compare/v4.1.1...v4.1.2\"\u003ehttps://github.com/ruby/bigdecimal/compare/v4.1.1...v4.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003etest\u003c/code\u003e as the default rake task by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd changelog for 4.1.0. by \u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake BigDecimal object embedded by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/507\"\u003eruby/bigdecimal#507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused minitest from Gemfile by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/510\"\u003eruby/bigdecimal#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiplication with 8-decdig batch by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/501\"\u003eruby/bigdecimal#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease VpMult batch size by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/511\"\u003eruby/bigdecimal#511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to cover change in Bundler by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etiny grammar fix in README.md by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/513\"\u003eruby/bigdecimal#513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workaround for slow BigDecimal#to_f when it has large N_significant_digits by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/514\"\u003eruby/bigdecimal#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to v4.1.1 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/516\"\u003eruby/bigdecimal#516\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove ENABLE_NUMERIC_STRING flag by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/479\"\u003eruby/bigdecimal#479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSample code without deprecated modules by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/480\"\u003eruby/bigdecimal#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of add/sub when exponent of two bigdecimals have huge difference by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/478\"\u003eruby/bigdecimal#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange frozen_string_literal from false to true by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/481\"\u003eruby/bigdecimal#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNTT multiplication and Newton-Raphson division by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/407\"\u003eruby/bigdecimal#407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement BigMath::PI with Gauss-Legendre algorithm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/434\"\u003eruby/bigdecimal#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/blob/master/CHANGES.md\"\u003ebigdecimal's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix dtoa Ractor-safety bug. Update dtoa to version from Ruby 4.0 \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/528\"\u003eGH-528\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOptimize BigDecimal#to_s \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/519\"\u003eGH-519\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMake BigDecimal object embedded \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/507\"\u003eGH-507\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMultiplication with 16-decdig batch \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/501\"\u003eGH-501\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/511\"\u003eGH-511\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Ruby 2.5 support \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/505\"\u003eGH-505\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance improvements: NTT multiplication, Newton-Raphson division, bit-burst algorithm for exp/sin, Gauss-Legendre for PI, improved log, and faster add/sub for large exponent differences \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/407\"\u003eGH-407\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/433\"\u003eGH-433\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/434\"\u003eGH-434\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/478\"\u003eGH-478\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/484\"\u003eGH-484\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove ENABLE_NUMERIC_STRING flag \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/479\"\u003eGH-479\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd RBS signature and testing \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/488\"\u003eGH-488\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/492\"\u003eGH-492\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix erfc(x,prec) precision when x is huge \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/502\"\u003eGH-502\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix error compiling with ruby.wasm \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/504\"\u003eGH-504\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/9160561c149c370784c793ea6aaa62f8f326280d\"\u003e\u003ccode\u003e9160561\u003c/code\u003e\u003c/a\u003e Bump version to v4.1.2 (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/8050ec79c046665dff237bcd8f85d8ec830a9cc4\"\u003e\u003ccode\u003e8050ec7\u003c/code\u003e\u003c/a\u003e Update dtoa to version from Ruby 4.0 (\u003ca href=\"https://redirect.github.com...\n\n_Description has been truncated_","html_url":"https://github.com/owjoel/is469/pull/150","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/owjoel%2Fis469/issues/150","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/150/packages"},{"uuid":"4316652304","node_id":"PR_kwDOQ3MpKM7VArMr","number":160,"state":"closed","title":"Bump rack from 3.2.5 to 3.2.6","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-27T06:56:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-23T14:20:22.000Z","updated_at":"2026-04-27T06:56:25.000Z","time_to_close":318961,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [rack](https://github.com/rack/rack) from 3.2.5 to 3.2.6.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack\u0026package-manager=bundler\u0026previous-version=3.2.5\u0026new-version=3.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/poposann0746/kebab-tokyo/pull/160","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/poposann0746%2Fkebab-tokyo/issues/160","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/160/packages"},{"uuid":"4292283068","node_id":"PR_kwDOJK-Qg87Txwig","number":991,"state":"open","title":"Bump rack from 2.2.9 to 2.2.23","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-19T23:12:57.000Z","updated_at":"2026-04-19T23:12:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"rack","old_version":"2.2.9","new_version":"2.2.23","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [rack](https://github.com/rack/rack) from 2.2.9 to 2.2.23.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.9...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack\u0026package-manager=bundler\u0026previous-version=2.2.9\u0026new-version=2.2.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/assirims/test_gems/pull/991","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/assirims%2Ftest_gems/issues/991","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/991/packages"},{"uuid":"4272370124","node_id":"PR_kwDORxQaNc7Sz6By","number":72,"state":"closed","title":"build(deps): bump the bundler-production-dependencies group across 1 directory with 70 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-23T23:37:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-15T23:46:13.000Z","updated_at":"2026-04-23T23:37:59.000Z","time_to_close":690704,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"bundler-production-dependencies","update_count":70,"packages":[{"name":"puma","old_version":"7.2.0","new_version":"8.0.0","repository_url":"https://github.com/puma/puma"},{"name":"google-protobuf","old_version":"4.34.0","new_version":"4.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"opentelemetry-sdk","old_version":"1.10.0","new_version":"1.11.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-common","old_version":"0.23.0","new_version":"0.24.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-logs-sdk","old_version":"0.4.0","new_version":"0.5.1","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-metrics-sdk","old_version":"0.12.0","new_version":"0.13.1","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp","old_version":"0.31.1","new_version":"0.33.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-metrics","old_version":"0.6.1","new_version":"0.8.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-logs","old_version":"0.2.2","new_version":"0.4.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-instrumentation-all","old_version":"0.90.1","new_version":"0.92.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby-contrib"},{"name":"openfeature-sdk","old_version":"0.6.4","new_version":"0.6.5","repository_url":"https://github.com/open-feature/ruby-sdk"},{"name":"grpc","old_version":"1.78.1","new_version":"1.80.0","repository_url":"https://github.com/google/grpc"},{"name":"mustermann","old_version":"3.0.4","new_version":"3.1.0","repository_url":"https://github.com/sinatra/mustermann"},{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler-production-dependencies group with 15 updates in the /src/email directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [puma](https://github.com/puma/puma) | `7.2.0` | `8.0.0` |\n| [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.34.0` | `4.34.1` |\n| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `1.10.0` | `1.11.0` |\n| [opentelemetry-common](https://github.com/open-telemetry/opentelemetry-ruby) | `0.23.0` | `0.24.0` |\n| [opentelemetry-logs-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.4.0` | `0.5.1` |\n| [opentelemetry-metrics-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.12.0` | `0.13.1` |\n| [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-ruby) | `0.31.1` | `0.33.0` |\n| [opentelemetry-exporter-otlp-metrics](https://github.com/open-telemetry/opentelemetry-ruby) | `0.6.1` | `0.8.0` |\n| [opentelemetry-exporter-otlp-logs](https://github.com/open-telemetry/opentelemetry-ruby) | `0.2.2` | `0.4.0` |\n| [opentelemetry-instrumentation-all](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.90.1` | `0.92.0` |\n| [openfeature-sdk](https://github.com/open-feature/ruby-sdk) | `0.6.4` | `0.6.5` |\n| [grpc](https://github.com/google/grpc) | `1.78.1` | `1.80.0` |\n| [mustermann](https://github.com/sinatra/mustermann) | `3.0.4` | `3.1.0` |\n| [rack](https://github.com/rack/rack) | `3.2.5` | `3.2.6` |\n| [rack-session](https://github.com/rack/rack-session) | `2.1.1` | `2.1.2` |\n\n\nUpdates `puma` from 7.2.0 to 8.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0 - Into the Arena\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eRead our \u003ca href=\"https://github.com/puma/puma/blob/main/docs/8.0-Upgrade.md\"\u003eVersion 8 Upgrade Guide.\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.0 / 2026-03-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/08f63d495955eaee065d0ee18849f4ddcd52fe72\"\u003e\u003ccode\u003e08f63d4\u003c/code\u003e\u003c/a\u003e Release v8.0.0 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3914\"\u003e#3914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7406cc192480ce9d01c9a47e6f41fcb1548217a6\"\u003e\u003ccode\u003e7406cc1\u003c/code\u003e\u003c/a\u003e Fix IPv4-mapped IPv6 addresses in \u003ccode\u003eREMOTE_ADDR\u003c/code\u003e and request logs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3916\"\u003e#3916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/e090243320eb743a6c03f77f4ffa9e1a24c677b1\"\u003e\u003ccode\u003ee090243\u003c/code\u003e\u003c/a\u003e Build(deps): Bump actions/checkout from 4 to 6 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3915\"\u003e#3915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7d5dca1a561a95c2a6b8742b52c81c73cd2b95ca\"\u003e\u003ccode\u003e7d5dca1\u003c/code\u003e\u003c/a\u003e Update SECURITY.md, native Github vuln reports [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3913\"\u003e#3913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/66e6a32de52d9beed43e1c598bda360f906ccbef\"\u003e\u003ccode\u003e66e6a32\u003c/code\u003e\u003c/a\u003e Minor correction to defaults documented in dsl.rb (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/3788eca453a64ffb05a67115d3e2a276bbaf21a3\"\u003e\u003ccode\u003e3788eca\u003c/code\u003e\u003c/a\u003e ci: limit rack-conform to main pushes and scope ragel PR runs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3908\"\u003e#3908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/57b7799201adf43cdf508f90c57b95e23f49bbcd\"\u003e\u003ccode\u003e57b7799\u003c/code\u003e\u003c/a\u003e ci: run turbo-rails only on latest stable Ruby and Rails (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3909\"\u003e#3909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/6685d6b8024c5480774b790808e4f0343e414fa5\"\u003e\u003ccode\u003e6685d6b\u003c/code\u003e\u003c/a\u003e ci: replace skip-duplicate jobs with concurrency and trigger filters (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3907\"\u003e#3907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/2848c823dfc9838033d6ce342fee917e81aeedc1\"\u003e\u003ccode\u003e2848c82\u003c/code\u003e\u003c/a\u003e ci: run push workflows only on main and release branches (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3906\"\u003e#3906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/97a37bb7c6a457f8846eb3ce307daadd4b38b4f8\"\u003e\u003ccode\u003e97a37bb\u003c/code\u003e\u003c/a\u003e Add release pre-merge checks and align Release.md [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3904\"\u003e#3904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/puma/puma/compare/v7.2.0...v8.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-protobuf` from 4.34.0 to 4.34.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-sdk` from 1.10.0 to 1.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-sdk 1.11.0\u003c/h2\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/sdk/CHANGELOG.md\"\u003eopentelemetry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/1933d4c18e5f5e45c53fa9e902e58aa91e85cc38\"\u003e\u003ccode\u003e1933d4c\u003c/code\u003e\u003c/a\u003e chore: add explicit logger dependency to api and sdk gems (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1951\"\u003e#1951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-sdk/v1.10.0...opentelemetry-sdk/v1.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-common` from 0.23.0 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-common 0.24.0\u003c/h2\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/common/CHANGELOG.md\"\u003eopentelemetry-common's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-common/v0.23.0...opentelemetry-common/v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-logs-sdk` from 0.4.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-logs-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-logs-sdk 0.5.1\u003c/h2\u003e\n\u003ch3\u003ev0.5.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the logs-sdk requires to support \u0026quot;require 'opentelemetry/sdk/logs'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-logs-sdk 0.5.0\u003c/h2\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/logs_sdk/CHANGELOG.md\"\u003eopentelemetry-logs-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.5.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the logs-sdk requires to support \u0026quot;require 'opentelemetry/sdk/logs'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/65863064ace194de643d55e9dc9ab38207e8170a\"\u003e\u003ccode\u003e6586306\u003c/code\u003e\u003c/a\u003e release: Release 2 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/ba74c81d83cdc06a01303040325f5b2982291bc1\"\u003e\u003ccode\u003eba74c81\u003c/code\u003e\u003c/a\u003e fix: Move the logs-sdk and metrics-sdk requires (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/c3cf68e8ac491457591c52ed69fedc3fe9190616\"\u003e\u003ccode\u003ec3cf68e\u003c/code\u003e\u003c/a\u003e chore: Skip flaky test on CI (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-logs-sdk/v0.4.0...opentelemetry-logs-sdk/v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-metrics-sdk` from 0.12.0 to 0.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-metrics-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-metrics-sdk 0.13.1\u003c/h2\u003e\n\u003ch3\u003ev0.13.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the metrics-sdk requires to support \u0026quot;require 'opentelemetry/sdk/metrics'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-metrics-sdk 0.13.0\u003c/h2\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/metrics_sdk/CHANGELOG.md\"\u003eopentelemetry-metrics-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.13.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the metrics-sdk requires to support \u0026quot;require 'opentelemetry/sdk/metrics'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/65863064ace194de643d55e9dc9ab38207e8170a\"\u003e\u003ccode\u003e6586306\u003c/code\u003e\u003c/a\u003e release: Release 2 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/aaf78f11ee3f63aabfc5826655c5999c66d0fc86\"\u003e\u003ccode\u003eaaf78f1\u003c/code\u003e\u003c/a\u003e chore(readme): clean up and docs for exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/ba74c81d83cdc06a01303040325f5b2982291bc1\"\u003e\u003ccode\u003eba74c81\u003c/code\u003e\u003c/a\u003e fix: Move the logs-sdk and metrics-sdk requires (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/60ffa1ecce42200d0d552d78a9d00a61eb703f29\"\u003e\u003ccode\u003e60ffa1e\u003c/code\u003e\u003c/a\u003e chore(readme): update metrics sdk readme (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2051\"\u003e#2051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-metrics-sdk/v0.12.0...opentelemetry-metrics-sdk/v0.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp` from 0.31.1 to 0.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.33.0\u003c/h2\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.32.0\u003c/h2\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp/v0.31.1...opentelemetry-exporter-otlp/v0.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-metrics` from 0.6.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-metrics's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.8.0\u003c/h2\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.7.0\u003c/h2\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-metrics/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-metrics's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-metrics/v0.6.1...opentelemetry-exporter-otlp-metrics/v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-logs` from 0.2.2 to 0.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-logs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.4.0\u003c/h2\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.3.0\u003c/h2\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-logs/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-logs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/86e979e6c607dab253ca8110566880afd5e192cf\"\u003e\u003ccode\u003e86e979e\u003c/code\u003e\u003c/a\u003e docs: fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-logs/v0.2.2...opentelemetry-exporter-otlp-logs/v0.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-instrumentation-all` from 0.90.1 to 0.92.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases\"\u003eopentelemetry-instrumentation-all's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.92.0\u003c/h2\u003e\n\u003ch2\u003ev0.92.0 / 2026-04-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBREAKING CHANGE: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add release tag into source code url of gem metadata (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/1984\"\u003e#1984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCHANGED: Update transitive dependencies for all instrumentation gems to new versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.91.0\u003c/h2\u003e\n\u003ch3\u003ev0.91.0 / 2026-03-17\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-anthropic to 0.4.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-dalli to 0.29.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-ethon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-excon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-faraday to 0.32.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-grape to 0.6.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-graphql to 0.31.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http_client to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-httpx to 0.7.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-net_http to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-racecar to 0.6.1\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rack to 0.30.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rails to 0.40.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-restclient to 0.27.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-sinatra to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-trilogy to 0.67.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/compare/opentelemetry-instrumentation-all/v0.90.1...opentelemetry-instrumentation-all/v0.92.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openfeature-sdk` from 0.6.4 to 0.6.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/releases\"\u003eopenfeature-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/blob/main/CHANGELOG.md\"\u003eopenfeature-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/fa8026fb4edb1541e3eeb382709da2f389f68e6a\"\u003e\u003ccode\u003efa8026f\u003c/code\u003e\u003c/a\u003e chore(main): release 0.6.5 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/602d9723f56ed04c56834d0e185c4f0ab1c71f38\"\u003e\u003ccode\u003e602d972\u003c/code\u003e\u003c/a\u003e chore(deps): update codecov/codecov-action action to v5.5.3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e\u003ccode\u003e506e999\u003c/code\u003e\u003c/a\u003e feat: add RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/3f339dc391d35e2509b85e40be22a6d5a35b399d\"\u003e\u003ccode\u003e3f339dc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v4.0.2 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/250\"\u003e#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/c9472a40cc09620be9ffed546abbf34967d3207c\"\u003e\u003ccode\u003ec9472a4\u003c/code\u003e\u003c/a\u003e ci: add Claude Code GitHub Action (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/998c06c4220f854d5f5c7b8d1d1f738fde29d359\"\u003e\u003ccode\u003e998c06c\u003c/code\u003e\u003c/a\u003e chore(deps): update marocchino/sticky-pull-request-comment action to v3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a86856b9b5cbd4bb41de4824fe3f6ff00791cfec\"\u003e\u003ccode\u003ea86856b\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v3.4.9 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/cfdf4789d2a2105c7d38f69255d85afe820d0a3f\"\u003e\u003ccode\u003ecfdf478\u003c/code\u003e\u003c/a\u003e chore: remove known providers table from README (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9d5cfa014ed72ad6a33f67ed2a73651acbf58a5\"\u003e\u003ccode\u003ef9d5cfa\u003c/code\u003e\u003c/a\u003e chore: remove Claude plans and prevent future commits (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a10e3baf916331f902b9f525f62797fd0136f9c7\"\u003e\u003ccode\u003ea10e3ba\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rspec to \u0026quot;~\u0026gt; 3.13.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bigdecimal` from 4.0.1 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/releases\"\u003ebigdecimal's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003etest\u003c/code\u003e as the default rake task by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd changelog for 4.1.0. by \u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake BigDecimal object embedded by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/507\"\u003eruby/bigdecimal#507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused minitest from Gemfile by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/510\"\u003eruby/bigdecimal#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiplication with 8-decdig batch by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/501\"\u003eruby/bigdecimal#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease VpMult batch size by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/511\"\u003eruby/bigdecimal#511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to cover change in Bundler by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etiny grammar fix in README.md by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/513\"\u003eruby/bigdecimal#513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workaround for slow BigDecimal#to_f when it has large N_significant_digits by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/514\"\u003eruby/bigdecimal#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to v4.1.1 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/516\"\u003eruby/bigdecimal#516\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove ENABLE_NUMERIC_STRING flag by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/479\"\u003eruby/bigdecimal#479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSample code without deprecated modules by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/480\"\u003eruby/bigdecimal#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of add/sub when exponent of two bigdecimals have huge difference by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/478\"\u003eruby/bigdecimal#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange frozen_string_literal from false to true by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/481\"\u003eruby/bigdecimal#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNTT multiplication and Newton-Raphson division by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/407\"\u003eruby/bigdecimal#407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement BigMath::PI with Gauss-Legendre algorithm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/434\"\u003eruby/bigdecimal#434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove taylor series calculation of exp and sin by bit burst algorithm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/433\"\u003eruby/bigdecimal#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove calculating log(10) in BigMath.log for large/small x by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/484\"\u003eruby/bigdecimal#484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing call-seq by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/485\"\u003eruby/bigdecimal#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSplit internal extra calculation prec and BigDecimal.double_fig usage by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/486\"\u003eruby/bigdecimal#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RBS signature and testing by \u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/488\"\u003eruby/bigdecimal#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing sig file by \u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/492\"\u003eruby/bigdecimal#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify butterfly operation of Number Theoretic Transform by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/496\"\u003eruby/bigdecimal#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAssume always have uint64_t by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/497\"\u003eruby/bigdecimal#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse bit_length to calculate NTT bit size by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/498\"\u003eruby/bigdecimal#498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate depend files, etc by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/499\"\u003eruby/bigdecimal#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix erfc(x,prec) precision when x is huge by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/502\"\u003eruby/bigdecimal#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease BigMath converge test precisions by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/503\"\u003eruby/bigdecimal#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix error compiling with ruby.wasm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/504\"\u003eruby/bigdecimal#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to 4.1.0 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/505\"\u003eruby/bigdecimal#505\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/488\"\u003eruby/bigdecimal#488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/blob/master/CHANGES.md\"\u003ebigdecimal's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMake BigDecimal object embedded \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/507\"\u003eGH-507\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMultiplication with 16-decdig batch \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/501\"\u003eGH-501\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/511\"\u003eGH-511\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Ruby 2.5 support \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/505\"\u003eGH-505\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance improvements: NTT multiplication, Newton-Raphson division, bit-burst algorithm for exp/sin, Gauss-Legendre for PI, improved log, and faster add/sub for large exponent differences \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/407\"\u003eGH-407\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/433\"\u003eGH-433\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/434\"\u003eGH-434\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/478\"\u003eGH-478\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/484\"\u003eGH-484\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove ENABLE_NUMERIC_STRING flag \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/479\"\u003eGH-479\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd RBS signature and testing \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/488\"\u003eGH-488\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/492\"\u003eGH-492\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix erfc(x,prec) precision when x is huge \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/502\"\u003eGH-502\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix error compiling with ruby.wasm \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/504\"\u003eGH-504\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/219cb2e641e3a1242f7fbe43025bf1ea3b2797af\"\u003e\u003ccode\u003e219cb2e\u003c/code\u003e\u003c/a\u003e Bump version to v4.1.1 (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/516\"\u003e#516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/3bf735fbe41fb07832ddf01ff507d92ea1810b05\"\u003e\u003ccode\u003e3bf735f\u003c/code\u003e\u003c/a\u003e Add a workaround for slow BigDecimal#to_f when it has large N_significant_dig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/ae1d238b0d32cd7456a7cf9fc376b8e46a711f40\"\u003e\u003ccode\u003eae1d238\u003c/code\u003e\u003c/a\u003e tiny grammar fix in README.md (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/513\"\u003e#513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/70caa24f43032b8033e5b0678bb40b940b22a4c4\"\u003e\u003ccode\u003e70caa24\u003c/code\u003e\u003c/a\u003e Update to cover change in Bundler (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/512\"\u003e#512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/f0985b36f5b4b7c13605d8eb15fce18b194a61b0\"\u003e\u003ccode\u003ef0985b3\u003c/code\u003e\u003c/a\u003e Increase VpMult batch size (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/511\"\u003e#511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/32fb1de0aca598ce417e5cf751ffa141633c4a8a\"\u003e\u003ccode\u003e32fb1de\u003c/code\u003e\u003c/a\u003e Multiplication with 8-decdig batch (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/1f2894fd94f2811f0ea5038cc0298f041daa049b\"\u003e\u003ccode\u003e1f2894f\u003c/code\u003e\u003c/a\u003e Remove unused minitest from Gemfile (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/510\"\u003e#510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/bf04ad4066381795c7a5f9a761f140c15feaef54\"\u003e\u003ccode\u003ebf04ad4\u003c/code\u003e\u003c/a\u003e Make BigDecimal object embedded (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/507\"\u003e#507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/64834a8e61d01a467a8185c0823c53ffd3e8b238\"\u003e\u003ccode\u003e64834a8\u003c/code\u003e\u003c/a\u003e Add changelog for 4.1.0. (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/db5888a9e003d99bb867ae695a02a81b2204d1f6\"\u003e\u003ccode\u003edb5888a\u003c/code\u003e\u003c/a\u003e Define \u003ccode\u003etest\u003c/code\u003e as the default rake task (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/bigdecimal/compare/v4.0.1...v4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `grpc` from 1.78.1 to 1.80.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/grpc/releases\"\u003egrpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.80.0\u003c/h2\u003e\n\u003cp\u003eThis is release 1.80.0 (\u003ca href=\"https://github.com/grpc/grpc/blob/master/doc/g_stands_for.md\"\u003eglimmering\u003c/a\u003e) of gRPC Core.\u003c/p\u003e\n\u003cp\u003eFor gRPC documentation, see \u003ca href=\"https://grpc.io/\"\u003egrpc.io\u003c/a\u003e. For previous releases, see \u003ca href=\"https://github.com/grpc/grpc/releases\"\u003eReleases\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release contains refinements, improvements, and bug fixes, with highlights listed below.\u003c/p\u003e\n\u003ch2\u003eCore\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ssl] Implement TLS private key signer in Python. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41701\"\u003e#41701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[TLS Credentials]: Private Key Offload Implementation. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41606\"\u003e#41606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix max sockaddr struct size on OpenBSD. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/40454\"\u003e#40454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[core] Enable EventEngine for Python by default, and EventEngine fork support in Python and Ruby. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41432\"\u003e#41432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[TLS Credentials]: Create InMemoryCertificateProvider to update certificates independently. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41484\"\u003e#41484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Ruby] Build/test ruby 4.0 and build native gems with Ruby 4.0 support. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41324\"\u003e#41324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[EventEngine] Remove an incorrect std::move in DNSServiceResolver constructor. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41502\"\u003e#41502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[RR and WRR] enable change to connect from a random index. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41472\"\u003e#41472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[xds] Implement gRFC A101. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41051\"\u003e#41051\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eC++\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[C++] Add SNI override option to C++ channel credentials options API. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41460\"\u003e#41460\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eC#\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[C# tools] Option to append Async to server side method names \u003ca href=\"https://redirect.github.com/google/grpc/issues/39010\"\u003e#39010\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/39797\"\u003e#39797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eObjective-C\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41357\"\u003e#41357\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePHP\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[PHP] Disable php infinite recursion check for callback from Core to PHP. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41835\"\u003e#41835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Fix runtime error with PHp8.5 alpha because zend_exception_get_defaul…. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/40337\"\u003e#40337\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePython\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Python] Fix \u003ccode\u003eGRPC_TRACE\u003c/code\u003e not working when absl log initialized in cython. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41814\"\u003e#41814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;[Python] Align GRPC_ENABLE_FORK_SUPPORT env defaults in core and python (\u003ca href=\"https://redirect.github.com/google/grpc/issues/41455\"\u003e#41455\u003c/a\u003e)\u0026quot;. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41769\"\u003e#41769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Fix AsyncIO Server maximum_concurrent_rpcs enforcement preventing negative active_rpcs count. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41532\"\u003e#41532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Docs: correct \u003ccode\u003egrpc.Compression\u003c/code\u003e references. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41705\"\u003e#41705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] [Typeguard] Part 4 - Add Typeguard to AIO stack in tests . (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/40226\"\u003e#40226\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc/commit/f5e2d6e856176c2f6b7691032adfefe21e5f64c1\"\u003e\u003ccode\u003ef5e2d6e\u003c/code\u003e\u003c/a\u003e [Release] Bump version to 1.80.0 (on v1.80.x branch) (\u003ca href=\"https://redirect.github.com/google/grpc/issues/41857\"\u003e#41857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc/commit/938cfecaebfc28b5e6bcdb95d55aba3962d9b55b\"\u003e\u003ccode\u003e938cfec\u003c/code\u003e\u003c/a\u003e [subchannel connection scaling] fix when we reset backoff (\u003ca href=\"https://redirect.github.com/google/grpc/issues/41935\"\u003e#41935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc/commit/91778bec667d7310864420f2b32aeb2e41e1b51c\"\u003e\u003ccode\u003e91778be\u003c/code\u003e\u003c/a\u003e [Backport][v1.80.x][Python] New \u003ccode\u003e_create\u003c/code\u003e method for aio.Metadata (\u003ca href=\"https://redirect.github.com/google/grpc/issues/41888\"\u003e#41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc/commit/be4c1c55b69493868241bfffd4bc318d3d592656\"\u003e\u003ccode\u003ebe4c1c5\u003c/code\u003e\u003c/a\u003e [subchannel] fix crash in connection scaling...\n\n_Description has been truncated_","html_url":"https://github.com/GuanceDemo/OpenTelemetry_Demo/pull/72","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GuanceDemo%2FOpenTelemetry_Demo/issues/72","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/72/packages"},{"uuid":"4266310457","node_id":"PR_kwDORfOU_c7ShA9M","number":123,"state":"closed","title":"Bump the bundler-production-dependencies group across 1 directory with 71 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-24T04:42:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-15T04:47:17.000Z","updated_at":"2026-04-24T04:42:09.000Z","time_to_close":777290,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler-production-dependencies","update_count":71,"packages":[{"name":"puma","old_version":"7.2.0","new_version":"8.0.0","repository_url":"https://github.com/puma/puma"},{"name":"google-protobuf","old_version":"4.34.0","new_version":"4.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"opentelemetry-sdk","old_version":"1.10.0","new_version":"1.11.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-common","old_version":"0.23.0","new_version":"0.24.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-logs-sdk","old_version":"0.4.0","new_version":"0.5.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-metrics-sdk","old_version":"0.12.0","new_version":"0.13.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp","old_version":"0.31.1","new_version":"0.33.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-metrics","old_version":"0.6.1","new_version":"0.8.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-logs","old_version":"0.2.2","new_version":"0.4.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-instrumentation-all","old_version":"0.90.1","new_version":"0.92.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby-contrib"},{"name":"openfeature-sdk","old_version":"0.5.0","new_version":"0.6.5","repository_url":"https://github.com/open-feature/ruby-sdk"},{"name":"grpc","old_version":"1.78.1","new_version":"1.80.0","repository_url":"https://github.com/google/grpc"},{"name":"mustermann","old_version":"3.0.4","new_version":"3.1.0","repository_url":"https://github.com/sinatra/mustermann"},{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"},{"name":"timeout","old_version":"0.6.0","new_version":"0.6.1","repository_url":"https://github.com/ruby/timeout"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler-production-dependencies group with 16 updates in the /src/email directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [puma](https://github.com/puma/puma) | `7.2.0` | `8.0.0` |\n| [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.34.0` | `4.34.1` |\n| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `1.10.0` | `1.11.0` |\n| [opentelemetry-common](https://github.com/open-telemetry/opentelemetry-ruby) | `0.23.0` | `0.24.0` |\n| [opentelemetry-logs-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.4.0` | `0.5.0` |\n| [opentelemetry-metrics-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.12.0` | `0.13.0` |\n| [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-ruby) | `0.31.1` | `0.33.0` |\n| [opentelemetry-exporter-otlp-metrics](https://github.com/open-telemetry/opentelemetry-ruby) | `0.6.1` | `0.8.0` |\n| [opentelemetry-exporter-otlp-logs](https://github.com/open-telemetry/opentelemetry-ruby) | `0.2.2` | `0.4.0` |\n| [opentelemetry-instrumentation-all](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.90.1` | `0.92.0` |\n| [openfeature-sdk](https://github.com/open-feature/ruby-sdk) | `0.5.0` | `0.6.5` |\n| [grpc](https://github.com/google/grpc) | `1.78.1` | `1.80.0` |\n| [mustermann](https://github.com/sinatra/mustermann) | `3.0.4` | `3.1.0` |\n| [rack](https://github.com/rack/rack) | `3.2.5` | `3.2.6` |\n| [rack-session](https://github.com/rack/rack-session) | `2.1.1` | `2.1.2` |\n| [timeout](https://github.com/ruby/timeout) | `0.6.0` | `0.6.1` |\n\n\nUpdates `puma` from 7.2.0 to 8.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0 - Into the Arena\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eRead our \u003ca href=\"https://github.com/puma/puma/blob/main/docs/8.0-Upgrade.md\"\u003eVersion 8 Upgrade Guide.\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.0 / 2026-03-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/08f63d495955eaee065d0ee18849f4ddcd52fe72\"\u003e\u003ccode\u003e08f63d4\u003c/code\u003e\u003c/a\u003e Release v8.0.0 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3914\"\u003e#3914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7406cc192480ce9d01c9a47e6f41fcb1548217a6\"\u003e\u003ccode\u003e7406cc1\u003c/code\u003e\u003c/a\u003e Fix IPv4-mapped IPv6 addresses in \u003ccode\u003eREMOTE_ADDR\u003c/code\u003e and request logs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3916\"\u003e#3916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/e090243320eb743a6c03f77f4ffa9e1a24c677b1\"\u003e\u003ccode\u003ee090243\u003c/code\u003e\u003c/a\u003e Build(deps): Bump actions/checkout from 4 to 6 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3915\"\u003e#3915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7d5dca1a561a95c2a6b8742b52c81c73cd2b95ca\"\u003e\u003ccode\u003e7d5dca1\u003c/code\u003e\u003c/a\u003e Update SECURITY.md, native Github vuln reports [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3913\"\u003e#3913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/66e6a32de52d9beed43e1c598bda360f906ccbef\"\u003e\u003ccode\u003e66e6a32\u003c/code\u003e\u003c/a\u003e Minor correction to defaults documented in dsl.rb (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/3788eca453a64ffb05a67115d3e2a276bbaf21a3\"\u003e\u003ccode\u003e3788eca\u003c/code\u003e\u003c/a\u003e ci: limit rack-conform to main pushes and scope ragel PR runs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3908\"\u003e#3908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/57b7799201adf43cdf508f90c57b95e23f49bbcd\"\u003e\u003ccode\u003e57b7799\u003c/code\u003e\u003c/a\u003e ci: run turbo-rails only on latest stable Ruby and Rails (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3909\"\u003e#3909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/6685d6b8024c5480774b790808e4f0343e414fa5\"\u003e\u003ccode\u003e6685d6b\u003c/code\u003e\u003c/a\u003e ci: replace skip-duplicate jobs with concurrency and trigger filters (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3907\"\u003e#3907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/2848c823dfc9838033d6ce342fee917e81aeedc1\"\u003e\u003ccode\u003e2848c82\u003c/code\u003e\u003c/a\u003e ci: run push workflows only on main and release branches (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3906\"\u003e#3906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/97a37bb7c6a457f8846eb3ce307daadd4b38b4f8\"\u003e\u003ccode\u003e97a37bb\u003c/code\u003e\u003c/a\u003e Add release pre-merge checks and align Release.md [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3904\"\u003e#3904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/puma/puma/compare/v7.2.0...v8.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-protobuf` from 4.34.0 to 4.34.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-sdk` from 1.10.0 to 1.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-sdk 1.11.0\u003c/h2\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/sdk/CHANGELOG.md\"\u003eopentelemetry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/1933d4c18e5f5e45c53fa9e902e58aa91e85cc38\"\u003e\u003ccode\u003e1933d4c\u003c/code\u003e\u003c/a\u003e chore: add explicit logger dependency to api and sdk gems (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1951\"\u003e#1951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-sdk/v1.10.0...opentelemetry-sdk/v1.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-common` from 0.23.0 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-common 0.24.0\u003c/h2\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/common/CHANGELOG.md\"\u003eopentelemetry-common's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-common/v0.23.0...opentelemetry-common/v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-logs-sdk` from 0.4.0 to 0.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-logs-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-logs-sdk 0.5.0\u003c/h2\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/logs_sdk/CHANGELOG.md\"\u003eopentelemetry-logs-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/c3cf68e8ac491457591c52ed69fedc3fe9190616\"\u003e\u003ccode\u003ec3cf68e\u003c/code\u003e\u003c/a\u003e chore: Skip flaky test on CI (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-logs-sdk/v0.4.0...opentelemetry-logs-sdk/v0.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-metrics-sdk` from 0.12.0 to 0.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-metrics-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-metrics-sdk 0.13.0\u003c/h2\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/metrics_sdk/CHANGELOG.md\"\u003eopentelemetry-metrics-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/60ffa1ecce42200d0d552d78a9d00a61eb703f29\"\u003e\u003ccode\u003e60ffa1e\u003c/code\u003e\u003c/a\u003e chore(readme): update metrics sdk readme (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2051\"\u003e#2051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-metrics-sdk/v0.12.0...opentelemetry-metrics-sdk/v0.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp` from 0.31.1 to 0.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.33.0\u003c/h2\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.32.0\u003c/h2\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp/v0.31.1...opentelemetry-exporter-otlp/v0.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-metrics` from 0.6.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-metrics's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.8.0\u003c/h2\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.7.0\u003c/h2\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-metrics/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-metrics's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-metrics/v0.6.1...opentelemetry-exporter-otlp-metrics/v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-logs` from 0.2.2 to 0.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-logs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.4.0\u003c/h2\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.3.0\u003c/h2\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-logs/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-logs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/86e979e6c607dab253ca8110566880afd5e192cf\"\u003e\u003ccode\u003e86e979e\u003c/code\u003e\u003c/a\u003e docs: fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-logs/v0.2.2...opentelemetry-exporter-otlp-logs/v0.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-instrumentation-all` from 0.90.1 to 0.92.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases\"\u003eopentelemetry-instrumentation-all's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.92.0\u003c/h2\u003e\n\u003ch2\u003ev0.92.0 / 2026-04-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBREAKING CHANGE: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add release tag into source code url of gem metadata (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/1984\"\u003e#1984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCHANGED: Update transitive dependencies for all instrumentation gems to new versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.91.0\u003c/h2\u003e\n\u003ch3\u003ev0.91.0 / 2026-03-17\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-anthropic to 0.4.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-dalli to 0.29.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-ethon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-excon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-faraday to 0.32.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-grape to 0.6.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-graphql to 0.31.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http_client to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-httpx to 0.7.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-net_http to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-racecar to 0.6.1\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rack to 0.30.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rails to 0.40.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-restclient to 0.27.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-sinatra to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-trilogy to 0.67.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/compare/opentelemetry-instrumentation-all/v0.90.1...opentelemetry-instrumentation-all/v0.92.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openfeature-sdk` from 0.5.0 to 0.6.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/releases\"\u003eopenfeature-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.3...v0.6.4\"\u003e0.6.4\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd OTel-compatible telemetry utility (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/240\"\u003e#240\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a03e524681a38c8762257049fae360fa15fcfba3\"\u003ea03e524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.2...v0.6.3\"\u003e0.6.3\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose spec compliance gaps for OpenFeature v0.8.0 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/237\"\u003e#237\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/9a87d04d5f261ea06e073f405c15613db7099d8a\"\u003e9a87d04\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eenable Gherkin feature tests (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/50\"\u003e#50\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/233\"\u003e#233\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/95845ba6ec26357d9c0895d310361e411f85da11\"\u003e95845ba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose remaining MUST-level spec compliance gaps (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/238\"\u003e#238\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/1d084911964c8672dd66b23834eec6f14e453749\"\u003e1d08491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.1...v0.6.2\"\u003e0.6.2\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd logging hook (spec Appendix A) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/229\"\u003e#229\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/2f681c910198d2bfa16389018f42ca9dc3270936\"\u003e2f681c9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd transaction context propagation (spec 3.3) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/230\"\u003e#230\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0aff30f77a0b680341cfd3d1f43e9d1f0ede1b75\"\u003e0aff30f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.0...v0.6.1\"\u003e0.6.1\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd flag metadata defaulting and immutability (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/221\"\u003e#221\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a300fc559293169f22eb1ce26f738cdee664cd26\"\u003ea300fc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd hook data per-hook mutable state (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/222\"\u003e#222\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/28518a0e08143d167b9d34c86e57a583fe5ee0de\"\u003e28518a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd InMemoryProvider context callbacks and event emission (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/224\"\u003e#224\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0a148f66abc815fc2ec9fd70027075125dbd504a\"\u003e0a148f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd shutdown API, provider status, and status short-circuit (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/223\"\u003e#223\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9c32ad1b467af25697423a542bc568597f39743\"\u003ef9c32ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement Tracking API (spec section 6) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/227\"\u003e#227\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/5576fce1c3bcf6e7510d8957c7e40e85c4b83b6f\"\u003e5576fce\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/blob/main/CHANGELOG.md\"\u003eopenfeature-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.3...v0.6.4\"\u003e0.6.4\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd OTel-compatible telemetry utility (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/240\"\u003e#240\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a03e524681a38c8762257049fae360fa15fcfba3\"\u003ea03e524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.2...v0.6.3\"\u003e0.6.3\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose spec compliance gaps for OpenFeature v0.8.0 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/237\"\u003e#237\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/9a87d04d5f261ea06e073f405c15613db7099d8a\"\u003e9a87d04\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eenable Gherkin feature tests (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/50\"\u003e#50\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/233\"\u003e#233\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/95845ba6ec26357d9c0895d310361e411f85da11\"\u003e95845ba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose remaining MUST-level spec compliance gaps (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/238\"\u003e#238\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/1d084911964c8672dd66b23834eec6f14e453749\"\u003e1d08491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.1...v0.6.2\"\u003e0.6.2\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd logging hook (spec Appendix A) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/229\"\u003e#229\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/2f681c910198d2bfa16389018f42ca9dc3270936\"\u003e2f681c9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd transaction context propagation (spec 3.3) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/230\"\u003e#230\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0aff30f77a0b680341cfd3d1f43e9d1f0ede1b75\"\u003e0aff30f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.0...v0.6.1\"\u003e0.6.1\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd flag metadata defaulting and immutability (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/221\"\u003e#221\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a300fc559293169f22eb1ce26f738cdee664cd26\"\u003ea300fc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd hook data per-hook mutable state (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/222\"\u003e#222\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/28518a0e08143d167b9d34c86e57a583fe5ee0de\"\u003e28518a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd InMemoryProvider context callbacks and event emission (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/224\"\u003e#224\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0a148f66abc815fc2ec9fd70027075125dbd504a\"\u003e0a148f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd shutdown API, provider status, and status short-circuit (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/223\"\u003e#223\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9c32ad1b467af25697423a542bc568597f39743\"\u003ef9c32ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement Tracking API (spec section 6) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/227\"\u003e#227\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/5576fce1c3bcf6e7510d8957c7e40e85c4b83b6f\"\u003e5576fce\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epopulate event details payload with error_code and message (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/225\"\u003e#225\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a185003dc09a69b2dda1fe569d1f82c45979cdad\"\u003ea185003\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.5.1...v0.6.0\"\u003e0.6.0\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/fa8026fb4edb1541e3eeb382709da2f389f68e6a\"\u003e\u003ccode\u003efa8026f\u003c/code\u003e\u003c/a\u003e chore(main): release 0.6.5 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/602d9723f56ed04c56834d0e185c4f0ab1c71f38\"\u003e\u003ccode\u003e602d972\u003c/code\u003e\u003c/a\u003e chore(deps): update codecov/codecov-action action to v5.5.3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e\u003ccode\u003e506e999\u003c/code\u003e\u003c/a\u003e feat: add RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/3f339dc391d35e2509b85e40be22a6d5a35b399d\"\u003e\u003ccode\u003e3f339dc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v4.0.2 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/250\"\u003e#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/c9472a40cc09620be9ffed546abbf34967d3207c\"\u003e\u003ccode\u003ec9472a4\u003c/code\u003e\u003c/a\u003e ci: add Claude Code GitHub Action (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/998c06c4220f854d5f5c7b8d1d1f738fde29d359\"\u003e\u003ccode\u003e998c06c\u003c/code\u003e\u003c/a\u003e chore(deps): update marocchino/sticky-pull-request-comment action to v3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a86856b9b5cbd4bb41de4824fe3f6ff00791cfec\"\u003e\u003ccode\u003ea86856b\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v3.4.9 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/cfdf4789d2a2105c7d38f69255d85afe820d0a3f\"\u003e\u003ccode\u003ecfdf478\u003c/code\u003e\u003c/a\u003e chore: remove known providers table from README (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9d5cfa014ed72ad6a33f67ed2a73651acbf58a5\"\u003e\u003ccode\u003ef9d5cfa\u003c/code\u003e\u003c/a\u003e chore: remove Claude plans and prevent future commits (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a10e3baf916331f902b9f525f62797fd0136f9c7\"\u003e\u003ccode\u003ea10e3ba\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rspec to \u0026quot;~\u0026gt; 3.13.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.5.0...v0.6.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bigdecimal` from 4.0.1 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/releases\"\u003ebigdecimal's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003etest\u003c/code\u003e as the default rake task by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd changelog for 4.1.0. by \u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake BigDecimal object embedded by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/507\"\u003eruby/bigdecimal#507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused minitest from Gemfile by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/510\"\u003eruby/bigdecimal#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiplication with 8-decdig batch by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/501\"\u003eruby/bigdecimal#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease VpMult batch size by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/511\"\u003eruby/bigdecimal#511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to cover change in Bundler by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etiny grammar fix in README.md by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/513\"\u003eruby/bigdecimal#513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workaround for slow BigDecimal#to_f when it has large N_significant_digits by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/514\"\u003eruby/bigdecimal#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to v4.1.1 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/516\"\u003eruby/bigdecimal#516\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove ENABLE_NUMERIC_STRING flag by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/479\"\u003eruby/bigdecimal#479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSample code without deprecated modules by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/480\"\u003eruby/bigdecimal#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of add/sub when exponent of two bigdecimals have huge difference by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/478\"\u003eruby/bigdecimal#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange frozen_string_literal from false to true by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/481\"\u003eruby/bigdecimal#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNTT multiplication and Newton-Raphson division by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/407\"\u003eruby/bigdecimal#407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement BigMath::PI with Gauss-Legendre algorithm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/434\"\u003eruby/bigdecimal#434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove taylor series calculation of exp and sin by bit burst algorithm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/433\"\u003eruby/bigdecimal#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove calculating log(10) in BigMath.log for large/small x by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/484\"\u003eruby/bigdecimal#484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing call-seq by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/485\"\u003eruby/bigdecimal#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSplit internal extra calculation prec and BigDecimal.double_fig usage by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/486\"\u003eruby/bigdecimal#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RBS signature and testing by \u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/488\"\u003eruby/bigdecimal#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing sig file by \u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/492\"\u003eruby/bigdecimal#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify butterfly operation of Number Theoretic Transform by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/496\"\u003eruby/bigdecimal#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAssume always have uint64_t by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/497\"\u003eruby/bigdecimal#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse bit_length to calculate NTT bit size by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/498\"\u003eruby/bigdecimal#498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate depend files, etc by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/499\"\u003eruby/bigdecimal#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix erfc(x,prec) precision when x is huge by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/502\"\u003eruby/bigdecimal#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease BigMath converge test precisions by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/503\"\u003eruby/bigdecimal#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix error compiling with ruby.wasm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/504\"\u003eruby/bigdecimal#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to 4.1.0 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/505\"\u003eruby/bigdecimal#505\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/488\"\u003eruby/bigdecimal#488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/blob/master/CHANGES.md\"\u003ebigdecimal's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMake BigDecimal object embedded \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/507\"\u003eGH-507\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMultiplication with 16-decdig batch \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/501\"\u003eGH-501\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/511\"\u003eGH-511\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Ruby 2.5 support \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/505\"\u003eGH-505\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance improvements: NTT multiplication, Newton-Raphson division, bit-burst algorithm for exp/sin, Gauss-Legendre for PI, improved log, and faster add/sub for large exponent differences \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/407\"\u003eGH-407\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/433\"\u003eGH-433\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/434\"\u003eGH-434\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/478\"\u003eGH-478\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/484\"\u003eGH-484\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove ENABLE_NUMERIC_STRING flag \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/479\"\u003eGH-479\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd RBS signature and testing \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/488\"\u003eGH-488\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/492\"\u003eGH-492\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix erfc(x,prec) precision when x is huge \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/502\"\u003eGH-502\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix error compiling with ruby.wasm \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/504\"\u003eGH-504\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/219cb2e641e3a1242f7fbe43025bf1ea3b2797af\"\u003e\u003ccode\u003e219cb2e\u003c/code\u003e\u003c/a\u003e Bump version to v4.1.1 (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/516\"\u003e#516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/3bf735fbe41fb07832ddf01ff507d92ea1810b05\"\u003e\u003ccode\u003e3bf735f\u003c/code\u003e\u003c/a\u003e Add a workaround for slow BigDecimal#to_f when it has large N_significant_dig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/ae1d238b0d32cd7456a7cf9fc376b8e46a711f40\"\u003e\u003ccode\u003eae1d238\u003c/code\u003e\u003c/a\u003e tiny grammar fix in README.md (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/513\"\u003e#513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/70caa24f43032b8033e5b0678bb40b940b22a4c4\"\u003e\u003ccode\u003e70caa24\u003c/code\u003e\u003c/a\u003e Update to cover change in Bundler (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/512\"\u003e#512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/f0985b36f5b4b7c13605d8eb15fce18b194a61b0\"\u003e\u003ccode\u003ef0985b3\u003c/code\u003e\u003c/a\u003e Increase VpMult batch size (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/511\"\u003e#511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/32fb1de0aca598ce417e5cf751ffa141633c4a8a\"\u003e\u003ccode\u003e32fb1de\u003c/code\u003e\u003c/a\u003e Multiplication with 8-decdig batch (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/1f2894fd94f2811f0ea5038cc0298f041daa049b\"\u003e\u003ccode\u003e1f2894f\u003c/code\u003e\u003c/a\u003e Remove unused minitest from Gemfile (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/510\"\u003e#510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/bf04ad4066381795c7a5f9a761f140c15feaef54\"\u003e\u003ccode\u003ebf04ad4\u003c/code\u003e\u003c/a\u003e Make BigDecimal object embedded (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/507\"\u003e#507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/64834a8e61d01a467a8185c0823c53ffd3e8b238\"\u003e\u003ccode\u003e64834a8\u003c/code\u003e\u003c/a\u003e Add changelog for 4.1.0. (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/db5888a9e003d99bb867ae695a02a81b2204d1f6\"\u003e\u003ccode\u003edb5888a\u003c/code\u003e\u003c/a\u003e Define \u003ccode\u003etest\u003c/code\u003e as the default rake task (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/big...\n\n_Description has been truncated_","html_url":"https://github.com/jlawton-cribl/opentelemetry-demo/pull/123","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlawton-cribl%2Fopentelemetry-demo/issues/123","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/123/packages"},{"uuid":"4252889798","node_id":"PR_kwDOMdbgsM7R66JS","number":224,"state":"closed","title":"build(deps): bump rack from 3.2.4 to 3.2.6","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-13T12:26:44.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-13T08:54:37.000Z","updated_at":"2026-04-13T12:26:45.000Z","time_to_close":12727,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"rack","old_version":"3.2.4","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [rack](https://github.com/rack/rack) from 3.2.4 to 3.2.6.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.5] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.4...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack\u0026package-manager=bundler\u0026previous-version=3.2.4\u0026new-version=3.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alphagov/govuk_web_banners/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/alphagov/govuk_web_banners/pull/224","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphagov%2Fgovuk_web_banners/issues/224","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/224/packages"},{"uuid":"4223337413","node_id":"PR_kwDOBNWBj87Qv_KW","number":675,"state":"open","title":"Bump rack from 3.2.5 to 3.2.6","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-08T09:00:27.000Z","updated_at":"2026-04-15T09:10:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [rack](https://github.com/rack/rack) from 3.2.5 to 3.2.6.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/quintel/etlocal/pull/675","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/quintel%2Fetlocal/issues/675","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/675/packages"},{"uuid":"4223253824","node_id":"PR_kwDOPJd-3c7Qvt_2","number":4,"state":"closed","title":"Bump the bundler group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T15:00:01.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T08:44:14.000Z","updated_at":"2026-05-18T15:00:04.000Z","time_to_close":3478547,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":6,"packages":[{"name":"faraday","old_version":"2.12.1","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"ruby-lsp","old_version":"0.19.1","new_version":"0.26.9","repository_url":"https://github.com/Shopify/ruby-lsp"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rack","old_version":"3.0.16","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.3","new_version":"1.1.1","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [faraday](https://github.com/lostisland/faraday), [ruby-lsp](https://github.com/Shopify/ruby-lsp), [addressable](https://github.com/sporkmonger/addressable), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml) and [uri](https://github.com/ruby/uri) to permit the latest version.\nUpdates `faraday` from 2.12.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruby-lsp` from 0.19.1 to 0.26.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Shopify/ruby-lsp/releases\"\u003eruby-lsp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev0.26.9\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent workspace_dependencies failing if directory gets removed during execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3980\"\u003eShopify/ruby-lsp#3980\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix semantic token \u003ccode\u003edefaultLibrary\u003c/code\u003e modifier casing (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4005\"\u003eShopify/ruby-lsp#4005\u003c/a\u003e) by \u003ca href=\"https://github.com/a-lavis\"\u003e\u003ccode\u003e@​a-lavis\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix document links for source comments above sig blocks (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4018\"\u003eShopify/ruby-lsp#4018\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.8\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix send_log_message ignoring type parameter (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3969\"\u003eShopify/ruby-lsp#3969\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly reset state after leaving a regex capture (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3970\"\u003eShopify/ruby-lsp#3970\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClean up cancelled requests after processing them (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3971\"\u003eShopify/ruby-lsp#3971\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply lower bound \u003ccode\u003eruby-lsp\u003c/code\u003e version constraint in composed bundle (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3985\"\u003eShopify/ruby-lsp#3985\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure the original CLI arguments are used when updating (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3986\"\u003eShopify/ruby-lsp#3986\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure bundle is re-composed when CLI arguments change (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3987\"\u003eShopify/ruby-lsp#3987\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eStart accepting --beta flag to install beta server version (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3976\"\u003eShopify/ruby-lsp#3976\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.7\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip disable line action for self-resolving cops (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3945\"\u003eShopify/ruby-lsp#3945\u003c/a\u003e) by \u003ca href=\"https://github.com/sucicfilip\"\u003e\u003ccode\u003e@​sucicfilip\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix test runner silent failure on dual-stack IPv4/IPv6 systems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3953\"\u003eShopify/ruby-lsp#3953\u003c/a\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Bundler::GemNotFound error introduced in 0.26.5 (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3961\"\u003eShopify/ruby-lsp#3961\u003c/a\u003e) by \u003ca href=\"https://github.com/jesse-shopify\"\u003e\u003ccode\u003e@​jesse-shopify\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix incompatible addon version activation when Bundler.setup fails after retry (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3963\"\u003eShopify/ruby-lsp#3963\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid failing if \u003ccode\u003eneeds_update\u003c/code\u003e file is deleted by concurrent process (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3964\"\u003eShopify/ruby-lsp#3964\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport IPv4 and IPv6 for LSP reporter connection (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3965\"\u003eShopify/ruby-lsp#3965\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDecouple test reporter IO from test execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3962\"\u003eShopify/ruby-lsp#3962\u003c/a\u003e) by \u003ca href=\"https://github.com/alexcrocha\"\u003e\u003ccode\u003e@​alexcrocha\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.6\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop when collecting transitive excluded gems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3913\"\u003eShopify/ruby-lsp#3913\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't include test files in the gem package (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3916\"\u003eShopify/ruby-lsp#3916\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd rbs to composed bundle update commands (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3938\"\u003eShopify/ruby-lsp#3938\u003c/a\u003e) by \u003ca href=\"https://github.com/modille\"\u003e\u003ccode\u003e@​modille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtract GEMS_TO_UPDATE constant and fix missing prism in command path (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3939\"\u003eShopify/ruby-lsp#3939\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[DOC] Add security documentation (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3928\"\u003eShopify/ruby-lsp#3928\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.5\u003c/h1\u003e\n\u003ch2\u003e✨ Enhancements\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/29ecc8d29dde87e6157a75bc2f0a3eb62db02ea3\"\u003e\u003ccode\u003e29ecc8d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/f6d9ee44200cb2c0bd3feeb75ff9b7547accd6ad\"\u003e\u003ccode\u003ef6d9ee4\u003c/code\u003e\u003c/a\u003e Bump version to v0.26.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/97f817d489a212faa6dd876bf129b300ea492fbc\"\u003e\u003ccode\u003e97f817d\u003c/code\u003e\u003c/a\u003e Remove --branch flag from server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/9e53e7e8366a13e44079f252ee8e5d5000803fe2\"\u003e\u003ccode\u003e9e53e7e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/eb746d3554f8666e980fa3cffc0d03d7aa062fdd\"\u003e\u003ccode\u003eeb746d3\u003c/code\u003e\u003c/a\u003e Bump extension version to v0.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8834520c7d4ebd067527bc9ba0db3aff586e5df8\"\u003e\u003ccode\u003e8834520\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4030\"\u003e#4030\u003c/a\u003e from Shopify/use-prism-parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/e4026eac5293387aa1e77a62253ae5dc5a9806b5\"\u003e\u003ccode\u003ee4026ea\u003c/code\u003e\u003c/a\u003e Use Prism parser for Sorbet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/81843e7a15f2b5428dbe73d87ef3a3ceccb6c411\"\u003e\u003ccode\u003e81843e7\u003c/code\u003e\u003c/a\u003e Bump Sorbet to 0.6.13055\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/b61a59498b70e864ac67c87bafbf72851ecb2ba7\"\u003e\u003ccode\u003eb61a594\u003c/code\u003e\u003c/a\u003e Remove rubyLsp.branch setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8c1e9b6b3f69a45dd6853d43d3dfae158f9e555d\"\u003e\u003ccode\u003e8c1e9b6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4028\"\u003e#4028\u003c/a\u003e from Shopify/dependabot/npm_and_yarn/vscode/minor-an...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Shopify/ruby-lsp/compare/v0.19.1...v0.26.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.0.16 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.1.21] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.20] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.19] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.18] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.17] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.16] - 2025-06-04\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-47m2-26rw-j2jw\"\u003eCVE-2025-49007\u003c/a\u003e Fix ReDoS in multipart request.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ae8431120e66e92d1885ab8ec0a553d9cad5ec13\"\u003e\u003ccode\u003eae84311\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/87961c306df1894fb5efaa57d29179091b4bc194\"\u003e\u003ccode\u003e87961c3\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fd1c23dc762225e68b50d392142e6a6bf54bf9af\"\u003e\u003ccode\u003efd1c23d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c59d924f215e41ae8ce1bae1633c34f1ca64b182\"\u003e\u003ccode\u003ec59d924\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/176f468e0d575e2f4d7583ff95f30bb53360e3fe\"\u003e\u003ccode\u003e176f468\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/28569342665fee07f161f0974826eb85c1244533\"\u003e\u003ccode\u003e2856934\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/17ce7836be1523a7b453f3c06fe070ad7c954708\"\u003e\u003ccode\u003e17ce783\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/367a2a0ec6fbef605c9412dadfd5763b7867441f\"\u003e\u003ccode\u003e367a2a0\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a17cb99b3440a4db09fb920407adf5ead127704c\"\u003e\u003ccode\u003ea17cb99\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/59a0966a484f2903833fa3e4c81919d3c645738d\"\u003e\u003ccode\u003e59a0966\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.0.16...v3.1.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Lynquatiq/entitlements-github-plugin/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Lynquatiq/entitlements-github-plugin/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lynquatiq%2Fentitlements-github-plugin/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4223046444","node_id":"PR_kwDOAHi-687QvF9R","number":2934,"state":"closed","title":"Bump the bundler group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-09T06:52:03.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T08:07:12.000Z","updated_at":"2026-04-09T06:52:13.000Z","time_to_close":81891,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":3,"packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"},{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 3 updates in the / directory: [rack](https://github.com/rack/rack), [rack-session](https://github.com/rack/rack-session) and [addressable](https://github.com/sporkmonger/addressable).\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.9...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/onetimesecret/onetimesecret/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/onetimesecret/onetimesecret/pull/2934","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onetimesecret%2Fonetimesecret/issues/2934","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2934/packages"},{"uuid":"4222907401","node_id":"PR_kwDOPVgz5c7Qursv","number":248,"state":"open","title":"build(deps): bump the bundler group across 2 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","ruby","Stale"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-08T07:41:29.000Z","updated_at":"2026-04-16T05:36:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"bundler","update_count":5,"packages":[{"name":"sinatra","old_version":"4.1.1","new_version":"4.2.0","repository_url":"https://github.com/sinatra/sinatra"},{"name":"rack","old_version":"3.1.15","new_version":"3.2.6"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rexml","old_version":"3.4.0","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 1 update in the /src/email directory: [sinatra](https://github.com/sinatra/sinatra).\nBumps the bundler group with 2 updates in the /src/react-native-app directory: [addressable](https://github.com/sporkmonger/addressable) and [rexml](https://github.com/ruby/rexml).\n\nUpdates `sinatra` from 4.1.1 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md\"\u003esinatra's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.2.0 / 2025-10-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003e:static_headers\u003c/code\u003e setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Avoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/f2ad45f7d2456172974a30d300e9f82424336e09\"\u003e\u003ccode\u003ef2ad45f\u003c/code\u003e\u003c/a\u003e 4.2.0 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2122\"\u003e#2122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd\"\u003e\u003ccode\u003e3fe8c38\u003c/code\u003e\u003c/a\u003e Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/fa99a21461d4f1f5337b9b9d7a38a1b51c8f4e55\"\u003e\u003ccode\u003efa99a21\u003c/code\u003e\u003c/a\u003e \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ea0d3fae36d8bba330c1d1f88ef1be2e9e54516a\"\u003e\u003ccode\u003eea0d3fa\u003c/code\u003e\u003c/a\u003e Skip broken tests. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2115\"\u003e#2115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/5e1598501eb23a8673d61034df7be7d50c228400\"\u003e\u003ccode\u003e5e15985\u003c/code\u003e\u003c/a\u003e Sync changelog for v4.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/91cfb548c9e50a65324a9ce9e4ea5f10cd897027\"\u003e\u003ccode\u003e91cfb54\u003c/code\u003e\u003c/a\u003e Add :static_headers setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/c918134b0a520cb80b8b4cc3ab222cb6bbd9c827\"\u003e\u003ccode\u003ec918134\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003erubygems_mfa_required\u003c/code\u003e for the \u003ccode\u003esinatra\u003c/code\u003e gem (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2087\"\u003e#2087\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ac3ff2363b6dfc61d2b438c4dfccc515bc6bf48c\"\u003e\u003ccode\u003eac3ff23\u003c/code\u003e\u003c/a\u003e README: Remove duplicate mention of installing puma (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2091\"\u003e#2091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/cfcc70dee1133690207b5a3dc6000426ec04e250\"\u003e\u003ccode\u003ecfcc70d\u003c/code\u003e\u003c/a\u003e CI: don't use \u003ccode\u003eRack::Lint\u003c/code\u003e on invalid hostname (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2086\"\u003e#2086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/c235249abaafa2780b540aca1813dfcf3d17c2dd\"\u003e\u003ccode\u003ec235249\u003c/code\u003e\u003c/a\u003e CI: Test with Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2083\"\u003e#2083\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sinatra/sinatra/compare/v4.1.1...v4.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.15 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.5] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.2] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.1.15...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.4.0 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.4.0...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/burhanuddin-anw/opentelemetry-demo/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/burhanuddin-anw/opentelemetry-demo/pull/248","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/burhanuddin-anw%2Fopentelemetry-demo/issues/248","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/248/packages"},{"uuid":"4221913725","node_id":"PR_kwDOMffEC87Qrvfj","number":666,"state":"closed","title":"Bump the bundler group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-09T03:52:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T03:39:19.000Z","updated_at":"2026-04-09T03:52:27.000Z","time_to_close":87179,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":2,"packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the / directory: [rack](https://github.com/rack/rack) and [rack-session](https://github.com/rack/rack-session).\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/seahal/umaxica-apps-jit/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/seahal/umaxica-apps-jit/pull/666","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/seahal%2Fumaxica-apps-jit/issues/666","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/666/packages"},{"uuid":"4221845862","node_id":"PR_kwDOAHi-687QriPq","number":2931,"state":"open","title":"Bump the bundler group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-08T03:19:38.000Z","updated_at":"2026-04-08T03:27:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":2,"packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the / directory: [rack](https://github.com/rack/rack) and [rack-session](https://github.com/rack/rack-session).\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/onetimesecret/onetimesecret/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/onetimesecret/onetimesecret/pull/2931","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onetimesecret%2Fonetimesecret/issues/2931","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2931/packages"},{"uuid":"4221560219","node_id":"PR_kwDOMt-mx87QqrMs","number":18,"state":"closed","title":"Bump the bundler group across 4 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-08T08:21:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T01:47:56.000Z","updated_at":"2026-04-08T08:21:18.000Z","time_to_close":23599,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":8,"packages":[{"name":"activesupport","old_version":"7.2.1","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"nokogiri","old_version":"1.16.7","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"devise","old_version":"4.9.4","new_version":"5.0.3","repository_url":"https://github.com/heartcombo/devise"},{"name":"actionview","old_version":"6.1.7.8","new_version":"8.1.3"},{"name":"activestorage","old_version":"6.1.7.8","new_version":"8.1.3"},{"name":"activesupport","old_version":"6.1.7.8","new_version":"8.1.3","repository_url":"https://github.com/rails/rails"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22"},{"name":"nokogiri","old_version":"1.16.7","new_version":"1.19.2","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.9","new_version":"3.2.6"},{"name":"devise","old_version":"4.9.4","new_version":"5.0.3","repository_url":"https://github.com/heartcombo/devise"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the /docs directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).\nBumps the bundler group with 1 update in the /gemfiles/rails_61 directory: [devise](https://github.com/heartcombo/devise).\nBumps the bundler group with 1 update in the /gemfiles/rails_70 directory: [devise](https://github.com/heartcombo/devise).\nBumps the bundler group with 1 update in the /gemfiles/rails_71 directory: [devise](https://github.com/heartcombo/devise).\n\nUpdates `activesupport` from 7.2.1 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.1...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.16.7 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8\"\u003ev2.13.8\u003c/a\u003e to address CVE-2025-32414 and CVE-2025-32415. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc\"\u003eGHSA-5w6v-399v-w3cc\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.7 / 2025-03-31\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7\"\u003ev2.13.7\u003c/a\u003e, which is a bugfix release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.6 / 2025-03-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.16.7...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devise` from 4.9.4 to 5.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/releases\"\u003edevise's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.2\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0.rc\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/blob/main/CHANGELOG.md\"\u003edevise's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e5.0.3 - 2026-03-16\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix race condition vulnerability on confirmable \u0026quot;change email\u0026quot; which would allow confirming an email they don't own CVE-2026-32700 \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5783\"\u003e#5783\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5784\"\u003e#5784\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2 - 2026-02-18\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eenhancements\n\u003cul\u003e\n\u003cli\u003eAllow resource class scopes to override the global configuration for \u003ccode\u003esign_in_after_change_password\u003c/code\u003e behaviour. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5825\"\u003e#5825\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eNote\u003c/em\u003e: some users ran into an issue with this change because \u003ccode\u003eRegistrationsController\u003c/code\u003e now relies on a setting from the \u003ccode\u003e:registerable\u003c/code\u003e module. These users were configuring their own routes pointing to the \u003ccode\u003eRegistrationsController\u003c/code\u003e for resource edit/update actions mostly, without relying on the other registration actions (e.g. user sign up.), so they omitted \u003ccode\u003e:registerable\u003c/code\u003e from the model declaration. While using just a portion of the controller functionality is a valid use for \u003ccode\u003e:registerable\u003c/code\u003e (or any module really), the module must still be declared in the model, much like the other modules must be declared if you plan on using just a portion of their behavior. Please check \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5828#issuecomment-3926822788\"\u003ethis issue\u003c/a\u003e for more info.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esign_in_after_reset_password?\u003c/code\u003e check hook to passwords controller, to allow it to be customized by users. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5826\"\u003e#5826\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1 - 2026-02-13\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebug fixes\n\u003cul\u003e\n\u003cli\u003eFix translation issue with German \u003ccode\u003eE-Mail\u003c/code\u003e on invalid authentication messages caused by previous fix for incorrect grammar \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5822\"\u003e#5822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0 - 2026-01-23\u003c/h3\u003e\n\u003cp\u003eno changes\u003c/p\u003e\n\u003ch3\u003e5.0.0.rc - 2025-12-31\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Ruby \u0026lt; 2.7\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Rails \u0026lt; 7.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003e:bypass\u003c/code\u003e option from \u003ccode\u003esign_in\u003c/code\u003e helper, use \u003ccode\u003ebypass_sign_in\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003edevise_error_messages!\u003c/code\u003e helper, use \u003ccode\u003erender \u0026quot;devise/shared/error_messages\u0026quot;, resource: resource\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003escope\u003c/code\u003e second argument from \u003ccode\u003esign_in(resource, :admin)\u003c/code\u003e controller test helper, use \u003ccode\u003esign_in(resource, scope: :admin)\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::TestHelpers\u003c/code\u003e, use \u003ccode\u003eDevise::Test::ControllerHelpers\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5598\"\u003e#5598\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise.activerecord51?\u003c/code\u003e method.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove \u003ccode\u003eSecretKeyFinder\u003c/code\u003e and use \u003ccode\u003eapp.secret_key_base\u003c/code\u003e as the default secret key for \u003ccode\u003eDevise.secret_key\u003c/code\u003e if a custom \u003ccode\u003eDevise.secret_key\u003c/code\u003e is not provided.\u003c/p\u003e\n\u003cp\u003eThis is potentially a breaking change because Devise previously used the following order to find a secret key:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eapp.credentials.secret_key_base \u0026gt; app.secrets.secret_key_base \u0026gt; application.config.secret_key_base \u0026gt; application.secret_key_base\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow, it always uses \u003ccode\u003eapplication.secret_key_base\u003c/code\u003e. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for \u003ccode\u003erecoverable\u003c/code\u003e, \u003ccode\u003elockable\u003c/code\u003e, and \u003ccode\u003econfirmable\u003c/code\u003e will be invalid.\n\u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5645\"\u003e#5645\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange password instructions button label on devise view from \u003ccode\u003eSend me reset password instructions\u003c/code\u003e to \u003ccode\u003eSend me password reset instructions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5515\"\u003e#5515\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange \u003ccode\u003e\u0026lt;br\u0026gt;\u003c/code\u003e tags separating form elements to wrapping them in \u003ccode\u003e\u0026lt;p\u0026gt;\u003c/code\u003e tags \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5494\"\u003e#5494\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReplace \u003ccode\u003e[data-turbo-cache=false]\u003c/code\u003e with \u003ccode\u003e[data-turbo-temporary]\u003c/code\u003e on \u003ccode\u003edevise/shared/error_messages\u003c/code\u003e partial. This has been \u003ca href=\"https://github.com/hotwired/turbo/releases/tag/v7.3.0\"\u003edeprecated by Turbo since v7.3.0 (released on Mar 1, 2023)\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIf you are using an older version of Turbo and the default devise template, you'll need to copy it over to your app and change that back to \u003ccode\u003e[data-turbo-cache=false]\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eenhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Rails 8 support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/2f809205b2a9112767e68e1a5666c649a42609c6\"\u003e\u003ccode\u003e2f80920\u003c/code\u003e\u003c/a\u003e Release v5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/53347074021b38590653b95523f9b7113e5dcfdc\"\u003e\u003ccode\u003e5334707\u003c/code\u003e\u003c/a\u003e Add CVE to changelog [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/02527772bd9adbc3357d9c62fbc16e73e438121d\"\u003e\u003ccode\u003e0252777\u003c/code\u003e\u003c/a\u003e Fix race condition vulnerability, by ensuring the \u003ccode\u003eunconfirmed_email\u003c/code\u003e is alwa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/879f79fceaf2ec6525219ee7bb4057ce4db65729\"\u003e\u003ccode\u003e879f79f\u003c/code\u003e\u003c/a\u003e Bundle update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/0f4493bd0302f85d1662b71c4f2145268fecc200\"\u003e\u003ccode\u003e0f4493b\u003c/code\u003e\u003c/a\u003e Configure default permissions as read-only for the workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/8c785761bd3c717793f0da4146dd630865568567\"\u003e\u003ccode\u003e8c78576\u003c/code\u003e\u003c/a\u003e Ignore test/** folder for GH default code scanning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/c9e655e13253dc53e3c0981a8345f134bcda1fc5\"\u003e\u003ccode\u003ec9e655e\u003c/code\u003e\u003c/a\u003e Bundle update, clear dependabot security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/3fd061095084d8f9d3f8c995c46caabcd15640fd\"\u003e\u003ccode\u003e3fd0610\u003c/code\u003e\u003c/a\u003e Add a note to the changelog about an edge case issue some users ran into\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/5b008ed51c0df3223cf727e7ad07378d6329b12f\"\u003e\u003ccode\u003e5b008ed\u003c/code\u003e\u003c/a\u003e Release v5.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/916f94ed4b4bb8e7881d5cf8c6535b7ccb368f7a\"\u003e\u003ccode\u003e916f94e\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003esign_in_after_reset_password?\u003c/code\u003e check hook to passwords controller (\u003ca href=\"https://redirect.github.com/heartcombo/devise/issues/5826\"\u003e#5826\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/heartcombo/devise/compare/v4.9.4...v5.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 6.1.7.8 to 8.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.1.3\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eJSONGemCoderEncoder\u003c/code\u003e to correctly serialize custom object hash keys.\u003c/p\u003e\n\u003cp\u003eWhen hash keys are custom objects whose \u003ccode\u003eas_json\u003c/code\u003e returns a Hash,\nthe encoder now calls \u003ccode\u003eto_s\u003c/code\u003e on the original key object instead of\non the \u003ccode\u003eas_json\u003c/code\u003e result.\u003c/p\u003e\n\u003cp\u003eBefore:\nhash = {CustomKey.new(123) =\u0026gt; \u0026quot;value\u0026quot;}\nhash.to_json  # =\u0026gt; {\u0026quot;{:id=\u0026gt;123}\u0026quot;:\u0026quot;value\u0026quot;}\u003c/p\u003e\n\u003cp\u003eAfter:\nhash.to_json  # =\u0026gt; {\u0026quot;custom_123\u0026quot;:\u0026quot;value\u0026quot;}\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eDan Sharp\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix inflections to better handle overlapping acronyms.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.inflections(:en) do |inflect|\r\n  inflect.acronym \u0026quot;USD\u0026quot;\r\n  inflect.acronym \u0026quot;USDC\u0026quot;\r\nend\r\n\u003cp\u003e\u0026quot;USDC\u0026quot;.underscore # =\u0026gt; \u0026quot;usdc\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSilence Dalli 4.0+ warning when using \u003ccode\u003eActiveSupport::Cache::MemCacheStore\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ezzak\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix Ruby 4.0 delegator warning when calling inspect on attributes.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eHammad Khan\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNoMethodError\u003c/code\u003e when deserialising \u003ccode\u003eType::Integer\u003c/code\u003e objects marshalled under Rails 8.0.\u003c/p\u003e\n\u003cp\u003eThe performance optimisation that replaced \u003ccode\u003e@range\u003c/code\u003e with \u003ccode\u003e@max\u003c/code\u003e/\u003ccode\u003e@min\u003c/code\u003e\nbroke Marshal compatibility. Objects serialised under 8.0 (with \u003ccode\u003e@range\u003c/code\u003e)\nand deserialised under 8.1 (expecting \u003ccode\u003e@max\u003c/code\u003e/\u003ccode\u003e@min\u003c/code\u003e) would crash with\n\u003ccode\u003eundefined method '\u0026lt;=' for nil\u003c/code\u003e because \u003ccode\u003eMarshal.load\u003c/code\u003e restores instance\nvariables without calling \u003ccode\u003einitialize\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/blob/v8.1.3/actionview/CHANGELOG.md\"\u003eactionview's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRails 8.1.3 (March 24, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix encoding errors for string locals containing non-ASCII characters.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eKataoka Katsuki\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix collection caching to only forward \u003ccode\u003eexpires_in\u003c/code\u003e argument if explicitly set.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ePieter Visser\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRails 8.1.2.1 (March 23, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix possible XSS in DebugExceptions middleware\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33167]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJohn Hawthorn\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRails 8.1.2 (January 08, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003efile_field\u003c/code\u003e to join mime types with a comma when provided as Array\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003efile_field(:article, :image, accept: ['image/png', 'image/gif', 'image/jpeg'])\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow behaves likes:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003efile_field(:article, :image, accept: 'image/png,image/gif,image/jpeg')\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cem\u003eBogdan Gusiev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix strict locals parsing to handle multiline definitions.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003econtent_security_policy_nonce\u003c/code\u003e error in mailers when using \u003ccode\u003econtent_security_policy_nonce_auto\u003c/code\u003e setting.\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003econtent_security_policy_nonce helper\u003c/code\u003e is provided by \u003ccode\u003eActionController::ContentSecurityPolicy\u003c/code\u003e, and it relies on \u003ccode\u003erequest.content_security_policy_nonc\u003c/code\u003ee. Mailers lack both the module and the request object.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJarrett Lusso\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fa8f0812160665bff083a089d2bb2fc1817ea03e\"\u003e\u003ccode\u003efa8f081\u003c/code\u003e\u003c/a\u003e Preparing for 8.1.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/63cef3de3bd88d5973837ea268dc710e7dbf7b8e\"\u003e\u003ccode\u003e63cef3d\u003c/code\u003e\u003c/a\u003e Merge branch '8-1-sec' into 8-1-stable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/1db4b89687cc18311fc3f92623136705df24e671\"\u003e\u003ccode\u003e1db4b89\u003c/code\u003e\u003c/a\u003e Preparing for 8.1.2.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/1c7d1cf0a1ab4142eb20ef30fe2062aad6f72e21\"\u003e\u003ccode\u003e1c7d1cf\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/e91694b1f0e176eb01bfcc480a008bffc70f7602\"\u003e\u003ccode\u003ee91694b\u003c/code\u003e\u003c/a\u003e Update CHANGELOG (8.1 only)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d\"\u003e\u003ccode\u003e63f5ad8\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/e598b9427876ba44bd62c48390e6568476b3f8f0\"\u003e\u003ccode\u003ee598b94\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56906\"\u003e#56906\u003c/a\u003e from kataokatsuki/fix-strict-locals-non-ascii-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c2ea79c21161de7eb271b2789fbed21dde504071\"\u003e\u003ccode\u003ec2ea79c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56891\"\u003e#56891\u003c/a\u003e from pietervisser/fix-collection-caching-to-preserv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d7c8ae65b7045490965218a994c300aea8dbb079\"\u003e\u003ccode\u003ed7c8ae6\u003c/code\u003e\u003c/a\u003e Preparing for 8.1.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/27aa94fb4430b8dd9464081ad9b5ca083452570c\"\u003e\u003ccode\u003e27aa94f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56389\"\u003e#56389\u003c/a\u003e from bogdan/semantic-file-input-accept\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v6.1.7.8...v8.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 6.1.7.8 to 8.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.1.3\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eJSONGemCoderEncoder\u003c/code\u003e to correctly serialize custom object hash keys.\u003c/p\u003e\n\u003cp\u003eWhen hash keys are custom objects whose \u003ccode\u003eas_json\u003c/code\u003e returns a Hash,\nthe encoder now calls \u003ccode\u003eto_s\u003c/code\u003e on the original key object instead of\non the \u003ccode\u003eas_json\u003c/code\u003e result.\u003c/p\u003e\n\u003cp\u003eBefore:\nhash = {CustomKey.new(123) =\u0026gt; \u0026quot;value\u0026quot;}\nhash.to_json  # =\u0026gt; {\u0026quot;{:id=\u0026gt;123}\u0026quot;:\u0026quot;value\u0026quot;}\u003c/p\u003e\n\u003cp\u003eAfter:\nhash.to_json  # =\u0026gt; {\u0026quot;custom_123\u0026quot;:\u0026quot;value\u0026quot;}\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eDan Sharp\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix inflections to better handle overlapping acronyms.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.inflections(:en) do |inflect|\r\n  inflect.acronym \u0026quot;USD\u0026quot;\r\n  inflect.acronym \u0026quot;USDC\u0026quot;\r\nend\r\n\u003cp\u003e\u0026quot;USDC\u0026quot;.underscore # =\u0026gt; \u0026quot;usdc\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSilence Dalli 4.0+ warning when using \u003ccode\u003eActiveSupport::Cache::MemCacheStore\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ezzak\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix Ruby 4.0 delegator warning when calling inspect on attributes.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eHammad Khan\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNoMethodError\u003c/code\u003e when deserialising \u003ccode\u003eType::Integer\u003c/code\u003e objects marshalled under Rails 8.0.\u003c/p\u003e\n\u003cp\u003eThe performance optimisation that replaced \u003ccode\u003e@range\u003c/code\u003e with \u003ccode\u003e@max\u003c/code\u003e/\u003ccode\u003e@min\u003c/code\u003e\nbroke Marshal compatibility. Objects serialised under 8.0 (with \u003ccode\u003e@range\u003c/code\u003e)\nand deserialised under 8.1 (expecting \u003ccode\u003e@max\u003c/code\u003e/\u003ccode\u003e@min\u003c/code\u003e) would crash with\n\u003ccode\u003eundefined method '\u0026lt;=' for nil\u003c/code\u003e because \u003ccode\u003eMarshal.load\u003c/code\u003e restores instance\nvariables without calling \u003ccode\u003einitialize\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/blob/v8.1.3/activestorage/CHANGELOG.md\"\u003eactivestorage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRails 8.1.3 (March 24, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eActiveStorage::Blob\u003c/code\u003e content type predicate methods to handle \u003ccode\u003enil\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eDaichi KUDO\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRails 8.1.2.1 (March 23, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFilter user supplied metadata in DirectUploadController\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33173]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eConfigurable maxmimum streaming chunk size\u003c/p\u003e\n\u003cp\u003eMakes sure that byte ranges for blobs don't exceed 100mb by default.\nContent ranges that are too big can result in denial of service.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33174]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eGannon McGibbon\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLimit range requests to a single range\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33658]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePrevent path traversal in \u003ccode\u003eDiskService\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eDiskService#path_for\u003c/code\u003e now raises an \u003ccode\u003eInvalidKeyError\u003c/code\u003e when passed keys with dot segments (\u0026quot;.\u0026quot;,\n\u0026quot;..\u0026quot;), or if the resolved path is outside the storage root directory.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003e#path_for\u003c/code\u003e also now consistently raises \u003ccode\u003eInvalidKeyError\u003c/code\u003e if the key is invalid in any way, for\nexample containing null bytes or having an incompatible encoding. Previously, the exception\nraised may have been \u003ccode\u003eArgumentError\u003c/code\u003e or \u003ccode\u003eEncoding::CompatibilityError\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eDiskController\u003c/code\u003e now explicitly rescues \u003ccode\u003eInvalidKeyError\u003c/code\u003e with appropriate HTTP status codes.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33195]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePrevent glob injection in \u003ccode\u003eDiskService#delete_prefixed\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eEscape glob metacharacters in the resolved path before passing to \u003ccode\u003eDir.glob\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fa8f0812160665bff083a089d2bb2fc1817ea03e\"\u003e\u003ccode\u003efa8f081\u003c/code\u003e\u003c/a\u003e Preparing for 8.1.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/63cef3de3bd88d5973837ea268dc710e7dbf7b8e\"\u003e\u003ccode\u003e63cef3d\u003c/code\u003e\u003c/a\u003e Merge branch '8-1-sec' into 8-1-stable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/1db4b89687cc18311fc3f92623136705df24e671\"\u003e\u003ccode\u003e1db4b89\u003c/code\u003e\u003c/a\u003e Preparing for 8.1.2.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/1c7d1cf0a1ab4142eb20ef30fe2062aad6f72e21\"\u003e\u003ccode\u003e1c7d1cf\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8c9676b803820110548cdb7523800db43bc6874c\"\u003e\u003ccode\u003e8c9676b\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655\"\u003e\u003ccode\u003e9b06fbc\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d9502f5214e2198245a4c1defe9cd02a7c8057d0\"\u003e\u003ccode\u003ed9502f5\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/85ec5b1e00d3197d8c69a5e622e1b398a1b10b06\"\u003e\u003ccode\u003e85ec5b1\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a\"\u003e\u003ccode\u003e42012ea\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/064cea7d610f6020bc8cb97cb693d1fb15ed23c8\"\u003e\u003ccode\u003e064cea7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56783\"\u003e#56783\u003c/a\u003e from kudoas/fix-activestorage-blob-content-type-nil\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v6.1.7.8...v8.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 6.1.7.8 to 8.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.1...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.16.7 to 1.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8\"\u003ev2.13.8\u003c/a\u003e to address CVE-2025-32414 and CVE-2025-32415. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc\"\u003eGHSA-5w6v-399v-w3cc\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.7 / 2025-03-31\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7\"\u003ev2.13.7\u003c/a\u003e, which is a bugfix release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.6 / 2025-03-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.16.7...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 2.2.9 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1\"\u003ehttps://github.com/rack/rack/compare/v3.0.9...v3.0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix content-length calcuation in Rack:Response#write \u003ca href=\"https://redirect.github.com/rack/rack/issues/2150\"\u003e#2150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.8...v3.0.9\"\u003ehttps://github.com/rack/rack/compare/v3.0.8...v3.0.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u0026quot;Fix some unused variable verbose warnings\u0026quot; by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2084\"\u003erack/rack#2084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2084\"\u003erack/rack#2084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.7...v3.0.8\"\u003ehttps://github.com/rack/rack/compare/v3.0.7...v3.0.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u0026quot;Make query parameters without = have nil values\u0026quot;. by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2060\"\u003erack/rack#2060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7\"\u003ehttps://github.com/rack/rack/compare/v3.0.6.1...v3.0.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.6.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.0.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1\"\u003ehttps://github.com/rack/rack/compare/v3.0.4...v3.0.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.3...v3.0.4\"\u003ehttps://github.com/rack/rack/compare/v3.0.3...v3.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRelease v3.0.3 by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2000\"\u003erack/rack#2000\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.5] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.2] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.9...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devise` from 4.9.4 to 5.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/releases\"\u003edevise's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.2\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0.rc\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/blob/main/CHANGELOG.md\"\u003edevise's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e5.0.3 - 2026-03-16\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix race condition vulnerability on confirmable \u0026quot;change email\u0026quot; which would allow confirming an email they don't own CVE-2026-32700 \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5783\"\u003e#5783\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5784\"\u003e#5784\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2 - 2026-02-18\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eenhancements\n\u003cul\u003e\n\u003cli\u003eAllow resource class scopes to override the global configuration for \u003ccode\u003esign_in_after_change_password\u003c/code\u003e behaviour. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5825\"\u003e#5825\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eNote\u003c/em\u003e: some users ran into an issue with this change because \u003ccode\u003eRegistrationsController\u003c/code\u003e now relies on a setting from the \u003ccode\u003e:registerable\u003c/code\u003e module. These users were configuring their own routes pointing to the \u003ccode\u003eRegistrationsController\u003c/code\u003e for resource edit/update actions mostly, without relying on the other registration actions (e.g. user sign up.), so they omitted \u003ccode\u003e:registerable\u003c/code\u003e from the model declaration. While using just a portion of the controller functionality is a valid use for \u003ccode\u003e:registerable\u003c/code\u003e (or any module really), the module must still be declared in the model, much like the other modules must be declared if you plan on using just a portion of their behavior. Please check \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5828#issuecomment-3926822788\"\u003ethis issue\u003c/a\u003e for more info.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esign_in_after_reset_password?\u003c/code\u003e check hook to passwords controller, to allow it to be customized by users. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5826\"\u003e#5826\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1 - 2026-02-13\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebug fixes\n\u003cul\u003e\n\u003cli\u003eFix translation issue with German \u003ccode\u003eE-Mail\u003c/code\u003e on invalid authentication messages caused by previous fix for incorrect grammar \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5822\"\u003e#5822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0 - 2026-01-23\u003c/h3\u003e\n\u003cp\u003eno changes\u003c/p\u003e\n\u003ch3\u003e5.0.0.rc - 2025-12-31\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Ruby \u0026lt; 2.7\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Rails \u0026lt; 7.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003e:bypass\u003c/code\u003e option from \u003ccode\u003esign_in\u003c/code\u003e helper, use \u003ccode\u003ebypass_sign_in\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003edevise_error_messages!\u003c/code\u003e helper, use \u003ccode\u003erender \u0026quot;devise/shared/error_messages\u0026quot;, resource: resource\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003escope\u003c/code\u003e second argument from \u003ccode\u003esign_in(resource, :admin)\u003c/code\u003e controller test helper, use \u003ccode\u003esign_in(resource, scope: :admin)\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::TestHelpers\u003c/code\u003e, use \u003ccode\u003eDevise::Test::ControllerHelpers\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5598\"\u003e#5598\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise.activerecord51?\u003c/code\u003e method.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove \u003ccode\u003eSecretKeyFinder\u003c/code\u003e and use \u003ccode\u003eapp.secre...\n\n_Description has been truncated_","html_url":"https://github.com/waveaccounting/activeadmin/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/waveaccounting%2Factiveadmin/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"},{"uuid":"4215431593","node_id":"PR_kwDOAHi-687QYbup","number":2908,"state":"open","title":"Bump rack from 3.2.5 to 3.2.6 in the bundler group across 1 directory","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-07T04:35:21.000Z","updated_at":"2026-04-07T04:43:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":"the bundler group across 1 directory","ecosystem":"rubygems"},"body":"Bumps the bundler group with 1 update in the / directory: [rack](https://github.com/rack/rack).\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack\u0026package-manager=bundler\u0026previous-version=3.2.5\u0026new-version=3.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/onetimesecret/onetimesecret/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/onetimesecret/onetimesecret/pull/2908","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onetimesecret%2Fonetimesecret/issues/2908","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2908/packages"},{"uuid":"4205880343","node_id":"PR_kwDOBb_6ec7P_h25","number":239,"state":"closed","title":"build(deps): Bump the non-major-updates group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-18T21:52:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-04T21:52:34.000Z","updated_at":"2026-04-18T21:52:34.000Z","time_to_close":1209599,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"non-major-updates","update_count":2,"packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rubocop","old_version":"1.85.1","new_version":"1.86.0","repository_url":"https://github.com/rubocop/rubocop"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the non-major-updates group with 2 updates in the /apps/api directory: [rack](https://github.com/rack/rack) and [rubocop](https://github.com/rubocop/rubocop).\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rubocop` from 1.85.1 to 1.86.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rubocop/rubocop/releases\"\u003erubocop's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRuboCop v1.86.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15000\"\u003e#15000\u003c/a\u003e: Display ZJIT usage when running under LSP. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14961\"\u003e#14961\u003c/a\u003e: Add \u003ccode\u003eAllowedParentClasses\u003c/code\u003e option to \u003ccode\u003eStyle/EmptyClassDefinition\u003c/code\u003e. (\u003ca href=\"https://github.com/hammadkhan\"\u003e\u003ccode\u003e@​hammadkhan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14977\"\u003e#14977\u003c/a\u003e: Support \u003ccode\u003eAllowedReceivers\u003c/code\u003e for \u003ccode\u003eStyle/HashLookupMethod\u003c/code\u003e. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/ConcatArrayLiterals\u003c/code\u003e autocorrect deleting code for percent literals with interpolation. (\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14897\"\u003e#14897\u003c/a\u003e: Detect constant reassignment after class/module definition in \u003ccode\u003eLint/ConstantReassignment\u003c/code\u003e. (\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/11829\"\u003e#11829\u003c/a\u003e: Fix false negatives for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when duplicate methods are defined in anonymous classes and modules not assigned to a constant. (\u003ca href=\"https://github.com/Darhazer\"\u003e\u003ccode\u003e@​Darhazer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14988\"\u003e#14988\u003c/a\u003e: Fix false negative in \u003ccode\u003eStyle/RedundantParentheses\u003c/code\u003e when redundant parentheses around range literals in block body. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14916\"\u003e#14916\u003c/a\u003e: Fix false positive for \u003ccode\u003eLayout/MultilineMethodCallIndentation\u003c/code\u003e when method chain is inside a hash pair value passed to a multiline chained method call. (\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15010\"\u003e#15010\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when modules blocks are passed as method arguments. (\u003ca href=\"https://github.com/5hun-s\"\u003e\u003ccode\u003e@​5hun-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15028\"\u003e#15028\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when the same method is defined in different anonymous module blocks passed to a no-receiver call (e.g. \u003ccode\u003estub_const\u003c/code\u003e). (\u003ca href=\"https://github.com/Darhazer\"\u003e\u003ccode\u003e@​Darhazer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15021\"\u003e#15021\u003c/a\u003e: Fix false positives in \u003ccode\u003eLayout/EmptyLineAfterGuardClause\u003c/code\u003e when using a guard clause followed by a multi-line guard clause with \u003ccode\u003eraise\u003c/code\u003e, \u003ccode\u003efail\u003c/code\u003e, \u003ccode\u003ereturn\u003c/code\u003e, \u003ccode\u003ebreak\u003c/code\u003e, or \u003ccode\u003enext\u003c/code\u003e. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15001\"\u003e#15001\u003c/a\u003e: Fix false positives in \u003ccode\u003eLayout/RedundantLineBreak\u003c/code\u003e when setting \u003ccode\u003eInspectBlocks: true\u003c/code\u003e and using \u003ccode\u003erescue\u003c/code\u003e or \u003ccode\u003eensure\u003c/code\u003e in the block. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14997\"\u003e#14997\u003c/a\u003e: Fix false positives in \u003ccode\u003eStyle/FileOpen\u003c/code\u003e when assigning \u003ccode\u003eFile.open\u003c/code\u003e to an instance variable, class variable, global variable, or constant. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15019\"\u003e#15019\u003c/a\u003e: Fix false positives in \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when the same method is defined in anonymous module blocks passed to different receivers. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14987\"\u003e#14987\u003c/a\u003e: Complete ERB and Haml autocorrection in a single run. (\u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15039\"\u003e#15039\u003c/a\u003e: Fix incorrect autocorrect in \u003ccode\u003eStyle/IfWithSemicolon\u003c/code\u003e when \u003ccode\u003ereturn\u003c/code\u003e with value is in the \u003ccode\u003eelse\u003c/code\u003e branch. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14930\"\u003e#14930\u003c/a\u003e: Fix incorrect autocorrection for \u003ccode\u003eStyle/IfUnlessModifier\u003c/code\u003e when multiple \u003ccode\u003eif\u003c/code\u003e/\u003ccode\u003eunless\u003c/code\u003e modifier forms are on the same line inside a collection. (\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14985\"\u003e#14985\u003c/a\u003e: Fix incorrect autocorrection in \u003ccode\u003eLint/SafeNavigationChain\u003c/code\u003e when chaining a method call after safe navigation in the if branch of a ternary. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15009\"\u003e#15009\u003c/a\u003e: Fix infinite loop in \u003ccode\u003eLayout/EndAlignment\u003c/code\u003e when \u003ccode\u003eend\u003c/code\u003e is followed by \u003ccode\u003e||\u003c/code\u003e or \u003ccode\u003e\u0026amp;\u0026amp;\u003c/code\u003e. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14981\"\u003e#14981\u003c/a\u003e: Fix spurious warning \u0026quot;does not support \u003ccode\u003eSafe\u003c/code\u003e/\u003ccode\u003eSafeAutoCorrect\u003c/code\u003e parameter\u0026quot; when those parameters are set for cops that don't have them in their default configuration. ([\u003ca href=\"https://github.com/dduugg\"\u003e\u003ccode\u003e@​dduugg\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15043\"\u003e#15043\u003c/a\u003e: Fix an error for \u003ccode\u003eLint/UselessDefaultValueArgument\u003c/code\u003e when \u003ccode\u003efetch\u003c/code\u003e without a receiver is inside a \u003ccode\u003efetch\u003c/code\u003e block. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15034\"\u003e#15034\u003c/a\u003e: Fix incorrect autocorrection in \u003ccode\u003eStyle/IfWithSemicolon\u003c/code\u003e when using single-line \u003ccode\u003eunless\u003c/code\u003e / \u003ccode\u003e;\u003c/code\u003e / \u003ccode\u003eend\u003c/code\u003e. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/NonNilCheck\u003c/code\u003e autocorrect for receivers containing spaces. (\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/RaiseArgs\u003c/code\u003e to allow anonymous keyword forwarding (\u003ccode\u003eraise Ex.new(**)\u003c/code\u003e). (\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14890\"\u003e#14890\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/RedundantCopDisableDirective\u003c/code\u003e when a \u003ccode\u003erubocop:disable\u003c/code\u003e comment is used to suppress \u003ccode\u003eLint/EmptyWhen\u003c/code\u003e, \u003ccode\u003eLint/EmptyConditionalBody\u003c/code\u003e, \u003ccode\u003eLint/EmptyInPattern\u003c/code\u003e, or \u003ccode\u003eStyle/SymbolProc\u003c/code\u003e. ([\u003ca href=\"https://github.com/eugeneius\"\u003e\u003ccode\u003e@​eugeneius\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix false negative in \u003ccode\u003eStyle/RedundantPercentQ\u003c/code\u003e for \u003ccode\u003e%q\u003c/code\u003e strings with interpolation-like syntax. (\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14984\"\u003e#14984\u003c/a\u003e: Fix \u003ccode\u003eStyle/AndOr\u003c/code\u003e adding unnecessary parentheses around \u003ccode\u003ereturn\u003c/code\u003e without arguments. ([\u003ca href=\"https://github.com/eugeneius\"\u003e\u003ccode\u003e@​eugeneius\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14945\"\u003e#14945\u003c/a\u003e: Support files with multiple modifiers in \u003ccode\u003eLint/UselessConstantScoping\u003c/code\u003e. ([\u003ca href=\"https://github.com/h-lame\"\u003e\u003ccode\u003e@​h-lame\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/TrailingMethodEndStatement\u003c/code\u003e to detect singleton methods (\u003ccode\u003edef self.foo\u003c/code\u003e). (\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/10822\"\u003e#10822\u003c/a\u003e: Don't store results in cache if there are warnings. ([\u003ca href=\"https://github.com/jonas054\"\u003e\u003ccode\u003e@​jonas054\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14718\"\u003e#14718\u003c/a\u003e: Allow setting \u003ccode\u003eMaxFilesInCache\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e to entirely disable cache pruning. ([\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14989\"\u003e#14989\u003c/a\u003e: Make \u003ccode\u003eLint/RedundantSafeNavigation\u003c/code\u003e aware of safe navigation in conditional true branch. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15041\"\u003e#15041\u003c/a\u003e: Remove \u003ccode\u003emcp\u003c/code\u003e gem from runtime dependencies. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md\"\u003erubocop's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.86.0 (2026-03-23)\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15000\"\u003e#15000\u003c/a\u003e: Display ZJIT usage when running under LSP. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14961\"\u003e#14961\u003c/a\u003e: Add \u003ccode\u003eAllowedParentClasses\u003c/code\u003e option to \u003ccode\u003eStyle/EmptyClassDefinition\u003c/code\u003e. ([\u003ca href=\"https://github.com/hammadkhan\"\u003e\u003ccode\u003e@​hammadkhan\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14977\"\u003e#14977\u003c/a\u003e: Support \u003ccode\u003eAllowedReceivers\u003c/code\u003e for \u003ccode\u003eStyle/HashLookupMethod\u003c/code\u003e. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/ConcatArrayLiterals\u003c/code\u003e autocorrect deleting code for percent literals with interpolation. ([\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14897\"\u003e#14897\u003c/a\u003e: Detect constant reassignment after class/module definition in \u003ccode\u003eLint/ConstantReassignment\u003c/code\u003e. ([\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/11829\"\u003e#11829\u003c/a\u003e: Fix false negatives for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when duplicate methods are defined in anonymous classes and modules not assigned to a constant. ([\u003ca href=\"https://github.com/Darhazer\"\u003e\u003ccode\u003e@​Darhazer\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14988\"\u003e#14988\u003c/a\u003e: Fix false negative in \u003ccode\u003eStyle/RedundantParentheses\u003c/code\u003e when redundant parentheses around range literals in block body. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14916\"\u003e#14916\u003c/a\u003e: Fix false positive for \u003ccode\u003eLayout/MultilineMethodCallIndentation\u003c/code\u003e when method chain is inside a hash pair value passed to a multiline chained method call. ([\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15010\"\u003e#15010\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when modules blocks are passed as method arguments. ([\u003ca href=\"https://github.com/5hun-s\"\u003e\u003ccode\u003e@​5hun-s\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15028\"\u003e#15028\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when the same method is defined in different anonymous module blocks passed to a no-receiver call (e.g. \u003ccode\u003estub_const\u003c/code\u003e). ([\u003ca href=\"https://github.com/Darhazer\"\u003e\u003ccode\u003e@​Darhazer\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15021\"\u003e#15021\u003c/a\u003e: Fix false positives in \u003ccode\u003eLayout/EmptyLineAfterGuardClause\u003c/code\u003e when using a guard clause followed by a multi-line guard clause with \u003ccode\u003eraise\u003c/code\u003e, \u003ccode\u003efail\u003c/code\u003e, \u003ccode\u003ereturn\u003c/code\u003e, \u003ccode\u003ebreak\u003c/code\u003e, or \u003ccode\u003enext\u003c/code\u003e. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15001\"\u003e#15001\u003c/a\u003e: Fix false positives in \u003ccode\u003eLayout/RedundantLineBreak\u003c/code\u003e when setting \u003ccode\u003eInspectBlocks: true\u003c/code\u003e and using \u003ccode\u003erescue\u003c/code\u003e or \u003ccode\u003eensure\u003c/code\u003e in the block. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14997\"\u003e#14997\u003c/a\u003e: Fix false positives in \u003ccode\u003eStyle/FileOpen\u003c/code\u003e when assigning \u003ccode\u003eFile.open\u003c/code\u003e to an instance variable, class variable, global variable, or constant. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15019\"\u003e#15019\u003c/a\u003e: Fix false positives in \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when the same method is defined in anonymous module blocks passed to different receivers. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14987\"\u003e#14987\u003c/a\u003e: Complete ERB and Haml autocorrection in a single run. ([\u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15039\"\u003e#15039\u003c/a\u003e: Fix incorrect autocorrect in \u003ccode\u003eStyle/IfWithSemicolon\u003c/code\u003e when \u003ccode\u003ereturn\u003c/code\u003e with value is in the \u003ccode\u003eelse\u003c/code\u003e branch. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14930\"\u003e#14930\u003c/a\u003e: Fix incorrect autocorrection for \u003ccode\u003eStyle/IfUnlessModifier\u003c/code\u003e when multiple \u003ccode\u003eif\u003c/code\u003e/\u003ccode\u003eunless\u003c/code\u003e modifier forms are on the same line inside a collection. ([\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14985\"\u003e#14985\u003c/a\u003e: Fix incorrect autocorrection in \u003ccode\u003eLint/SafeNavigationChain\u003c/code\u003e when chaining a method call after safe navigation in the if branch of a ternary. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15009\"\u003e#15009\u003c/a\u003e: Fix infinite loop in \u003ccode\u003eLayout/EndAlignment\u003c/code\u003e when \u003ccode\u003eend\u003c/code\u003e is followed by \u003ccode\u003e||\u003c/code\u003e or \u003ccode\u003e\u0026amp;\u0026amp;\u003c/code\u003e. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14981\"\u003e#14981\u003c/a\u003e: Fix spurious warning \u0026quot;does not support \u003ccode\u003eSafe\u003c/code\u003e/\u003ccode\u003eSafeAutoCorrect\u003c/code\u003e parameter\u0026quot; when those parameters are set for cops that don't have them in their default configuration. ([\u003ca href=\"https://github.com/dduugg\"\u003e\u003ccode\u003e@​dduugg\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15043\"\u003e#15043\u003c/a\u003e: Fix an error for \u003ccode\u003eLint/UselessDefaultValueArgument\u003c/code\u003e when \u003ccode\u003efetch\u003c/code\u003e without a receiver is inside a \u003ccode\u003efetch\u003c/code\u003e block. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15034\"\u003e#15034\u003c/a\u003e: Fix incorrect autocorrection in \u003ccode\u003eStyle/IfWithSemicolon\u003c/code\u003e when using single-line \u003ccode\u003eunless\u003c/code\u003e / \u003ccode\u003e;\u003c/code\u003e / \u003ccode\u003eend\u003c/code\u003e. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/NonNilCheck\u003c/code\u003e autocorrect for receivers containing spaces. ([\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/RaiseArgs\u003c/code\u003e to allow anonymous keyword forwarding (\u003ccode\u003eraise Ex.new(**)\u003c/code\u003e). ([\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14890\"\u003e#14890\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/RedundantCopDisableDirective\u003c/code\u003e when a \u003ccode\u003erubocop:disable\u003c/code\u003e comment is used to suppress \u003ccode\u003eLint/EmptyWhen\u003c/code\u003e, \u003ccode\u003eLint/EmptyConditionalBody\u003c/code\u003e, \u003ccode\u003eLint/EmptyInPattern\u003c/code\u003e, or \u003ccode\u003eStyle/SymbolProc\u003c/code\u003e. ([\u003ca href=\"https://github.com/eugeneius\"\u003e\u003ccode\u003e@​eugeneius\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix false negative in \u003ccode\u003eStyle/RedundantPercentQ\u003c/code\u003e for \u003ccode\u003e%q\u003c/code\u003e strings with interpolation-like syntax. ([\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14984\"\u003e#14984\u003c/a\u003e: Fix \u003ccode\u003eStyle/AndOr\u003c/code\u003e adding unnecessary parentheses around \u003ccode\u003ereturn\u003c/code\u003e without arguments. ([\u003ca href=\"https://github.com/eugeneius\"\u003e\u003ccode\u003e@​eugeneius\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14945\"\u003e#14945\u003c/a\u003e: Support files with multiple modifiers in \u003ccode\u003eLint/UselessConstantScoping\u003c/code\u003e. ([\u003ca href=\"https://github.com/h-lame\"\u003e\u003ccode\u003e@​h-lame\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/TrailingMethodEndStatement\u003c/code\u003e to detect singleton methods (\u003ccode\u003edef self.foo\u003c/code\u003e). ([\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/10822\"\u003e#10822\u003c/a\u003e: Don't store results in cache if there are warnings. ([\u003ca href=\"https://github.com/jonas054\"\u003e\u003ccode\u003e@​jonas054\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14718\"\u003e#14718\u003c/a\u003e: Allow setting \u003ccode\u003eMaxFilesInCache\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e to entirely disable cache pruning. ([\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14989\"\u003e#14989\u003c/a\u003e: Make \u003ccode\u003eLint/RedundantSafeNavigation\u003c/code\u003e aware of safe navigation in conditional true branch. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15041\"\u003e#15041\u003c/a\u003e: Remove \u003ccode\u003emcp\u003c/code\u003e gem from runtime dependencies. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/2c1b30a47d357599f36ae69c41a63966e68d7592\"\u003e\u003ccode\u003e2c1b30a\u003c/code\u003e\u003c/a\u003e Cut 1.86\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/d96701abc80717d473b1bafcb2e283f7462fe48e\"\u003e\u003ccode\u003ed96701a\u003c/code\u003e\u003c/a\u003e Update Changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/9b019c79a45a3699fff553ae7d6a702bda685130\"\u003e\u003ccode\u003e9b019c7\u003c/code\u003e\u003c/a\u003e [Fix rubocop#14916] Fix false positive for `Layout/MultilineMethodCallIndenta...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/a49271db803752640548783aaa8949fa84bfd924\"\u003e\u003ccode\u003ea49271d\u003c/code\u003e\u003c/a\u003e Fix incorrect autocorrection for \u003ccode\u003eStyle/IfUnlessModifier\u003c/code\u003e when multiple \u003ccode\u003eif\u003c/code\u003e/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/8d253110f0c9e93d05ac2fe2367815ea9fafcd56\"\u003e\u003ccode\u003e8d25311\u003c/code\u003e\u003c/a\u003e Document MaxFilesInCache: false option for disabling cache pruning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/12c7d39f2c9a0ed9906d7bfd08e0a2c25c4e369d\"\u003e\u003ccode\u003e12c7d39\u003c/code\u003e\u003c/a\u003e Detect constant reassignment after class/module definition in `Lint/ConstantR...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/fbf175c46cd6ea09bfa6631b7677861878041efe\"\u003e\u003ccode\u003efbf175c\u003c/code\u003e\u003c/a\u003e Allow disabling cache cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/3fcae5d22baa0f56df0c47ce7b672c2e2b6ada2c\"\u003e\u003ccode\u003e3fcae5d\u003c/code\u003e\u003c/a\u003e [Fix \u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14961\"\u003e#14961\u003c/a\u003e] Add \u003ccode\u003eAllowedParentClasses\u003c/code\u003e option to \u003ccode\u003eStyle/EmptyClassDefinition\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/4eba3e65485b10df08ac571562499faef2282ce4\"\u003e\u003ccode\u003e4eba3e6\u003c/code\u003e\u003c/a\u003e Memoize forwarded arg lookups in ArgumentsForwarding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/fc300c77e61b982be0b42b0e370edcfff6eca963\"\u003e\u003ccode\u003efc300c7\u003c/code\u003e\u003c/a\u003e [Fix \u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/10822\"\u003e#10822\u003c/a\u003e] Don't cache if there are warnings\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rubocop/rubocop/compare/v1.85.1...v1.86.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/jesse-c/Brewfile/pull/239","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jesse-c%2FBrewfile/issues/239","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/239/packages"},{"uuid":"4201662609","node_id":"PR_kwDOOV0y7M7P2ROS","number":1,"state":"open","title":"Bump the bundler group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-03T18:15:27.000Z","updated_at":"2026-04-03T18:15:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":8,"packages":[{"name":"rake","old_version":"0.9.2.2","new_version":"12.3.3","repository_url":"https://github.com/ruby/rake"},{"name":"rack","old_version":"1.4.1","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"sinatra","old_version":"1.3.3","new_version":"4.2.1","repository_url":"https://github.com/sinatra/sinatra"},{"name":"jekyll","old_version":"0.12.0","new_version":"0.12.1","repository_url":"https://github.com/jekyll/jekyll"},{"name":"RedCloth","old_version":"4.2.9","new_version":"4.3.3","repository_url":"https://github.com/jgarber/redcloth"},{"name":"haml","old_version":"3.1.7","new_version":"5.0.0","repository_url":"https://github.com/haml/haml"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rake](https://github.com/ruby/rake) | `0.9.2.2` | `12.3.3` |\n| [rack](https://github.com/rack/rack) | `1.4.1` | `3.2.6` |\n| [sinatra](https://github.com/sinatra/sinatra) | `1.3.3` | `4.2.1` |\n| [jekyll](https://github.com/jekyll/jekyll) | `0.12.0` | `0.12.1` |\n| [RedCloth](https://github.com/jgarber/redcloth) | `4.2.9` | `4.3.3` |\n| [haml](https://github.com/haml/haml) | `3.1.7` | `5.0.0` |\n\n\nUpdates `rake` from 0.9.2.2 to 12.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rake/releases\"\u003erake's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erake-10.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.1.0.beta.3...rake-10.1.1\"\u003ehttps://github.com/ruby/rake/compare/rake-10.1.0.beta.3...rake-10.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.1.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.4...rake-10.1.0\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.4...rake-10.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.1.0.beta.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.1.0.beta.2...rake-10.1.0.beta.3\"\u003ehttps://github.com/ruby/rake/compare/rake-10.1.0.beta.2...rake-10.1.0.beta.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.1.0.beta.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.1.0.beta.1...rake-10.1.0.beta.2\"\u003ehttps://github.com/ruby/rake/compare/rake-10.1.0.beta.1...rake-10.1.0.beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.1.0.beta.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.4...rake-10.1.0.beta.1\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.4...rake-10.1.0.beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.3...rake-10.0.4\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.3...rake-10.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.2...rake-10.0.3\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.2...rake-10.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.1...rake-10.0.2\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.1...rake-10.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.0.beta.2...rake-10.0.1\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.0.beta.2...rake-10.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-10.0.0\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-10.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.0.beta.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-10.0.0.beta.2\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-10.0.0.beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.5...rake-0.9.6\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.5...rake-0.9.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.4...rake-0.9.5\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.4...rake-0.9.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-0.9.4\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-0.9.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.2...rake-0.9.3\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.2...rake-0.9.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.3.beta.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.3.beta.2...rake-0.9.3.beta.3\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.3.beta.2...rake-0.9.3.beta.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.3.beta.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.3.beta.1...rake-0.9.3.beta.2\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.3.beta.1...rake-0.9.3.beta.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rake/blob/master/History.rdoc\"\u003erake's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e=== 12.3.3\u003c/p\u003e\n\u003cp\u003e==== Bug fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse the application's name in error message if a task is not found.\nPull Request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/303\"\u003e#303\u003c/a\u003e by tmatilai\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e==== Enhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse File.open explicitly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e=== 12.3.2\u003c/p\u003e\n\u003cp\u003e==== Bug fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed test fails caused by 2.6 warnings.\nPull Request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/297\"\u003e#297\u003c/a\u003e by hsbt\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e==== Enhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRdoc improvements.\nPull Request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/293\"\u003e#293\u003c/a\u003e by colby-swandale\u003c/li\u003e\n\u003cli\u003eImprove multitask performance.\nPull Request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/273\"\u003e#273\u003c/a\u003e by jsm\u003c/li\u003e\n\u003cli\u003eAdd alias \u003ccode\u003eprereqs\u003c/code\u003e.\nPull Request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/268\"\u003e#268\u003c/a\u003e by take-cheeze\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e=== 12.3.1\u003c/p\u003e\n\u003cp\u003e==== Bug fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport did_you_mean \u0026gt;= v1.2.0 which has a breaking change on formatters.\nPull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/262\"\u003e#262\u003c/a\u003e by FUJI Goro.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e==== Enhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDon't run task if it depends on already invoked but failed task.\nPull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/252\"\u003e#252\u003c/a\u003e by Gonzalo Rodriguez.\u003c/li\u003e\n\u003cli\u003eMake space trimming consistent for all task arguments.\nPull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/259\"\u003e#259\u003c/a\u003e by Gonzalo Rodriguez.\u003c/li\u003e\n\u003cli\u003eRemoves duplicated inclusion of Rake::DSL in tests.\nPull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/254\"\u003e#254\u003c/a\u003e by Gonzalo Rodriguez.\u003c/li\u003e\n\u003cli\u003eRe-raise a LoadError that didn't come from require in the test loader.\nPull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/250\"\u003e#250\u003c/a\u003e by Dylan Thacker-Smith.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e=== 12.3.0\u003c/p\u003e\n\u003cp\u003e==== Compatibility Changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003erequired_ruby_version\u003c/code\u003e to Ruby 2.0.0. Rake has already\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/5c87c462b64aad674ebb92b1f5b0ff2c911406cd\"\u003e\u003ccode\u003e5c87c46\u003c/code\u003e\u003c/a\u003e Bump version to 12.3.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee\"\u003e\u003ccode\u003e5b8f8fc\u003c/code\u003e\u003c/a\u003e Use File.open explicitly.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/6497ba4d94d12c123df48cc8ab40f0a4eb7fb337\"\u003e\u003ccode\u003e6497ba4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/317\"\u003e#317\u003c/a\u003e from ruby/ignore-gitignore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/be62efb6cdfc2cc00d660f8fc7d6c1c9de8014e2\"\u003e\u003ccode\u003ebe62efb\u003c/code\u003e\u003c/a\u003e Removed gitignore from gemspec files.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/1c22b490ee6cb8bd614fa8d0d6145f671466206b\"\u003e\u003ccode\u003e1c22b49\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/309\"\u003e#309\u003c/a\u003e from RDIL/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/496944a8febd51e20957e6833c7930286a0e9a25\"\u003e\u003ccode\u003e496944a\u003c/code\u003e\u003c/a\u003e Remove deprecated travis ci option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/489c7d863c666b6d287b760527acf3abe13aaf48\"\u003e\u003ccode\u003e489c7d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/307\"\u003e#307\u003c/a\u003e from ruby/azure-pipelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/77eb6d87cb69c2cc531f72d4aa1948054e9d077f\"\u003e\u003ccode\u003e77eb6d8\u003c/code\u003e\u003c/a\u003e Only enabled macOS environment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/72ffa2ea89f96df2307158fa151825dbb2c28ddf\"\u003e\u003ccode\u003e72ffa2e\u003c/code\u003e\u003c/a\u003e use realpath\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/77448726bb057c8ba90a8d12ab6e20ad60dac976\"\u003e\u003ccode\u003e7744872\u003c/code\u003e\u003c/a\u003e Do not specify ruby version of macOS\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rake/compare/v0.9.2.2...v12.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 1.4.1 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1\"\u003ehttps://github.com/rack/rack/compare/v3.0.9...v3.0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix content-length calcuation in Rack:Response#write \u003ca href=\"https://redirect.github.com/rack/rack/issues/2150\"\u003e#2150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.8...v3.0.9\"\u003ehttps://github.com/rack/rack/compare/v3.0.8...v3.0.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u0026quot;Fix some unused variable verbose warnings\u0026quot; by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2084\"\u003erack/rack#2084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2084\"\u003erack/rack#2084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.7...v3.0.8\"\u003ehttps://github.com/rack/rack/compare/v3.0.7...v3.0.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u0026quot;Make query parameters without = have nil values\u0026quot;. by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2060\"\u003erack/rack#2060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7\"\u003ehttps://github.com/rack/rack/compare/v3.0.6.1...v3.0.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.6.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.0.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1\"\u003ehttps://github.com/rack/rack/compare/v3.0.4...v3.0.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.3...v3.0.4\"\u003ehttps://github.com/rack/rack/compare/v3.0.3...v3.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRelease v3.0.3 by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2000\"\u003erack/rack#2000\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.5] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.2] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/1.4.1...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sinatra` from 1.3.3 to 4.2.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md\"\u003esinatra's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.2.1 / 2025-10-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Revert \u0026quot;\u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty\u0026quot; (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2124\"\u003e#2124\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eaddresses issues with routing and 404, \u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2113#issuecomment-3388476329\"\u003emore in the original pull request\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 / 2025-10-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003e:static_headers\u003c/code\u003e setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Avoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.1 / 2024-11-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Restore WEBrick support (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 / 2024-11-18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003ehost_authorization\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2053\"\u003e#2053\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDefaults to \u003ccode\u003e.localhost\u003c/code\u003e, \u003ccode\u003e.test\u003c/code\u003e and any IP address in development mode.\u003c/li\u003e\n\u003cli\u003eSecurity: addresses \u003ca href=\"https://github.com/advisories/GHSA-hxx2-7vcw-mqr3\"\u003eCVE-2024-21510\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix: Return an instance of \u003ccode\u003eSinatra::IndifferentHash\u003c/code\u003e when calling \u003ccode\u003e#except\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning from \u003ccode\u003eURI\u003c/code\u003e for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003erackup\u003c/code\u003e no longer depends on WEBrick, recommend Puma instead (\u003ca href=\"https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6\"\u003e\u003ccode\u003e4a558503\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Zeitwerk 2.7.0+ compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning about Hash construction for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Declare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2032\"\u003e#2032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Compatibility with \u003ccode\u003e--enable-frozen-string-literal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2033\"\u003e#2033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Rack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2035\"\u003e#2035\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDon't depend on \u003ccode\u003eRack::Logger\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't delete \u003ccode\u003econtent-length\u003c/code\u003e header when \u003ccode\u003eRack::Files\u003c/code\u003e is used\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.1 / 2025-05-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2035\"\u003e#2035\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix compatibility with --enable-frozen-string-literal (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2033\"\u003e#2033\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeclare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2032\"\u003e#2032\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix warning about Hash construction. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport Zeitwerk 2.7.0+ (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress URI depreciation (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/599a007a779dc9940e49f34e9077220f4c209f4b\"\u003e\u003ccode\u003e599a007\u003c/code\u003e\u003c/a\u003e 4.2.1 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/2c7f8db854a5b75fe08102983788548f8eb806b0\"\u003e\u003ccode\u003e2c7f8db\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;\u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty.\u0026quot; (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2124\"\u003e#2124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/f2ad45f7d2456172974a30d300e9f82424336e09\"\u003e\u003ccode\u003ef2ad45f\u003c/code\u003e\u003c/a\u003e 4.2.0 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2122\"\u003e#2122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd\"\u003e\u003ccode\u003e3fe8c38\u003c/code\u003e\u003c/a\u003e Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/fa99a21461d4f1f5337b9b9d7a38a1b51c8f4e55\"\u003e\u003ccode\u003efa99a21\u003c/code\u003e\u003c/a\u003e \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ea0d3fae36d8bba330c1d1f88ef1be2e9e54516a\"\u003e\u003ccode\u003eea0d3fa\u003c/code\u003e\u003c/a\u003e Skip broken tests. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2115\"\u003e#2115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/5e1598501eb23a8673d61034df7be7d50c228400\"\u003e\u003ccode\u003e5e15985\u003c/code\u003e\u003c/a\u003e Sync changelog for v4.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/91cfb548c9e50a65324a9ce9e4ea5f10cd897027\"\u003e\u003ccode\u003e91cfb54\u003c/code\u003e\u003c/a\u003e Add :static_headers setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/c918134b0a520cb80b8b4cc3ab222cb6bbd9c827\"\u003e\u003ccode\u003ec918134\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003erubygems_mfa_required\u003c/code\u003e for the \u003ccode\u003esinatra\u003c/code\u003e gem (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2087\"\u003e#2087\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ac3ff2363b6dfc61d2b438c4dfccc515bc6bf48c\"\u003e\u003ccode\u003eac3ff23\u003c/code\u003e\u003c/a\u003e README: Remove duplicate mention of installing puma (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2091\"\u003e#2091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sinatra/sinatra/compare/1.3.3...v4.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jekyll` from 0.12.0 to 0.12.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jekyll/jekyll/blob/master/History.markdown\"\u003ejekyll's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.12.1 / 2013-02-19\u003c/h2\u003e\n\u003ch3\u003eMinor Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Kramdown version to 0.14.1 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTest Enhancements\u003c/li\u003e\n\u003cli\u003eUpdate Rake version to 10.0.3 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Shoulda version to 3.3.2 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Redcarpet version to 2.2.2 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/95f7baf83741e9fd693f1150627c84201f0906f7\"\u003e\u003ccode\u003e95f7baf\u003c/code\u003e\u003c/a\u003e Release 0.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/399ef34c7940ed38478b405aba00463ba9bdc8bf\"\u003e\u003ccode\u003e399ef34\u003c/code\u003e\u003c/a\u003e Update date in gemspec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/b90ff969448efb1c27de6e2f134f46d334766c31\"\u003e\u003ccode\u003eb90ff96\u003c/code\u003e\u003c/a\u003e Relax Kramdown requirement to 0.14 instead of 0.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/0dc85258b6ed988357057ce7d7700aad3095614d\"\u003e\u003ccode\u003e0dc8525\u003c/code\u003e\u003c/a\u003e Bump version in gemspec and in jekyll.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/b65b29b4297a4f94409fc9bbaa14a73e56ad1fc9\"\u003e\u003ccode\u003eb65b29b\u003c/code\u003e\u003c/a\u003e Update History.txt for 0.12.1 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/e8044772783a435140df3e7d075e6483fd5d7742\"\u003e\u003ccode\u003ee804477\u003c/code\u003e\u003c/a\u003e Fix Kramdown tests: they now use numerical HTML entities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/f9cca40917858804afd8da3f52f9a48b0ba176bd\"\u003e\u003ccode\u003ef9cca40\u003c/code\u003e\u003c/a\u003e Require test/unit in test helper.rb for execution of unit tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/bc8894461c5ef4ea47cbaea53f91a84dd8b5a2bf\"\u003e\u003ccode\u003ebc88944\u003c/code\u003e\u003c/a\u003e Update dependencies: kramdown, rake, shoulda, cucumber, redcarpet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/53b894522622f9e2aec7232ba996db567c636b89\"\u003e\u003ccode\u003e53b8945\u003c/code\u003e\u003c/a\u003e Retrieving gems from rubygems via HTTPS\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jekyll/jekyll/compare/v0.12.0...v0.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jekyll` from 0.12.0 to 0.12.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jekyll/jekyll/blob/master/History.markdown\"\u003ejekyll's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.12.1 / 2013-02-19\u003c/h2\u003e\n\u003ch3\u003eMinor Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Kramdown version to 0.14.1 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTest Enhancements\u003c/li\u003e\n\u003cli\u003eUpdate Rake version to 10.0.3 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Shoulda version to 3.3.2 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Redcarpet version to 2.2.2 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/95f7baf83741e9fd693f1150627c84201f0906f7\"\u003e\u003ccode\u003e95f7baf\u003c/code\u003e\u003c/a\u003e Release 0.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/399ef34c7940ed38478b405aba00463ba9bdc8bf\"\u003e\u003ccode\u003e399ef34\u003c/code\u003e\u003c/a\u003e Update date in gemspec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/b90ff969448efb1c27de6e2f134f46d334766c31\"\u003e\u003ccode\u003eb90ff96\u003c/code\u003e\u003c/a\u003e Relax Kramdown requirement to 0.14 instead of 0.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/0dc85258b6ed988357057ce7d7700aad3095614d\"\u003e\u003ccode\u003e0dc8525\u003c/code\u003e\u003c/a\u003e Bump version in gemspec and in jekyll.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/b65b29b4297a4f94409fc9bbaa14a73e56ad1fc9\"\u003e\u003ccode\u003eb65b29b\u003c/code\u003e\u003c/a\u003e Update History.txt for 0.12.1 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/e8044772783a435140df3e7d075e6483fd5d7742\"\u003e\u003ccode\u003ee804477\u003c/code\u003e\u003c/a\u003e Fix Kramdown tests: they now use numerical HTML entities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/f9cca40917858804afd8da3f52f9a48b0ba176bd\"\u003e\u003ccode\u003ef9cca40\u003c/code\u003e\u003c/a\u003e Require test/unit in test helper.rb for execution of unit tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/bc8894461c5ef4ea47cbaea53f91a84dd8b5a2bf\"\u003e\u003ccode\u003ebc88944\u003c/code\u003e\u003c/a\u003e Update dependencies: kramdown, rake, shoulda, cucumber, redcarpet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/53b894522622f9e2aec7232ba996db567c636b89\"\u003e\u003ccode\u003e53b8945\u003c/code\u003e\u003c/a\u003e Retrieving gems from rubygems via HTTPS\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jekyll/jekyll/compare/v0.12.0...v0.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `RedCloth` from 4.2.9 to 4.3.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jgarber/redcloth/blob/master/CHANGELOG\"\u003eRedCloth's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e== 4.3.3 / Nov 2nd, 2023\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tests for CVE-2023-31606 [Helio Cola]\u003c/li\u003e\n\u003cli\u003eFix rake compile [Helio Cola and Faria Education Group]\u003c/li\u003e\n\u003cli\u003eFix CVE-2023-31606 (ReDOS possible in the sanitize_html function) [Kornelius Kalnbach and Merbin Russel]\u003c/li\u003e\n\u003cli\u003eImmutable strings [Matijs van Zuijlen]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e== 4.3.2 / May 23rd, 2016\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix additional case for CVE-2012-6684 [Joshua Siler]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e== 4.3.1 / May 17th, 2016\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix additional case for CVE-2012-6684 [Joshua Siler]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e== 4.3.0 / April 29th, 2016\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRemove JRuby and Windows cross compilation and support\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd Ruby 2.2.3 testing and support\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003einclude CVE-2012-6684 fix [Tomas Pospisek]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix by [Antonio Terceiro]\n\u003cul\u003e\n\u003cli\u003esee \u003ca href=\"http://sources.debian.net/src/ruby-redcloth/4.2.9-4/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch/\"\u003ehttp://sources.debian.net/src/ruby-redcloth/4.2.9-4/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003evulnerability reported by [Kousuke Ebihara]\n\u003cul\u003e\n\u003cli\u003esee \u003ca href=\"http://co3k.org/blog/redcloth-unfixed-xss-en\"\u003ehttp://co3k.org/blog/redcloth-unfixed-xss-en\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e== 4.2.9.1 / February 24, 2015\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLazy-load latex_entities.yml [Charlie Somerville]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/8297da8aa071b3bf1584738229f277833bd20c49\"\u003e\u003ccode\u003e8297da8\u003c/code\u003e\u003c/a\u003e 4.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/2600d93ff164a5244cec86a3047619ae8b4e4b04\"\u003e\u003ccode\u003e2600d93\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jgarber/redcloth/issues/80\"\u003e#80\u003c/a\u003e from jgarber/tests/CVE-2023-31606\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/ac10b687041e12cb49a196acf79687d6f596114e\"\u003e\u003ccode\u003eac10b68\u003c/code\u003e\u003c/a\u003e Add tests for CVE-2023-31606\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/4e85481aca18e50fcd17ad432234e0af8245b080\"\u003e\u003ccode\u003e4e85481\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jgarber/redcloth/issues/78\"\u003e#78\u003c/a\u003e from jgarber/fix/build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/ccdd54dd68810f8ccd0c9b11c301d883240fcd22\"\u003e\u003ccode\u003eccdd54d\u003c/code\u003e\u003c/a\u003e Fix rake compile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/8b1327688fef8e6617792054ef299d7bc74c0a1e\"\u003e\u003ccode\u003e8b13276\u003c/code\u003e\u003c/a\u003e Fix CVE-2023-31606 (ReDOS possible in the sanitize_html function) (\u003ca href=\"https://redirect.github.com/jgarber/redcloth/issues/75\"\u003e#75\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/dd7ee6caaa6c899f4d5389c1b2fe4a17f1e5f326\"\u003e\u003ccode\u003edd7ee6c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jgarber/redcloth/issues/47\"\u003e#47\u003c/a\u003e from greggawatt/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/5c9b35c3f8af989cf2a8d22f1bb9d8140641cd5b\"\u003e\u003ccode\u003e5c9b35c\u003c/code\u003e\u003c/a\u003e Update README.rdoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/c34fa195ca540b2bea84d9cfe1813e070e4ed154\"\u003e\u003ccode\u003ec34fa19\u003c/code\u003e\u003c/a\u003e Update README.rdoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/4808b36d7063a7cfade89378d879a9134cd30a3e\"\u003e\u003ccode\u003e4808b36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jgarber/redcloth/issues/38\"\u003e#38\u003c/a\u003e from mvz/immutable-strings\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jgarber/redcloth/compare/v4.2.9...v4.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haml` from 3.1.7 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haml/haml/blob/main/CHANGELOG.md\"\u003ehaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eReleased on April 26, 2017\n(\u003ca href=\"https://github.com/haml/haml/compare/4.0.7...v5.0.0\"\u003ediff\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eBreaking Changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHaml now requires Ruby 2.0.0 or above.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRails 3 is no longer supported, matching the official\n\u003ca href=\"http://weblog.rubyonrails.org/2013/2/24/maintenance-policy-for-ruby-on-rails/\"\u003eMaintenance Policy for Ruby on Rails\u003c/a\u003e.\nUse Haml 4 if you want to use Rails 3.\n(Tee Parham)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove \u003ccode\u003e:ugly\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/haml/haml/pull/894\"\u003e#894\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003ehaml\u003c/code\u003e command's debug option (\u003ccode\u003e-d\u003c/code\u003e) no longer executes the Haml code, but\nrather checks the generated Ruby syntax for errors.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop parser/compiler accessor from \u003ccode\u003eHaml::Engine\u003c/code\u003e. Modify \u003ccode\u003eHaml::Engine#initialize\u003c/code\u003e options\nor \u003ccode\u003eHaml::Template.options\u003c/code\u003e instead. (Takashi Kokubun)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop dynamic quotes support and always escape \u003ccode\u003e'\u003c/code\u003e for \u003ccode\u003eescape_html\u003c/code\u003e/\u003ccode\u003eescape_attrs\u003c/code\u003e instead.\nAlso, escaped results are slightly changed and always unified to the same characters. (Takashi Kokubun)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't preserve newlines in attributes. (Takashi Kokubun)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTML escape interpolated code in filters.\n\u003ca href=\"https://redirect.github.com/haml/haml/pull/770\"\u003e#770\u003c/a\u003e\n(Matt Wildig)\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e  :javascript\n    #{JSON.generate(foo: \u0026quot;bar\u0026quot;)}\n  Haml 4 output: {\u0026quot;foo\u0026quot;:\u0026quot;bar\u0026quot;}\n  Haml 5 output: {\u0026amp;quot;foo\u0026amp;quot;:\u0026amp;quot;bar\u0026amp;quot;}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAdded\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a tracing option. When enabled, Haml will output a data-trace attribute on each tag showing the path\nto the source Haml file from which it was generated. Thanks \u003ca href=\"https://github.com/ababkin\"\u003eAlex Babkin\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ehaml_tag_if\u003c/code\u003e to render a block, conditionally wrapped in another element (Matt Wildig)\u003c/li\u003e\n\u003cli\u003eSupport Rails 5.1 Erubi template handler.\u003c/li\u003e\n\u003cli\u003eSupport Sprockets 3. Thanks \u003ca href=\"https://github.com/samphilipd\"\u003eSam Davies\u003c/a\u003e and \u003ca href=\"https://github.com/jvenezia\"\u003eJeremy Venezia\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eGeneral performance and memory usage improvements. (Akira Matsuda)\u003c/li\u003e\n\u003cli\u003eAnalyze attribute values by Ripper and render static attributes beforehand. (Takashi Kokubun)\u003c/li\u003e\n\u003cli\u003eOptimize attribute rendering about 3x faster. (Takashi Kokubun)\u003c/li\u003e\n\u003cli\u003eAdd temple gem as dependency and create \u003ccode\u003eHaml::TempleEngine\u003c/code\u003e class.\nSome methods in \u003ccode\u003eHaml::Compiler\u003c/code\u003e are migrated to \u003ccode\u003eHaml::TempleEngine\u003c/code\u003e. (Takashi Kokubun)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for attribute merging. When an attribute method (or literal nested hash)\nwas used in an old style attribute hash and there is also a (non-static) new\nstyle hash there is an error. The fix can result in different behavior in\nsome circumstances. See the \u003ca href=\"https://github.com/haml/haml/tree/e475b015d3171fb4c4f140db304f7970c787d6e3\"\u003ecommit message\u003c/a\u003e\nfor detailed info. (Matt Wildig)\u003c/li\u003e\n\u003cli\u003eMake escape_once respect hexadecimal references. (Matt Wildig)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/78e2a09d3b8c6f7cdb3bb87ff84dce8fad5598ac\"\u003e\u003ccode\u003e78e2a09\u003c/code\u003e\u003c/a\u003e Version 5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/e5d6409bad6da77c697efc924c36ad2c5405b680\"\u003e\u003ccode\u003ee5d6409\u003c/code\u003e\u003c/a\u003e Note about \u003ca href=\"https://redirect.github.com/haml/haml/issues/770\"\u003e#770\u003c/a\u003e in Haml 5 changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/1bac6f902fe7683317b46ddcf0fdbbab6ffcd0da\"\u003e\u003ccode\u003e1bac6f9\u003c/code\u003e\u003c/a\u003e Remove JRuby from allow_failures\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/d45c2d44b6b993ae7d54634948d69c2951d6dda3\"\u003e\u003ccode\u003ed45c2d4\u003c/code\u003e\u003c/a\u003e Add backslash for @ to support JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/8f207073c2e0e2bc296f18424b3fec3dfe659674\"\u003e\u003ccode\u003e8f20707\u003c/code\u003e\u003c/a\u003e Enable frozen_string_literal pragma if possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/a6bb25529a5df92b355f8e4b2a712c2aa3ff1b26\"\u003e\u003ccode\u003ea6bb255\u003c/code\u003e\u003c/a\u003e Oops, this was not intentional...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/aa4c397410312ab3c3ee6191110f5e595e5eea00\"\u003e\u003ccode\u003eaa4c397\u003c/code\u003e\u003c/a\u003e Fix spec in \u003ca href=\"https://redirect.github.com/haml/haml/issues/867\"\u003e#867\u003c/a\u003e for pretty mode removal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/11af7954f3e9ba5e21924c11c49773cacc18eeb2\"\u003e\u003ccode\u003e11af795\u003c/code\u003e\u003c/a\u003e Fallback to default value of preserve option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/bbbeb7ea8ade64fec20de4e0254040a229bdda0e\"\u003e\u003ccode\u003ebbbeb7e\u003c/code\u003e\u003c/a\u003e Update CHANGELOG to include \u003ca href=\"https://redirect.github.com/haml/haml/issues/867\"\u003e#867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/ed7f24f1dc63c38f3d143289262266cbf59a9f1f\"\u003e\u003ccode\u003eed7f24f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/haml/haml/issues/867\"\u003e#867\u003c/a\u003e from redoPop/atful-css\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haml/haml/compare/3.1.7...v5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sinatra` from 1.3.3 to 4.2.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md\"\u003esinatra's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.2.1 / 2025-10-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Revert \u0026quot;\u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty\u0026quot; (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2124\"\u003e#2124\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eaddresses issues with routing and 404, \u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2113#issuecomment-3388476329\"\u003emore in the original pull request\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 / 2025-10-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003e:static_headers\u003c/code\u003e setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Avoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.1 / 2024-11-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Restore WEBrick support (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 / 2024-11-18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003ehost_authorization\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2053\"\u003e#2053\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDefaults to \u003ccode\u003e.localhost\u003c/code\u003e, \u003ccode\u003e.test\u003c/code\u003e and any IP address in development mode.\u003c/li\u003e\n\u003cli\u003eSecurity: addresses \u003ca href=\"https://github.com/advisories/GHSA-hxx2-7vcw-mqr3\"\u003eCVE-2024-21510\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix: Return an instance of \u003ccode\u003eSinatra::IndifferentHash\u003c/code\u003e when calling \u003ccode\u003e#except\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning from \u003ccode\u003eURI\u003c/code\u003e for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003erackup\u003c/code\u003e no longer depends on WEBrick, recommend Puma instead (\u003ca href=\"https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6\"\u003e\u003ccode\u003e4a558503\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Zeitwerk 2.7.0+ compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning about Hash construction for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Declare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2032\"\u003e#2032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Compatibility with \u003ccode\u003e--enable-frozen-string-literal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2033\"\u003e#2033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Rack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2035\"\u003e#2035\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDon't depend on \u003ccode\u003eRack::Logger\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't delete \u003ccode\u003econtent-length\u003c/code\u003e header when \u003ccode\u003eRack::Files\u003c/code\u003e is used\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.1 / 2025-05-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2035\"\u003e#2035\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix compatibility with --enable-frozen-string-literal (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2033\"\u003e#2033\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeclare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2032\"\u003e#2032\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix warning about Hash construction. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport Zeitwerk 2.7.0+ (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress URI depreciation (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/599a007a779dc9940e49f34e9077220f4c209f4b\"\u003e\u003ccode\u003e599a007\u003c/code\u003e\u003c/a\u003e 4.2.1 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/2c7f8db854a5b75fe08102983788548f8eb806b0\"\u003e\u003ccode\u003e2c7f8db\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;\u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty.\u0026quot; (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2124\"\u003e#2124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/f2ad45f7d2456172974a30d300e9f82424336e09\"\u003e\u003ccode\u003ef2ad45f\u003c/code\u003e\u003c/a\u003e 4.2.0 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2122\"\u003e#2122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd\"\u003e\u003ccode\u003e3fe8c38\u003c/code\u003e\u003c/a\u003e Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/fa99a21461d4f1f5337b9b9d7a38a1b51c8f4e55\"\u003e\u003ccode\u003efa99a21\u003c/code\u003e\u003c/a\u003e \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ea0d3fae36d8bba330c1d1f88ef1be2e9e54516a\"\u003e\u003ccode\u003eea0d3fa\u003c/code\u003e\u003c/a\u003e Skip broken tests. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2115\"\u003e#2115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/5e1598501eb23a8673d61034df7be7d50c228400\"\u003e\u003ccode\u003e5e15985\u003c/code\u003e\u003c/a\u003e Sync changelog for v4.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/91cfb548c9e50a65324a9ce9e4ea5f10cd897027\"\u003e\u003ccode\u003e91cfb54\u003c/code\u003e\u003c/a\u003e Add :static_headers setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/c918134b0a520cb80b8b4cc3ab222cb6bbd9c827\"\u003e\u003ccode\u003ec918134\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003erubygems_mfa_required\u003c/code\u003e for the \u003ccode\u003esinatra\u003c/code\u003e gem (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2087\"\u003e#2087\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ac3ff2363b6dfc61d2b438c4dfccc515bc6bf48c\"\u003e\u003ccode\u003eac3ff23\u003c/code\u003e\u003c/a\u003e README: Remove duplicate mention of installing puma (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2091\"\u003e#2091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sinatra/sinatra/compare/1.3.3...v4.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `kramdown` from 0.13.8 to 0.14.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/gettalong/kramdown/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-protection` from 1.3.2 to 4.2.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md\"\u003erack-protection's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.2.1 / 2025-10-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Revert \u0026quot;\u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty\u0026quot; (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2124\"\u003e#2124\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eaddresses issues with routing and 404, \u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2113#issuecomment-3388476329\"\u003emore in the original pull request\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 / 2025-10-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003e:static_headers\u003c/code\u003e setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Avoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.1 / 2024-11-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Restore WEBrick support (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 / 2024-11-18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003ehost_authorization\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2053\"\u003e#2053\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDefaults to \u003ccode\u003e.localhost\u003c/code\u003e, \u003ccode\u003e.test\u003c/code\u003e and any IP address in development mode.\u003c/li\u003e\n\u003cli\u003eSecurity: addresses \u003ca href=\"https://github.com/advisories/GHSA-hxx2-7vcw-mqr3\"\u003eCVE-2024-21510\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix: Return an instance of \u003ccode\u003eSinatra::IndifferentHash\u003c/code\u003e when calling \u003ccode\u003e#except\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning from \u003ccode\u003eURI\u003c/code\u003e for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003erackup\u003c/code\u003e no longer depends on WEBrick, recommend Puma instead (\u003ca href=\"https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6\"\u003e\u003ccode\u003e4a558503\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Zeitwerk 2.7.0+ compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning about Hash construction for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Declare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2032\"\u003e#2032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Compatibility with \u003ccode\u003e--enable-frozen-string-literal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2033\"\u003e#2033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Rack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2035\"\u003e#2035\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDon't depend on \u003ccode\u003eRack::Logger\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't delete \u003ccode\u003econtent-length\u003c/code\u003e header when \u003ccode\u003eRack::Files\u003c/code\u003e is used\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.1 / 2025-05-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2035\"\u003e#2035\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix compatibility with --enable-frozen-string-literal (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2033\"\u003e#2033\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeclare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2032\"\u003e#2032\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix warning about Hash construction. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport Zeitwerk 2.7.0+ (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress URI depreciation (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/599a007a779dc9940e49f34e9077220f4c209f4b\"\u003e\u003ccode\u003e599a007\u003c/code\u003e\u003c/a\u003e 4.2.1 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/f2ad45f7d2456172974a30d300e9f82424336e09\"\u003e\u003ccode\u003ef2ad45f\u003c/code\u003e\u003c/a\u003e 4.2.0 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2122\"\u003e#2122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/cfcc70dee1133690207b5a3dc6000426ec04e250\"\u003e\u003ccode\u003ecfcc70d\u003c/code\u003e\u003c/a\u003e CI: don't use \u003ccode\u003eRack::Lint\u003c/code\u003e on invalid hostname (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2086\"\u003e#2086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/7b50a1bbb5324838908dfaa00ec53ad322673a29\"\u003e\u003ccode\u003e7b50a1b\u003c/code\u003e\u003c/a\u003e 4.1.1 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/73f3291d114b5b211e067263eeb9c0e197fe8500\"\u003e\u003ccode\u003e73f3291\u003c/code\u003e\u003c/a\u003e 4.1.0 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2063\"\u003e#2063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/cd3e00de20ddaff34ea30f7a74a7b9dad189d1d8\"\u003e\u003ccode\u003ecd3e00d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eHostAuthorization\u003c/code\u003e rack-protection middleware (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2053\"\u003e#2053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6\"\u003e\u003ccode\u003e4a55850\u003c/code\u003e\u003c/a\u003e Remove WEBrick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/319af3a298cb8278670f285b6c02df0fd084615d\"\u003e\u003ccode\u003e319af3a\u003c/code\u003e\u003c/a\u003e Declare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2032\"\u003e#2032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/8d0095fc8c37f39d41caf74637da72c1ac952299\"\u003e\u003ccode\u003e8d0095f\u003c/code\u003e\u003c/a\u003e Adjust \u003ccode\u003eCookieTossing\u003c/code\u003e spec for Rack 3.1+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/5640495babcb4cfd69ba650b293660b7446402da\"\u003e\u003ccode\u003e5640495\u003c/code\u003e\u003c/a\u003e Fix typos in changelog, readme and code comments (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2006\"\u003e#2006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sinatra/sinatra/compare/1.3.2...v4.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/octopress/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/octopress/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Foctopress/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}],"issue_packages":[{"old_version":"2.2.4","new_version":"2.2.23","update_type":"patch","path":null,"pr_created_at":"2026-05-18T19:37:07.000Z","version_change":"2.2.4 → 2.2.23","issue":{"uuid":"4472017836","node_id":"PR_kwDOPKm1Fs7cy_dL","number":34,"state":"closed","title":"Bump the bundler group across 9 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T20:32:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T19:37:07.000Z","updated_at":"2026-06-09T20:32:08.000Z","time_to_close":1904099,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":6,"packages":[{"name":"nokogiri","old_version":"1.13.8","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.4","new_version":"2.2.23","repository_url":"https://github.com/rack/rack"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"addressable","old_version":"2.8.4","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"faraday","old_version":"2.13.1","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"},{"name":"rack","old_version":"3.1.14","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"},{"name":"faraday","old_version":"2.11.0","new_version":"2.14.2","repository_url":"https://github.com/lostisland/faraday"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack), [addressable](https://github.com/sporkmonger/addressable), [faraday](https://github.com/lostisland/faraday), [rack-session](https://github.com/rack/rack-session) and [jwt](https://github.com/jwt/ruby-jwt) to permit the latest version.\nUpdates `nokogiri` from 1.13.8 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003ec34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem\r\n7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem\r\nb7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem\r\n61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem\r\n58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem\r\ne9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem\r\n8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem\r\n7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem\r\nfa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem\r\n93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem\r\n38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\"\u003ehttps://github.com/sparklemotion/nokogiri/compare/v1.19.1...v1.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.2 / 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3611\"\u003e#3611\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.13.8...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 2.2.4 to 2.2.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.4 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.4...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.13.1 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/2ecd5e05388303087c3f6872ef7f98f260e9560f\"\u003e\u003ccode\u003e2ecd5e0\u003c/code\u003e\u003c/a\u003e Update version.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3f1280c69e93297d574e85a2d462d05ebadf1d09\"\u003e\u003ccode\u003e3f1280c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/81dc1688742ad30fa747daba5a82592a1e4df8a8\"\u003e\u003ccode\u003e81dc168\u003c/code\u003e\u003c/a\u003e Upgrade package.json packages using audit fix (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/8b4d1fd06fd47dd33f3720794d4df38498c240ec\"\u003e\u003ccode\u003e8b4d1fd\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a01039c948d3e9e41e03d152aed7244f0fb4d5ca\"\u003e\u003ccode\u003ea01039c\u003c/code\u003e\u003c/a\u003e fix(docs): fix incorrect link label in request-options and remove dead link i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/7df3f24bc32d309136c67d94a9f5e4679085af0d\"\u003e\u003ccode\u003e7df3f24\u003c/code\u003e\u003c/a\u003e Lint: Style/OneClassPerFile (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1668\"\u003e#1668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/c6988a840738760fae1a40d653fa2ccd0da425b9\"\u003e\u003ccode\u003ec6988a8\u003c/code\u003e\u003c/a\u003e Modernize RuboCop configuration and fix offenses (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/32e010f1c3d5cf0f854fd52df553adf9b29985f4\"\u003e\u003ccode\u003e32e010f\u003c/code\u003e\u003c/a\u003e Add Ruby 4 to CI (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.1...v2.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.14 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\"\u003ehttps://github.com/rack/rack/compare/v2.2.8...v2.2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLimit file extension length of multipart tempfiles (2.2 backport) by \u003ca href=\"https://github.com/dentarg\"\u003e\u003ccode\u003e@​dentarg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2075\"\u003erack/rack#2075\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCHANGELOG: Add missing 2.2.7 by \u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate cookie.rb by \u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer ubuntu-latest for testing. by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2095\"\u003erack/rack#2095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix inefficient assert pattern in Rack::Lint [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2101\"\u003erack/rack#2101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRegenerate SPEC [2-2-stable] by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2102\"\u003erack/rack#2102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tisba\"\u003e\u003ccode\u003e@​tisba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2081\"\u003erack/rack#2081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dchandekstark\"\u003e\u003ccode\u003e@​dchandekstark\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2092\"\u003erack/rack#2092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.7...v2.2.8\"\u003ehttps://github.com/rack/rack/compare/v2.2.7...v2.2.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the year number in the changelog by \u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport underscore in host names for Rack 2.2 (Fixes \u003ca href=\"https://redirect.github.com/rack/rack/issues/2070\"\u003e#2070\u003c/a\u003e) by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2071\"\u003erack/rack#2071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kimulab\"\u003e\u003ccode\u003e@​kimulab\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2015\"\u003erack/rack#2015\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\"\u003ehttps://github.com/rack/rack/compare/v2.2.6.4...v2.2.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.6.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/2.2.4...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.7 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 6 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/535\"\u003e#535\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/535\"\u003esporkmonger/addressable#535\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.6 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMemoize regexps for common character classes (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/524\"\u003e#524\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/524\"\u003esporkmonger/addressable#524\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.5 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix thread safety issue with encoding tables (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefine URI::NONE as a module to avoid serialization issues (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix YAML serialization (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/508\"\u003e#508\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/508\"\u003esporkmonger/addressable#508\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/509\"\u003e#509\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/509\"\u003esporkmonger/addressable#509\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/515\"\u003e#515\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/515\"\u003esporkmonger/addressable#515\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.4...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/releases\"\u003erack-session's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.11.0 to 2.14.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.2\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ruby 4 to CI by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize RuboCop configuration and fix offenses by \u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1660\"\u003elostisland/faraday#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLint: Style/OneClassPerFile by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1668\"\u003elostisland/faraday#1668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(docs): fix incorrect link label  by \u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Upgrade package.json packages using audit fix by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1669\"\u003elostisland/faraday#1669\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/larouxn\"\u003e\u003ccode\u003e@​larouxn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1659\"\u003elostisland/faraday#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JohnnyKei\"\u003e\u003ccode\u003e@​JohnnyKei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1667\"\u003elostisland/faraday#1667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.1...v2.14.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"ht...\n\n_Description has been truncated_","html_url":"https://github.com/useplato/gitlabhq/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/useplato%2Fgitlabhq/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"}},{"old_version":"3.2.5","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-05-07T08:42:01.000Z","version_change":"3.2.5 → 3.2.6","issue":{"uuid":"4397358819","node_id":"PR_kwDOLTgSI87ZEe49","number":175,"state":"open","title":"Bump the bundler group across 2 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-07T08:42:01.000Z","updated_at":"2026-05-07T08:42:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":5,"packages":[{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"net-imap","old_version":"0.6.3","new_version":"0.6.4","repository_url":"https://github.com/ruby/net-imap"},{"name":"nokogiri","old_version":"1.19.2","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the /examples/stacks/jekyll/myblog directory: [addressable](https://github.com/sporkmonger/addressable) and [rexml](https://github.com/ruby/rexml).\nBumps the bundler group with 4 updates in the /examples/stacks/rails/blog directory: [addressable](https://github.com/sporkmonger/addressable), [net-imap](https://github.com/ruby/net-imap), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `net-imap` from 0.6.3 to 0.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/net-imap/releases\"\u003enet-imap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003e🔒 Security\u003c/h3\u003e\n\u003cp\u003eThis release contains fixes for \u003cstrong\u003emultiple vulnerabilities\u003c/strong\u003e concerning \u003cem\u003e\u003cstrong\u003e\u003ccode\u003eSTARTTLS\u003c/code\u003e stripping\u003c/strong\u003e\u003c/em\u003e, argument validation, and denial of service attacks.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/664\"\u003eruby/net-imap#664\u003c/a\u003e fixes a \u003ccode\u003eSTARTTLS\u003c/code\u003e stripping vulnerability (GHSA-vcgp-9326-pqcp).\nWithout this fix, a man-in-the-middle attacker can cause \u003ccode\u003eNet::IMAP#starttls\u003c/code\u003e to return \u0026quot;successfully\u0026quot;, \u003cstrong\u003e\u003cem\u003ewithout starting TLS\u003c/em\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nArgument validation is significantly improved.  Several injection vulnerabilities have been fixed:\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/657\"\u003eruby/net-imap#657\u003c/a\u003e fixes CRLF/command/argument injection via Symbol arguments (GHSA-75xq-5h9v-w6px).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/658\"\u003eruby/net-imap#658\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003eattr\u003c/code\u003e argument to \u003ccode\u003e#store\u003c/code\u003e/\u003ccode\u003e#uid_store\u003c/code\u003e (GHSA-hm49-wcqc-g2xg)\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/659\"\u003eruby/net-imap#659\u003c/a\u003e fixes CRLF/command/argument injection via the \u003ccode\u003estorage_limit\u003c/code\u003e argument to \u003ccode\u003e#setquota\u003c/code\u003e (GHSA-hm49-wcqc-g2xg).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/660\"\u003eruby/net-imap#660\u003c/a\u003e fixes CRLF/command injection via \u003ccode\u003eRawData\u003c/code\u003e (GHSA-hm49-wcqc-g2xg):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#search\u003c/code\u003e and \u003ccode\u003e#uid_search\u003c/code\u003e send \u003ccode\u003ecriteria\u003c/code\u003e as raw data, when it is a String\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e#fetch\u003c/code\u003e and \u003ccode\u003e#uid_fetch\u003c/code\u003e send \u003ccode\u003eattr\u003c/code\u003e as raw data, when it is a String.\nWhen \u003ccode\u003eattr\u003c/code\u003e is an Array, its String members are sent as raw data.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!CAUTION]\n\u003ccode\u003eRawData\u003c/code\u003e does not defend against \u003cem\u003eother\u003c/em\u003e forms of argument injection!  It is an intentionally low-level API.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nTwo denial of service vulnerabilities have been addressed.\nThese are generally only relevant when connecting to an \u003cem\u003euntrusted hostile server\u003c/em\u003e (or without TLS).\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003eruby/net-imap#642\u003c/a\u003e fixes quadratic time complexity when reading large responses containing many string literals (GHSA-q2mw-fvj9-vvcw).\n\u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/654\"\u003eruby/net-imap#654\u003c/a\u003e adds a configurable \u003ccode\u003emax_iterations\u003c/code\u003e count for \u003ccode\u003eSCRAM-*\u003c/code\u003e authentication (GHSA-87pf-fpwv-p7m7).\u003c/p\u003e\n\u003cp\u003eThe default \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e is \u003ccode\u003e2**31 - 1\u003c/code\u003e (max 32-bit signed int), which was already OpenSSL's maximum value.  \u003cem\u003eIt provides no protection\u003c/em\u003e against hostile servers unless it is explicitly set to a lower value by the user.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⚡ \u003ccode\u003eResponseReader\u003c/code\u003e memoizes \u003ccode\u003eConfig#max_response_size\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003eruby/net-imap#642\u003c/a\u003e.\nChanges to \u003ccode\u003e#max_response_size\u003c/code\u003e now take effect once per response, not on every \u003ccode\u003eIO#read\u003c/code\u003e.\n\u003cem\u003eNOTE: It is not expected that this will affect any current usage.\u003c/em\u003e  See \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/642\"\u003ethe PR\u003c/a\u003e for details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Support \u003ccode\u003eBINARY\u003c/code\u003e extention to \u003ccode\u003e#append\u003c/code\u003e (RFC3516)  by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/616\"\u003eruby/net-imap#616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ Support \u003ccode\u003eLITERAL+\u003c/code\u003e and \u003ccode\u003eLITERAL-\u003c/code\u003e non-synchronizing literals (RFC7888) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/649\"\u003eruby/net-imap#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔒 Add \u003ccode\u003eScramAuthenticator#max_iterations\u003c/code\u003e by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/654\"\u003eruby/net-imap#654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🏷️ Add \u003ccode\u003enumber64\u003c/code\u003e and \u003ccode\u003enz-number64\u003c/code\u003e to NumValidator by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/625\"\u003eruby/net-imap#625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e♻️ Add \u003ccode\u003eMailboxQuota#quota_root\u003c/code\u003e alias by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/636\"\u003eruby/net-imap#636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔍 Simplify \u003ccode\u003eNet::IMAP#inspect\u003c/code\u003e with basic state by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/612\"\u003eruby/net-imap#612\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🥅 Add \u003ccode\u003eResponseParseError#parser_methods\u003c/code\u003e (and override \u003ccode\u003e#==\u003c/code\u003e) by \u003ca href=\"https://github.com/nevans\"\u003e\u003ccode\u003e@​nevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/net-imap/pull/615\"\u003eruby/net-imap#615\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/3e490673dca65d0cfeeeb3fbf1fdaa188d6f27c4\"\u003e\u003ccode\u003e3e49067\u003c/code\u003e\u003c/a\u003e 🔖 Bump version to 0.6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618\"\u003e\u003ccode\u003e0ede4c4\u003c/code\u003e\u003c/a\u003e 🔀 Merge pull request \u003ca href=\"https://redirect.github.com/ruby/net-imap/issues/664\"\u003e#664\u003c/a\u003e from ruby/security/STARTTLS-stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/51ae3604cabe1e8cfeeb888ff5ef6b9215fe1a65\"\u003e\u003ccode\u003e51ae360\u003c/code\u003e\u003c/a\u003e ♻️ Add command response handler before command is sent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/24d5c773d1bb76ca1cd0a26b2218195011c16969\"\u003e\u003ccode\u003e24d5c77\u003c/code\u003e\u003c/a\u003e 🔒🥅 Handle tagged \u0026quot;OK\u0026quot; to incomplete command\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/62eea6ffe1e390060065169474f97edbc42bd2b2\"\u003e\u003ccode\u003e62eea6f\u003c/code\u003e\u003c/a\u003e 🔒🥅 Ensure STARTTLS tagged response was handled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/46636cae8af68a4080c434b853fba1738c7c2587\"\u003e\u003ccode\u003e46636ca\u003c/code\u003e\u003c/a\u003e ❌🔒 Add failing test for STARTTLS stripping\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/e3b010509109eb4acc1d7e4365624e848ef0b45b\"\u003e\u003ccode\u003ee3b0105\u003c/code\u003e\u003c/a\u003e ✅♻️ Inline current STARTLS stripping test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/be32e712eb2ee90a0a2c78752bf19196582ed4d8\"\u003e\u003ccode\u003ebe32e71\u003c/code\u003e\u003c/a\u003e 📚 Improve documentation of RawData arguments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f\"\u003e\u003ccode\u003e47c7218\u003c/code\u003e\u003c/a\u003e 🐛 Validate RawData and wait to continue literals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974\"\u003e\u003ccode\u003e0ec4fd3\u003c/code\u003e\u003c/a\u003e 🥅 Validate \u003ccode\u003e#setquota\u003c/code\u003e storage limit argument\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/net-imap/compare/v0.6.3...v0.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.19.2 to 1.19.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem\r\n8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem\r\n3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem\r\n9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem\r\n71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem\r\n40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem\r\n8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem\r\n77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem\r\n2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem\r\n248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem\r\n78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.3 / 2026-04-27\u003c/h2\u003e\n\u003ch3\u003eFixed / Security\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAddress exponential regex backtracking in CSS selector tokenizer. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx\"\u003eGHSA-c4rq-3m3g-8wgx\u003c/a\u003e for more information.\u003c/li\u003e\n\u003cli\u003e[CRuby] Address memory leak in \u003ccode\u003eXSLT::Stylesheet#transform\u003c/code\u003e. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv\"\u003eGHSA-v2fc-qm4h-8hqv\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b\"\u003e\u003ccode\u003ec139a3d\u003c/code\u003e\u003c/a\u003e version bump to v1.19.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0\"\u003e\u003ccode\u003e7501a63\u003c/code\u003e\u003c/a\u003e fix: backtracking in CSS tokenizer rules (v1.19.x backport) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3627\"\u003e#3627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339\"\u003e\u003ccode\u003e03e7968\u003c/code\u003e\u003c/a\u003e test: skip CSS tokenizer benchmarks on JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538\"\u003e\u003ccode\u003eb984b7e\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer ident rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6\"\u003e\u003ccode\u003e0092623\u003c/code\u003e\u003c/a\u003e fix: ReDoS in CSS tokenizer STRING rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf\"\u003e\u003ccode\u003eee17d33\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform (backport to v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3624\"\u003e#3624\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c\"\u003e\u003ccode\u003ece188a3\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472\"\u003e\u003ccode\u003ecaeaac4\u003c/code\u003e\u003c/a\u003e fix: memory leak in XSLT transform\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf\"\u003e\u003ccode\u003e25220bf\u003c/code\u003e\u003c/a\u003e dep(test): test against libxml-ruby v6 (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3618\"\u003e#3618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e\"\u003e\u003ccode\u003e0caeb21\u003c/code\u003e\u003c/a\u003e doc: add security warnings for untrusted XSLT stylesheets\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.19.2...v1.19.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SherfeyInv/devbox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SherfeyInv/devbox/pull/175","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Fdevbox/issues/175","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/175/packages"}},{"old_version":"2.2.23","new_version":"3.2.6","update_type":"major","path":null,"pr_created_at":"2026-05-01T13:48:42.000Z","version_change":"2.2.23 → 3.2.6","issue":{"uuid":"4364698277","node_id":"PR_kwDOB4ZGwM7XbtFU","number":306,"state":"open","title":"Bump the ruby-dependencies group with 29 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-01T13:48:42.000Z","updated_at":"2026-05-01T13:48:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"ruby-dependencies","update_count":29,"packages":[{"name":"sqlite3","old_version":"1.6.1","new_version":"2.9.3","repository_url":"https://github.com/sparklemotion/sqlite3-ruby"},{"name":"puma","old_version":"6.6.1","new_version":"8.0.1","repository_url":"https://github.com/puma/puma"},{"name":"turbo-rails","old_version":"1.4.0","new_version":"2.0.23","repository_url":"https://github.com/hotwired/turbo-rails"},{"name":"jbuilder","old_version":"2.11.5","new_version":"2.14.1","repository_url":"https://github.com/rails/jbuilder"},{"name":"config","old_version":"4.1.0","new_version":"5.6.1","repository_url":"https://github.com/rubyconfig/config"},{"name":"google-apis-analyticsdata_v1beta","old_version":"0.32.0","new_version":"0.40.0","repository_url":"https://github.com/googleapis/google-api-ruby-client"},{"name":"googleauth","old_version":"1.3.0","new_version":"1.16.2","repository_url":"https://github.com/googleapis/google-auth-library-ruby"},{"name":"aws-sdk-core","old_version":"3.243.0","new_version":"3.246.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"rspec-core","old_version":"3.12.1","new_version":"3.13.6","repository_url":"https://github.com/rspec/rspec"},{"name":"jquery-rails","old_version":"4.5.1","new_version":"4.6.1","repository_url":"https://github.com/rails/jquery-rails"},{"name":"aws-sdk-rails","old_version":"3.7.1","new_version":"5.1.0","repository_url":"https://github.com/aws/aws-sdk-rails"},{"name":"aws-sdk-s3","old_version":"1.216.0","new_version":"1.220.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"sprockets","old_version":"3.7.2","new_version":"4.2.2","repository_url":"https://github.com/rails/sprockets"},{"name":"rubyzip","old_version":"2.3.2","new_version":"3.2.2","repository_url":"https://github.com/rubyzip/rubyzip"},{"name":"ffi","old_version":"1.15.5","new_version":"1.17.4","repository_url":"https://github.com/ffi/ffi"},{"name":"nokogiri","old_version":"1.18.10","new_version":"1.19.3","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.23","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"net-imap","old_version":"0.5.13","new_version":"0.6.4","repository_url":"https://github.com/ruby/net-imap"},{"name":"json","old_version":"2.19.3","new_version":"2.19.4","repository_url":"https://github.com/ruby/json"},{"name":"sentry-ruby","old_version":"5.28.1","new_version":"6.5.0","repository_url":"https://github.com/getsentry/sentry-ruby"},{"name":"sentry-rails","old_version":"5.28.1","new_version":"6.5.0","repository_url":"https://github.com/getsentry/sentry-ruby"},{"name":"pg","old_version":"1.4.6","new_version":"1.6.3","repository_url":"https://github.com/ged/ruby-pg"},{"name":"byebug","old_version":"11.1.3","new_version":"13.0.0","repository_url":"https://github.com/deivid-rodriguez/byebug"},{"name":"capybara","old_version":"3.38.0","new_version":"3.40.0","repository_url":"https://github.com/teamcapybara/capybara"},{"name":"selenium-webdriver","old_version":"4.8.1","new_version":"4.43.0","repository_url":"https://github.com/SeleniumHQ/selenium"},{"name":"rspec-rails","old_version":"6.0.1","new_version":"8.0.4","repository_url":"https://github.com/rspec/rspec-rails"},{"name":"web-console","old_version":"4.2.0","new_version":"4.2.1","repository_url":"https://github.com/rails/web-console"},{"name":"listen","old_version":"3.8.0","new_version":"3.10.0","repository_url":"https://github.com/guard/listen"},{"name":"spring","old_version":"4.1.1","new_version":"4.4.2","repository_url":"https://github.com/rails/spring"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the ruby-dependencies group with 29 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) | `1.6.1` | `2.9.3` |\n| [puma](https://github.com/puma/puma) | `6.6.1` | `8.0.1` |\n| [turbo-rails](https://github.com/hotwired/turbo-rails) | `1.4.0` | `2.0.23` |\n| [jbuilder](https://github.com/rails/jbuilder) | `2.11.5` | `2.14.1` |\n| [config](https://github.com/rubyconfig/config) | `4.1.0` | `5.6.1` |\n| [google-apis-analyticsdata_v1beta](https://github.com/googleapis/google-api-ruby-client) | `0.32.0` | `0.40.0` |\n| [googleauth](https://github.com/googleapis/google-auth-library-ruby) | `1.3.0` | `1.16.2` |\n| [aws-sdk-core](https://github.com/aws/aws-sdk-ruby) | `3.243.0` | `3.246.0` |\n| [rspec-core](https://github.com/rspec/rspec) | `3.12.1` | `3.13.6` |\n| [jquery-rails](https://github.com/rails/jquery-rails) | `4.5.1` | `4.6.1` |\n| [aws-sdk-rails](https://github.com/aws/aws-sdk-rails) | `3.7.1` | `5.1.0` |\n| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.216.0` | `1.220.0` |\n| [sprockets](https://github.com/rails/sprockets) | `3.7.2` | `4.2.2` |\n| [rubyzip](https://github.com/rubyzip/rubyzip) | `2.3.2` | `3.2.2` |\n| [ffi](https://github.com/ffi/ffi) | `1.15.5` | `1.17.4` |\n| [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.18.10` | `1.19.3` |\n| [rack](https://github.com/rack/rack) | `2.2.23` | `3.2.6` |\n| [net-imap](https://github.com/ruby/net-imap) | `0.5.13` | `0.6.4` |\n| [json](https://github.com/ruby/json) | `2.19.3` | `2.19.4` |\n| [sentry-ruby](https://github.com/getsentry/sentry-ruby) | `5.28.1` | `6.5.0` |\n| [sentry-rails](https://github.com/getsentry/sentry-ruby) | `5.28.1` | `6.5.0` |\n| [pg](https://github.com/ged/ruby-pg) | `1.4.6` | `1.6.3` |\n| [byebug](https://github.com/deivid-rodriguez/byebug) | `11.1.3` | `13.0.0` |\n| [capybara](https://github.com/teamcapybara/capybara) | `3.38.0` | `3.40.0` |\n| [selenium-webdriver](https://github.com/SeleniumHQ/selenium) | `4.8.1` | `4.43.0` |\n| [rspec-rails](https://github.com/rspec/rspec-rails) | `6.0.1` | `8.0.4` |\n| [web-console](https://github.com/rails/web-console) | `4.2.0` | `4.2.1` |\n| [listen](https://github.com/guard/listen) | `3.8.0` | `3.10.0` |\n| [spring](https://github.com/rails/spring) | `4.1.1` | `4.4.2` |\n\nUpdates `sqlite3` from 1.6.1 to 2.9.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/releases\"\u003esqlite3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.9.3 / 2026-04-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_53_0.html\"\u003ev3.53.0\u003c/a\u003e (from v3.51.3). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/696\"\u003e#696\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003eca6dd1cf6c037ccc8d3e5837190cc61ef15466092014951235641b5c4c8ab4ee  sqlite3-2.9.3-aarch64-linux-gnu.gem\r\nff017a36c463d02e9f0be7a6224521371128024e6a05ed16994afa5c037afbba  sqlite3-2.9.3-aarch64-linux-musl.gem\r\nfd8b74337a66bdaf746b97d65e6c9a2faff803c8f72d6b107fb880972815d072  sqlite3-2.9.3-arm-linux-gnu.gem\r\n792ae9a786bb37dbdc4c443c527bc91df423aac10e472f76d5cf5a9ac6d51980  sqlite3-2.9.3-arm-linux-musl.gem\r\n76b265d3d57362d3e38338f24f50a0c9cd47a4599c9cfbb578fac125d2299906  sqlite3-2.9.3-arm64-darwin.gem\r\n61edb2ce7a58e800478602e88b67e99f029b44747405c94c0cce7d165b0d0a96  sqlite3-2.9.3-x64-mingw-ucrt.gem\r\nceb2417f01563a2800836fbbc6d59aa0ca591882c99f6c50fdc0c8090da7a03b  sqlite3-2.9.3-x86-linux-gnu.gem\r\n1688e37da36a4513a1a1d6e9abb643f68723599abbe564cb1a1bf496c9ae8dca  sqlite3-2.9.3-x86-linux-musl.gem\r\n087e7cc4efc73d83e76354f028c4d1dc14552a05acc74f60e77a55f1bee6ef22  sqlite3-2.9.3-x86_64-darwin.gem\r\n85200a10c6cf5c60085fcca411a3168c5fba8fda3e2b1b0109ec277d7c226d46  sqlite3-2.9.3-x86_64-linux-gnu.gem\r\nb6d0437046d9180335dea1aa0592802e65c4f7b57409d63f14408211bf28536b  sqlite3-2.9.3-x86_64-linux-musl.gem\r\ne5ca871c87241bfdaf0e4a90d5177f4e4fe7af5f6951f88b4644339cc76e47ae  sqlite3-2.9.3.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003e2.9.2 / 2026-03-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_3.html\"\u003ev3.51.3\u003c/a\u003e (from v3.51.2). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/688\"\u003e#688\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSHA256 Checksums\u003c/h3\u003e\n\u003cpre\u003e\u003ccode\u003eeeb86db55645b85327ba75129e3614658d974bf4da8fdc87018a0d42c59f6e42  sqlite3-2.9.2-aarch64-linux-gnu.gem\r\n4feff91fb8c2b13688da34b5627c9d1ed9cedb3ee87a7114ec82209147f07a6d  sqlite3-2.9.2-aarch64-linux-musl.gem\r\n1ee2eb06b5301aaf5ce343a6e88d99ac932d95202d7b350f0e7b6d8d588580d7  sqlite3-2.9.2-arm-linux-gnu.gem\r\n8ca0de6aceede968de0394e22e95d549834c4d8e318f69a92a52f049878a0057  sqlite3-2.9.2-arm-linux-musl.gem\r\nd15bd9609a05f9d54930babe039585efc8cadd57517c15b64ec7dfa75158a5e9  sqlite3-2.9.2-arm64-darwin.gem\r\nb1b10d8c45a495b1e5b6338f7baa11297522bb9809b01e7e575090edd685953e  sqlite3-2.9.2-x64-mingw-ucrt.gem\r\n066bc904522f8a7072236a81237c03a4a1dfe070a25107e392de03d1e4ad0e6d  sqlite3-2.9.2-x86-linux-gnu.gem\r\n6503c76278f5e8629b12b6518ff43a9a4f6d9381de73f0b086c9fa1226db5ede  sqlite3-2.9.2-x86-linux-musl.gem\r\ned691b5021674d72582d03c5a38e89634b961902735fb6225273892805421d13  sqlite3-2.9.2-x86_64-darwin.gem\r\ndce83ffcb7e72f9f7aeb6e5404f15d277a45332fe18ccce8a8b3ed51e8d23aee  sqlite3-2.9.2-x86_64-linux-gnu.gem\r\ne8dd906a613f13b60f6d47ae9dda376384d9de1ab3f7e3f2fdf2fd18a871a2d7  sqlite3-2.9.2-x86_64-linux-musl.gem\r\n86814150714b6b06a328d083f46408e7a4a83b5f0a9673ed934ee3a1cb7a73b1  sqlite3-2.9.2.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003e2.9.1 / 2026-02-28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_2.html\"\u003ev3.51.2\u003c/a\u003e (from v3.51.1). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/683\"\u003e#683\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md\"\u003esqlite3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.9.3 / 2026-04-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_53_0.html\"\u003ev3.53.0\u003c/a\u003e (from v3.51.3). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/696\"\u003e#696\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.9.2 / 2026-03-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_3.html\"\u003ev3.51.3\u003c/a\u003e (from v3.51.2). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/688\"\u003e#688\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.9.1 / 2026-02-28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_2.html\"\u003ev3.51.2\u003c/a\u003e (from v3.51.1). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/683\"\u003e#683\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.9.0 / 2025-12-27\u003c/h2\u003e\n\u003ch3\u003eRuby\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem packages for Ruby 4.0. \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for Ruby 3.1. \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce \u003ccode\u003eStatement#named_params\u003c/code\u003e to introspect on a parameterized SQL statement. \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/627\"\u003e#627\u003c/a\u003e \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/642\"\u003e#642\u003c/a\u003e \u003ca href=\"https://github.com/captn3m0\"\u003e\u003ccode\u003e@​captn3m0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImproved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSmall improvements to docstrings and comments. \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/houyuanjie\"\u003e\u003ccode\u003e@​houyuanjie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.8.1 / 2025-11-29\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_1.html\"\u003ev3.51.1\u003c/a\u003e (from v3.51.0). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/659\"\u003e#659\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrecompiled native gems are built with rake-compiler-dock v1.10.0 (previously v1.9.1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.8.0 / 2025-11-05\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_51_0.html\"\u003ev3.51.0\u003c/a\u003e (from v3.50.4). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/652\"\u003e#652\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.7.4 / 2025-09-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://www.sqlite.org/releaselog/3_50_4.html\"\u003ev3.50.4\u003c/a\u003e (from v3.50.3). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/644\"\u003e#644\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.7.3 / 2025-07-18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eVendored sqlite is updated to \u003ca href=\"https://sqlite.org/releaselog/3_50_3.html\"\u003ev3.50.3\u003c/a\u003e (from v3.50.2). \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/638\"\u003e#638\u003c/a\u003e \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/2e8172c0a7699902b8630433e988903edab10d18\"\u003e\u003ccode\u003e2e8172c\u003c/code\u003e\u003c/a\u003e version bump to v2.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/3dee3f2c737cbc48b68e3b4632287b13521a60ea\"\u003e\u003ccode\u003e3dee3f2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/696\"\u003e#696\u003c/a\u003e from sparklemotion/dep-sqlite-3.53.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/6d1ae38f33c4528c0ac56951c052b90cdfad9c81\"\u003e\u003ccode\u003e6d1ae38\u003c/code\u003e\u003c/a\u003e build(deps): update vendored sqlite to 3.53.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/45611fd3f415338875407bcb0f67f6ae92bef65f\"\u003e\u003ccode\u003e45611fd\u003c/code\u003e\u003c/a\u003e build(deps): bump the actions group with 3 updates (\u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/695\"\u003e#695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/c1724fc7f816b1fd13071000a25976c0e7f3cd95\"\u003e\u003ccode\u003ec1724fc\u003c/code\u003e\u003c/a\u003e build(deps): bump vmactions/freebsd-vm in the actions group (\u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/694\"\u003e#694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/8a7709e34196d1e37b7180fcddb0e6021a60ec97\"\u003e\u003ccode\u003e8a7709e\u003c/code\u003e\u003c/a\u003e build(deps-dev): update minitest requirement from 6.0.2 to 6.0.3 (\u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/b7c076de9b9d6658b2f77af788a55144cda0db69\"\u003e\u003ccode\u003eb7c076d\u003c/code\u003e\u003c/a\u003e build(deps): bump the actions group with 3 updates (\u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/704beb8b35cf060268b2d6eb32bcb33297846622\"\u003e\u003ccode\u003e704beb8\u003c/code\u003e\u003c/a\u003e build(deps): bump the actions group with 2 updates (\u003ca href=\"https://redirect.github.com/sparklemotion/sqlite3-ruby/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/efc56aa1e407a7aa6a96caefecd2c900e1f39223\"\u003e\u003ccode\u003eefc56aa\u003c/code\u003e\u003c/a\u003e version bump to v2.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/commit/8635618dca7edca3a804175610d0a81381e3554b\"\u003e\u003ccode\u003e8635618\u003c/code\u003e\u003c/a\u003e doc: new automated release process\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/sqlite3-ruby/compare/v1.6.1...v2.9.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `puma` from 6.6.1 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eprune_bundler\u003c/code\u003e stripping user-configured \u003ccode\u003eBUNDLE_*\u003c/code\u003e env vars (e.g. \u003ccode\u003eBUNDLE_WITHOUT\u003c/code\u003e) on re-exec, which caused workers to crash on boot (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3929\"\u003e#3929\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse blocks for debug logging to avoid creating log messages when debug is disabled (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3920\"\u003e#3920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect hook names in gRPC docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3923\"\u003e#3923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReword v8 upgrade guide IPv6 bullet for clarity (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3928\"\u003e#3928\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.0 - Into the Arena\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eRead our \u003ca href=\"https://github.com/puma/puma/blob/main/docs/8.0-Upgrade.md\"\u003eVersion 8 Upgrade Guide.\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.2.0 - On The Corner\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workers \u003ccode\u003e:auto\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3827\"\u003e#3827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake it possible to restrict control server commands to stats (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3787\"\u003e#3787\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDon't break if \u003ccode\u003eWEB_CONCURRENCY\u003c/code\u003e is set to a blank string (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3837\"\u003e#3837\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.1 / 2026-04-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eprune_bundler\u003c/code\u003e stripping user-configured \u003ccode\u003eBUNDLE_*\u003c/code\u003e env vars (e.g. \u003ccode\u003eBUNDLE_WITHOUT\u003c/code\u003e) on re-exec, which caused workers to crash on boot (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3929\"\u003e#3929\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse blocks for debug logging to avoid creating log messages when debug is disabled (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3920\"\u003e#3920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect hook names in gRPC docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3923\"\u003e#3923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReword v8 upgrade guide IPv6 bullet for clarity (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3928\"\u003e#3928\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.0 / 2026-03-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2.0 / 2026-01-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workers \u003ccode\u003e:auto\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3827\"\u003e#3827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake it possible to restrict control server commands to stats (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3787\"\u003e#3787\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDon't break if \u003ccode\u003eWEB_CONCURRENCY\u003c/code\u003e is set to a blank string (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3837\"\u003e#3837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't share server between worker 0 and descendants on refork (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3602\"\u003e#3602\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/cee7e613c0d6e072b1ae9993c6dec63cbf259ec3\"\u003e\u003ccode\u003ecee7e61\u003c/code\u003e\u003c/a\u003e Release v8.0.1 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3932\"\u003e#3932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/f955cafec47be2ac8c296a7ab278288737984243\"\u003e\u003ccode\u003ef955caf\u003c/code\u003e\u003c/a\u003e Fix prune_bundler stripping user-configured BUNDLE_* env vars on re-exec (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3929\"\u003e#3929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/97996aa025b9ad9ef5252af4a4b0f859cc3c0c23\"\u003e\u003ccode\u003e97996aa\u003c/code\u003e\u003c/a\u003e ci: test_error_logger.rb - fix TruffleRuby error (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3930\"\u003e#3930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/03825bc90fd04dc00dd63d1bf6bf72c224ccbed9\"\u003e\u003ccode\u003e03825bc\u003c/code\u003e\u003c/a\u003e Build(deps): Bump actions/github-script from 8 to 9 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3925\"\u003e#3925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/053efae42144c65cdc7110085512216647a68bdc\"\u003e\u003ccode\u003e053efae\u003c/code\u003e\u003c/a\u003e Reword v8 upgrade guide ipv6 bullet (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3928\"\u003e#3928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/b19f35ae64d23d4d870089f2b199b0213bac00cc\"\u003e\u003ccode\u003eb19f35a\u003c/code\u003e\u003c/a\u003e Fix incorrect hook names in gRPC docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3923\"\u003e#3923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/eeabe4bf4d887dc3fbac3f6bdbee1eadf807c9e9\"\u003e\u003ccode\u003eeeabe4b\u003c/code\u003e\u003c/a\u003e Use blocks for debug logging to avoid creating messages if debug disabled (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/08f63d495955eaee065d0ee18849f4ddcd52fe72\"\u003e\u003ccode\u003e08f63d4\u003c/code\u003e\u003c/a\u003e Release v8.0.0 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3914\"\u003e#3914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7406cc192480ce9d01c9a47e6f41fcb1548217a6\"\u003e\u003ccode\u003e7406cc1\u003c/code\u003e\u003c/a\u003e Fix IPv4-mapped IPv6 addresses in \u003ccode\u003eREMOTE_ADDR\u003c/code\u003e and request logs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3916\"\u003e#3916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/e090243320eb743a6c03f77f4ffa9e1a24c677b1\"\u003e\u003ccode\u003ee090243\u003c/code\u003e\u003c/a\u003e Build(deps): Bump actions/checkout from 4 to 6 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3915\"\u003e#3915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/puma/puma/compare/v6.6.1...v8.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `turbo-rails` from 1.4.0 to 2.0.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hotwired/turbo-rails/releases\"\u003eturbo-rails's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.23\u003c/h2\u003e\n\u003cp\u003eUpdates the bundled JS to freshen stale dependencies from the previous release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v2.0.22...v2.0.23\"\u003ehttps://github.com/hotwired/turbo-rails/compare/v2.0.22...v2.0.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdates the bundled JS to \u003ca href=\"https://github.com/hotwired/turbo/compare/v8.0.21...v8.0.22\"\u003ev8.0.22\u003c/a\u003e for renamed \u003ccode\u003esession.navigator\u003c/code\u003e to avoid clobbering \u003ccode\u003ewindow.navigator\u003c/code\u003e. See \u003ca href=\"https://redirect.github.com/hotwired/turbo/pull/1489\"\u003ehotwired/turbo#1489\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v2.0.21...v2.0.22\"\u003ehttps://github.com/hotwired/turbo-rails/compare/v2.0.21...v2.0.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003erails@8.1\u003c/code\u003e to the CI matrix by \u003ca href=\"https://github.com/seanpdoyle\"\u003e\u003ccode\u003e@​seanpdoyle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/758\"\u003ehotwired/turbo-rails#758\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse an immediate debouncer for tests by \u003ca href=\"https://github.com/djmb\"\u003e\u003ccode\u003e@​djmb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/761\"\u003ehotwired/turbo-rails#761\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude hidden elements for turbo-cable-stream-source selector by \u003ca href=\"https://github.com/excid3\"\u003e\u003ccode\u003e@​excid3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/740\"\u003ehotwired/turbo-rails#740\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CI for \u003ccode\u003eruby@3.2.x\u003c/code\u003e-\u003ccode\u003erails@7.2.x\u003c/code\u003e by \u003ca href=\"https://github.com/seanpdoyle\"\u003e\u003ccode\u003e@​seanpdoyle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/764\"\u003ehotwired/turbo-rails#764\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd turbo frame assertion test helpers by \u003ca href=\"https://github.com/excid3\"\u003e\u003ccode\u003e@​excid3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/742\"\u003ehotwired/turbo-rails#742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAcccept meta tag string arguments as well by \u003ca href=\"https://github.com/frenkel\"\u003e\u003ccode\u003e@​frenkel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/754\"\u003ehotwired/turbo-rails#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[fix \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/issues/762\"\u003e#762\u003c/a\u003e] Forward broadcast_refresh_to options by \u003ca href=\"https://github.com/OutlawAndy\"\u003e\u003ccode\u003e@​OutlawAndy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/763\"\u003ehotwired/turbo-rails#763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Model Class in Action and Frame helpers by \u003ca href=\"https://github.com/afrase\"\u003e\u003ccode\u003e@​afrase\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/597\"\u003ehotwired/turbo-rails#597\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove legacy workaround for Rails \u0026lt; 7 by \u003ca href=\"https://github.com/drjayvee\"\u003e\u003ccode\u003e@​drjayvee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/766\"\u003ehotwired/turbo-rails#766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix debouncer tests to wait on correct debouncer by \u003ca href=\"https://github.com/djmb\"\u003e\u003ccode\u003e@​djmb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/767\"\u003ehotwired/turbo-rails#767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRestrict tests to \u003ccode\u003eminitest \u0026lt; 6\u003c/code\u003e by \u003ca href=\"https://github.com/seanpdoyle\"\u003e\u003ccode\u003e@​seanpdoyle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/774\"\u003ehotwired/turbo-rails#774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly return messages produced by block in \u003ccode\u003ecapture_turbo_stream_broadcasts\u003c/code\u003e by \u003ca href=\"https://github.com/Vivalldi\"\u003e\u003ccode\u003e@​Vivalldi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/736\"\u003ehotwired/turbo-rails#736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect broadcast suppressions on before/after actions by \u003ca href=\"https://github.com/stowersjoshua\"\u003e\u003ccode\u003e@​stowersjoshua\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/770\"\u003ehotwired/turbo-rails#770\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/djmb\"\u003e\u003ccode\u003e@​djmb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/761\"\u003ehotwired/turbo-rails#761\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/frenkel\"\u003e\u003ccode\u003e@​frenkel\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/754\"\u003ehotwired/turbo-rails#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OutlawAndy\"\u003e\u003ccode\u003e@​OutlawAndy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/763\"\u003ehotwired/turbo-rails#763\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/afrase\"\u003e\u003ccode\u003e@​afrase\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/597\"\u003ehotwired/turbo-rails#597\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drjayvee\"\u003e\u003ccode\u003e@​drjayvee\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/766\"\u003ehotwired/turbo-rails#766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Vivalldi\"\u003e\u003ccode\u003e@​Vivalldi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/736\"\u003ehotwired/turbo-rails#736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stowersjoshua\"\u003e\u003ccode\u003e@​stowersjoshua\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/770\"\u003ehotwired/turbo-rails#770\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v2.0.20...v2.0.21\"\u003ehttps://github.com/hotwired/turbo-rails/compare/v2.0.20...v2.0.21\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.20\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v2.0.19...v2.0.20\"\u003ehttps://github.com/hotwired/turbo-rails/compare/v2.0.19...v2.0.20\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.19\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v2.0.17...v2.0.19\"\u003ehttps://github.com/hotwired/turbo-rails/compare/v2.0.17...v2.0.19\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix typo in README.md by \u003ca href=\"https://github.com/brunocalmels\"\u003e\u003ccode\u003e@​brunocalmels\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/746\"\u003ehotwired/turbo-rails#746\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove compact call on locals in broadcast_rendering_with_defaults by \u003ca href=\"https://github.com/mathias234\"\u003e\u003ccode\u003e@​mathias234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/pull/720\"\u003ehotwired/turbo-rails#720\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/435135b26a4b62e49d2f55bb4b1fd419e3bfb228\"\u003e\u003ccode\u003e435135b\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/22701f1fa326fc936b878c47b6f3d42ebef727ed\"\u003e\u003ccode\u003e22701f1\u003c/code\u003e\u003c/a\u003e \u003ccode\u003e@​hotwired/turbo-rails\u003c/code\u003e v8.0.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/27030b956b107e864258aff0c48c2ed7a36ef3fc\"\u003e\u003ccode\u003e27030b9\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/52cde052aa00c6f7b0ce8cd10d2fefdcbe1e3255\"\u003e\u003ccode\u003e52cde05\u003c/code\u003e\u003c/a\u003e \u003ccode\u003e@​hotwired/turbo-rails\u003c/code\u003e v8.0.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/e511fb28c464ea9f3b3ddec3c1250d2b2c4b5313\"\u003e\u003ccode\u003ee511fb2\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/99dc9c5445166f0335d0a2fc15da3e7969fc913a\"\u003e\u003ccode\u003e99dc9c5\u003c/code\u003e\u003c/a\u003e \u003ccode\u003e@​hotwired/turbo-rails\u003c/code\u003e v8.0.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/c2cd99fae9440aee6c1c836578c6dbf6067f7ee0\"\u003e\u003ccode\u003ec2cd99f\u003c/code\u003e\u003c/a\u003e v8.0.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/31c78af6c1d16070bbb25b68402a2c700a386c1a\"\u003e\u003ccode\u003e31c78af\u003c/code\u003e\u003c/a\u003e Respect broadcast suppressions on before/after actions (\u003ca href=\"https://redirect.github.com/hotwired/turbo-rails/issues/770\"\u003e#770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/16f76133cbef0cfec65a3c8693d795670fb725ac\"\u003e\u003ccode\u003e16f7613\u003c/code\u003e\u003c/a\u003e Only return messages produced by block in \u003ccode\u003ecapture_turbo_stream_broadcasts\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hotwired/turbo-rails/commit/dda27a8b903a27958fd2e4086babcfbaba648a94\"\u003e\u003ccode\u003edda27a8\u003c/code\u003e\u003c/a\u003e Restrict tests to \u003ccode\u003eminitest\u0026lt;6\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hotwired/turbo-rails/compare/v1.4.0...v2.0.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jbuilder` from 2.11.5 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/jbuilder/releases\"\u003ejbuilder's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure that \u003ccode\u003eJbuilder.encode\u003c/code\u003e properly forwards arguments to \u003ccode\u003e.new\u003c/code\u003e by \u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/601\"\u003erails/jbuilder#601\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/flavorjones\"\u003e\u003ccode\u003e@​flavorjones\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/601\"\u003erails/jbuilder#601\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rails/jbuilder/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/rails/jbuilder/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support to Ruby \u0026lt; 3.0 and Rails \u0026lt; 7.0\u003c/li\u003e\n\u003cli\u003eTest against Rails 8 and fix Rails 7 logger dependency by \u003ca href=\"https://github.com/excid3\"\u003e\u003ccode\u003e@​excid3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/582\"\u003erails/jbuilder#582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd status: :see_other to update action by \u003ca href=\"https://github.com/excid3\"\u003e\u003ccode\u003e@​excid3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/583\"\u003erails/jbuilder#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eForce close final statement in templates by \u003ca href=\"https://github.com/ienders\"\u003e\u003ccode\u003e@​ienders\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/578\"\u003erails/jbuilder#578\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize \u003ccode\u003e_is_collection?\u003c/code\u003e method by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/590\"\u003erails/jbuilder#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e#frozen_string_literal: true\u003c/code\u003e to all files by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/599\"\u003erails/jbuilder#599\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize \u003ccode\u003e_key\u003c/code\u003e to prevent string allocation when formatting \u003ccode\u003eSymbol\u003c/code\u003es by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/593\"\u003erails/jbuilder#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize key formatter by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/597\"\u003erails/jbuilder#597\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize internal \u003ccode\u003eextract!\u003c/code\u003e calls to save on memory allocation by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/598\"\u003erails/jbuilder#598\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix regression in API controllers with view_cache_dependencies helper by \u003ca href=\"https://github.com/excid3\"\u003e\u003ccode\u003e@​excid3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/575\"\u003erails/jbuilder#575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize \u003ccode\u003emethod_missing\u003c/code\u003e via \u003ccode\u003ealias_method\u003c/code\u003e by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/600\"\u003erails/jbuilder#600\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCleanup project for Rails 7+ support by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/594\"\u003erails/jbuilder#594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix warnings and prevent Jbuilder::VERSION constant from being obliterated by \u003ca href=\"https://github.com/pixeltrix\"\u003e\u003ccode\u003e@​pixeltrix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/574\"\u003erails/jbuilder#574\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOptimize memory allocation when rendering partials by \u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/591\"\u003erails/jbuilder#591\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/richardvenneman\"\u003e\u003ccode\u003e@​richardvenneman\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/576\"\u003erails/jbuilder#576\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ienders\"\u003e\u003ccode\u003e@​ienders\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/578\"\u003erails/jbuilder#578\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moberegger\"\u003e\u003ccode\u003e@​moberegger\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/590\"\u003erails/jbuilder#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rails/jbuilder/compare/v2.13.0...v2.14.0\"\u003ehttps://github.com/rails/jbuilder/compare/v2.13.0...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRedirect to \u003ccode\u003e@record\u003c/code\u003e or path in controller generator by \u003ca href=\"https://github.com/jeromedalbert\"\u003e\u003ccode\u003e@​jeromedalbert\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/569\"\u003erails/jbuilder#569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn early from collection partial rendering if blank by \u003ca href=\"https://github.com/tylerjc\"\u003e\u003ccode\u003e@​tylerjc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/560\"\u003erails/jbuilder#560\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing ':see_other' status code in generated destroy controller method by \u003ca href=\"https://github.com/ldeld\"\u003e\u003ccode\u003e@​ldeld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/538\"\u003erails/jbuilder#538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove OpenStruct references from Jbuilder by \u003ca href=\"https://github.com/mtsmfm\"\u003e\u003ccode\u003e@​mtsmfm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/567\"\u003erails/jbuilder#567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse new \u003ccode\u003eparams.expect\u003c/code\u003e syntax instead of \u003ccode\u003eparams.require\u003c/code\u003e by \u003ca href=\"https://github.com/jeromedalbert\"\u003e\u003ccode\u003e@​jeromedalbert\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/573\"\u003erails/jbuilder#573\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jeromedalbert\"\u003e\u003ccode\u003e@​jeromedalbert\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/570\"\u003erails/jbuilder#570\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerjc\"\u003e\u003ccode\u003e@​tylerjc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/560\"\u003erails/jbuilder#560\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ldeld\"\u003e\u003ccode\u003e@​ldeld\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/538\"\u003erails/jbuilder#538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtsmfm\"\u003e\u003ccode\u003e@​mtsmfm\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rails/jbuilder/pull/567\"\u003erails/jbuilder#567\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rails/jbuilder/compare/v2.12.0...v2.13.0\"\u003ehttps://github.com/rails/jbuilder/compare/v2.12.0...v2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/38339adaa9d44ba89c0dde2a795338a886941e6f\"\u003e\u003ccode\u003e38339ad\u003c/code\u003e\u003c/a\u003e Prepare for 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/2400fd9ce631ec9689b535e9af6ad866781f8ef9\"\u003e\u003ccode\u003e2400fd9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/jbuilder/issues/601\"\u003e#601\u003c/a\u003e from flavorjones/flavorjones/fix-encode-arguments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/a6863b5d582b966fcfbef8686c829c950efd1f5c\"\u003e\u003ccode\u003ea6863b5\u003c/code\u003e\u003c/a\u003e Ensure that Jbuilder.encode properly forwards arguments to .new\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/30ba7df152aacdf20b6267a82b9d2b1f9e947636\"\u003e\u003ccode\u003e30ba7df\u003c/code\u003e\u003c/a\u003e Prepare for 2.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/5f4af71c859c6b234eef1682f81aac225534f048\"\u003e\u003ccode\u003e5f4af71\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/jbuilder/issues/591\"\u003e#591\u003c/a\u003e from moberegger/moberegger/optimize_options_merges\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/6fd6c0662f6507be951ba842857c663adb000f56\"\u003e\u003ccode\u003e6fd6c06\u003c/code\u003e\u003c/a\u003e Small _set_inline_partial optimization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/b7b5abb02d9bb2ed1fc584a08142838a05cafc08\"\u003e\u003ccode\u003eb7b5abb\u003c/code\u003e\u003c/a\u003e Stop mutating options in partial! method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/7e16adf446c9da701e1e5fdbe9c93f7f8095630d\"\u003e\u003ccode\u003e7e16adf\u003c/code\u003e\u003c/a\u003e Stop mutating options in set! method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/8474b41f666b13055b9368107c783cdae7903fb6\"\u003e\u003ccode\u003e8474b41\u003c/code\u003e\u003c/a\u003e Remove _partial micro-optimization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/jbuilder/commit/9ffacf75a64f5f595bee3cfb28dcfe3307d8e2da\"\u003e\u003ccode\u003e9ffacf7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/jbuilder/issues/574\"\u003e#574\u003c/a\u003e from pixeltrix/fix-warnings-and-version-constant\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/jbuilder/compare/v2.11.5...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `config` from 4.1.0 to 5.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rubyconfig/config/releases\"\u003econfig's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.6.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(security): replace \u003ccode\u003eIO.read\u003c/code\u003e with \u003ccode\u003eFile.read\u003c/code\u003e by \u003ca href=\"https://github.com/pkuczynski\"\u003e\u003ccode\u003e@​pkuczynski\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/378\"\u003erubyconfig/config#378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rubyconfig/config/compare/5.6.0...5.6.1\"\u003ehttps://github.com/rubyconfig/config/compare/5.6.0...5.6.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: added extra sources in initializer by \u003ca href=\"https://github.com/Nuzair46\"\u003e\u003ccode\u003e@​Nuzair46\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/366\"\u003erubyconfig/config#366\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rubyconfig/config/compare/5.5.2...5.6.0\"\u003ehttps://github.com/rubyconfig/config/compare/5.5.2...5.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.5.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix warning: ostruct was loaded from the standard library by \u003ca href=\"https://github.com/taketo1113\"\u003e\u003ccode\u003e@​taketo1113\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/363\"\u003erubyconfig/config#363\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/taketo1113\"\u003e\u003ccode\u003e@​taketo1113\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/363\"\u003erubyconfig/config#363\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rubyconfig/config/compare/5.5.0...5.5.2\"\u003ehttps://github.com/rubyconfig/config/compare/5.5.0...5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow arrays to be passed through env variables by \u003ca href=\"https://github.com/dominh\"\u003e\u003ccode\u003e@​dominh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/354\"\u003erubyconfig/config#354\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typos in the tests and documentation by \u003ca href=\"https://github.com/ydah\"\u003e\u003ccode\u003e@​ydah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/359\"\u003erubyconfig/config#359\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003efunding_url\u003c/code\u003e rather than \u003ccode\u003epost_install_message\u003c/code\u003e by \u003ca href=\"https://github.com/pda\"\u003e\u003ccode\u003e@​pda\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/360\"\u003erubyconfig/config#360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dominh\"\u003e\u003ccode\u003e@​dominh\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/354\"\u003erubyconfig/config#354\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ydah\"\u003e\u003ccode\u003e@​ydah\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/359\"\u003erubyconfig/config#359\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pda\"\u003e\u003ccode\u003e@​pda\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/360\"\u003erubyconfig/config#360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rubyconfig/config/compare/5.4.0...5.5.0\"\u003ehttps://github.com/rubyconfig/config/compare/5.4.0...5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.4.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd configuration option \u003ccode\u003eenvironment\u003c/code\u003e to override the use of \u003ccode\u003eRails.env\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/356\"\u003e#356\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003edry-validation\u003c/code\u003e from dependencies (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/333\"\u003e#333\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow to use custom filename \u0026amp;\u0026amp; directory name to store configs (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rubyconfig/config/blob/master/CHANGELOG.md\"\u003econfig's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(security): replace IO.read with File.read \u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/378\"\u003e#378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eextra_sources\u003c/code\u003e in initializer (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/366\"\u003e#366\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix warning: ostruct was loaded from the standard library with Ruby 3.3.5 and 3.4+ (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/363\"\u003e#363\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.1\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix funding_url to funding_uri in gemspec (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow arrays to be passed through env variables (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/354\"\u003e#354\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse funding_url rather than post_install_message (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typos in the tests and documentation (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.4.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd configuration option \u003ccode\u003eenvironment\u003c/code\u003e to override the use of \u003ccode\u003eRails.env\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/356\"\u003e#356\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003edry-validation\u003c/code\u003e from dependencies (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/333\"\u003e#333\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow to use custom filename \u0026amp;\u0026amp; directory name to store configs (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent name collision with private methods from ancestors (\u003ca href=\"https://redirect.github.com/rubyconfig/config/pull/351\"\u003e#351\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/8b6ffe6dcc91f52f06d5a1502333108d1c6033ca\"\u003e\u003ccode\u003e8b6ffe6\u003c/code\u003e\u003c/a\u003e release: 5.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/d639f9db7355195f1ea7d21ddae32f0c166759ae\"\u003e\u003ccode\u003ed639f9d\u003c/code\u003e\u003c/a\u003e ci: limit workflow permissions (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/379\"\u003e#379\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/e0bf18fab4feed4f5413c6528c198009b36fa536\"\u003e\u003ccode\u003ee0bf18f\u003c/code\u003e\u003c/a\u003e fix(security): replace \u003ccode\u003eIO.read\u003c/code\u003e with \u003ccode\u003eFile.read\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/378\"\u003e#378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/263e66a4a70c053f1181f8f65d666d22a6f60b64\"\u003e\u003ccode\u003e263e66a\u003c/code\u003e\u003c/a\u003e test: bump puma in rails 5.2 test app to fix security warning (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/377\"\u003e#377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/c833d1964b0e10ae71ccc780bc46766baeb7e22e\"\u003e\u003ccode\u003ec833d19\u003c/code\u003e\u003c/a\u003e release: 5.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/4dc0f3e6e945a6159f35630098f8de0311a6908a\"\u003e\u003ccode\u003e4dc0f3e\u003c/code\u003e\u003c/a\u003e ci: fix jruby rails \u0026gt;= 7.2 (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/376\"\u003e#376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/1f17cd8d6215cf38e702f58c0f701e813c7ce0ef\"\u003e\u003ccode\u003e1f17cd8\u003c/code\u003e\u003c/a\u003e feat: added extra sources in initializer (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/366\"\u003e#366\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/97b3e8cbf47f022a27ff4962c059b0fc139a1369\"\u003e\u003ccode\u003e97b3e8c\u003c/code\u003e\u003c/a\u003e ci: add rails 7.2 and 8.0 to the test matrix and bump some older dependencies...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/1b5581d23b47c81a233d61c28f0c6716d74d8f63\"\u003e\u003ccode\u003e1b5581d\u003c/code\u003e\u003c/a\u003e ci: add Ruby 3.4 to the test matrix (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/369\"\u003e#369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubyconfig/config/commit/a4c978f4a64975fd609780541b2b243883217e4f\"\u003e\u003ccode\u003ea4c978f\u003c/code\u003e\u003c/a\u003e ci: remove unnecessary ubuntu packages installation (\u003ca href=\"https://redirect.github.com/rubyconfig/config/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rubyconfig/config/compare/4.1.0...5.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-apis-analyticsdata_v1beta` from 0.32.0 to 0.40.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-api-ruby-client/blob/main/generated/google-apis-analyticsdata_v1beta/CHANGELOG.md\"\u003egoogle-apis-analyticsdata_v1beta's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.40.0 (2025-05-04)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated using generator version 0.17.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.39.0 (2024-11-24)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated from discovery document revision 20241117\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.38.0 (2024-09-01)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated from discovery document revision 20240825\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.37.0 (2024-08-04)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated from discovery document revision 20240731\u003c/li\u003e\n\u003cli\u003eRegenerated using generator version 0.15.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.36.0 (2024-05-19)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated from discovery document revision 20240512\u003c/li\u003e\n\u003cli\u003eRegenerated using generator version 0.15.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.35.0 (2024-02-24)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated using generator version 0.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.34.0 (2024-02-04)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated from discovery document revision 20240128\u003c/li\u003e\n\u003cli\u003eRegenerated using generator version 0.13.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.33.0 (2024-01-22)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated using generator version 0.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/googleapis/google-api-ruby-client/compare/0.32.0...0.40.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleauth` from 1.3.0 to 1.16.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/releases\"\u003egoogleauth's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003egoogleauth: v1.16.2\u003c/h2\u003e\n\u003ch3\u003e1.16.2 (2026-02-26)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003einitialize the JWT credentials without JSON roundtrip (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereturn response body from revoke! for logging pipeline (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/562\"\u003e#562\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogleauth: v1.16.1\u003c/h2\u003e\n\u003ch3\u003e1.16.1 (2026-01-15)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003erestore support for JSON keys missing 'type' field (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogleauth: v1.16.0\u003c/h2\u003e\n\u003ch3\u003e1.16.0 (2025-11-21)\u003c/h3\u003e\n\u003ch4\u003eFeatures\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ADC support for impersonated credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/547\"\u003e#547\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eInclude security warning in ExternalAccount and ImpersonatedServiceAccount credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogleauth: v1.15.1\u003c/h2\u003e\n\u003ch3\u003e1.15.1 (2025-10-14)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate method make_creds in DefaultCredentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogleauth: v1.15.0\u003c/h2\u003e\n\u003ch3\u003e1.15.0 (2025-08-25)\u003c/h3\u003e\n\u003ch4\u003eFeatures\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eadd typed errors to authentication library (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/533\"\u003e#533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for JWT 3.x (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/542\"\u003e#542\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efix incorrect error and apply some code complexity refactoring (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport Pathname for cred loading (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/537\"\u003e#537\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDocumentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eadd summary documentation on credentials types and improve YARD comments\u003c/li\u003e\n\u003cli\u003eadd summary documentation on credentials types and improve YARD comments (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003egoogleauth: v1.14.0\u003c/h2\u003e\n\u003ch3\u003e1.14.0 (2025-03-14)\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/blob/main/CHANGELOG.md\"\u003egoogleauth's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e1.16.2 (2026-02-26)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003einitialize the JWT credentials without JSON roundtrip (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereturn response body from revoke! for logging pipeline (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/562\"\u003e#562\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e1.16.1 (2026-01-15)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003erestore support for JSON keys missing 'type' field (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e1.16.0 (2025-11-21)\u003c/h3\u003e\n\u003ch4\u003eFeatures\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ADC support for impersonated credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/547\"\u003e#547\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eInclude security warning in ExternalAccount and ImpersonatedServiceAccount credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e1.15.1 (2025-10-14)\u003c/h3\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate method make_creds in DefaultCredentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e1.15.0 (2025-08-25)\u003c/h3\u003e\n\u003ch4\u003eFeatures\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eadd typed errors to authentication library (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/533\"\u003e#533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for JWT 3.x (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/542\"\u003e#542\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug Fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efix incorrect error and apply some code complexity refactoring (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport Pathname for cred loading (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/537\"\u003e#537\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDocumentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eadd summary documentation on credentials types and improve YARD comments\u003c/li\u003e\n\u003cli\u003eadd summary documentation on credentials types and improve YARD comments (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e1.14.0 (2025-03-14)\u003c/h3\u003e\n\u003ch4\u003eFeatures\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eadd API key credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/520\"\u003e#520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Bearer token credentials\u003c/li\u003e\n\u003cli\u003eadd BearerToken credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/522\"\u003e#522\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/1ef191b1342c19736ebe7a5640bfb86a7d989c68\"\u003e\u003ccode\u003e1ef191b\u003c/code\u003e\u003c/a\u003e chore(main): release googleauth 1.16.2 (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/565\"\u003e#565\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/fb5b7978d66b43465081a024aaf7ebc17354ed9d\"\u003e\u003ccode\u003efb5b797\u003c/code\u003e\u003c/a\u003e fix: return response body from revoke! for logging pipeline (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/562\"\u003e#562\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/b0ec7d8b1e7a722839a196cb7a56b9c6f43e8159\"\u003e\u003ccode\u003eb0ec7d8\u003c/code\u003e\u003c/a\u003e fix: initialize the JWT credentials without JSON roundtrip (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/5c4ab1cfc3517d5490633c878cb5136ca4da75e6\"\u003e\u003ccode\u003e5c4ab1c\u003c/code\u003e\u003c/a\u003e chore: replace old ruby teams with cloud-sdk-ruby-team (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/560\"\u003e#560\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/43ab9db5f237fb337cbd8d8db562f28cc2bfcff8\"\u003e\u003ccode\u003e43ab9db\u003c/code\u003e\u003c/a\u003e chore(main): release googleauth 1.16.1 (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/559\"\u003e#559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/d7193fc6364f099d8110271a65d474227573aa91\"\u003e\u003ccode\u003ed7193fc\u003c/code\u003e\u003c/a\u003e fix: restore support for JSON keys missing 'type' field (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/a59a1df96d4bf476d1fd96544b309ce4a6a70ec9\"\u003e\u003ccode\u003ea59a1df\u003c/code\u003e\u003c/a\u003e chore(main): release googleauth 1.16.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/317474db5f5889755f309704a9304d4fb86f06f6\"\u003e\u003ccode\u003e317474d\u003c/code\u003e\u003c/a\u003e fix: Include security warning in ExternalAccount and ImpersonatedServiceAccou...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/4c31b17f02d0f46c991418ab6f909383623d489c\"\u003e\u003ccode\u003e4c31b17\u003c/code\u003e\u003c/a\u003e feat: Add ADC support for impersonated credentials (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/547\"\u003e#547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/commit/1c6724ffd2e7a9c8bf171f9858bcd334d03df98b\"\u003e\u003ccode\u003e1c6724f\u003c/code\u003e\u003c/a\u003e chore(main): release googleauth 1.15.1 (\u003ca href=\"https://redirect.github.com/googleapis/google-auth-library-ruby/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-auth-library-ruby/compare/googleauth/v1.3.0...googleauth/v1.16.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-core` from 3.243.0 to 3.246.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-core/CHANGELOG.md\"\u003eaws-sdk-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.246.0 (2026-04-23)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updated configuration values for \u003ccode\u003edefaults_mode\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.245.0 (2026-04-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Updated Aws::STS::Client with the latest API changes.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - The STS client now supports configuring SigV4a through the auth scheme preference setting. SigV4a uses asymmetric cryptography, enabling customers using long-term IAM credentials to continue making STS API calls even when a region is isolated from the partition leader.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Explicitly set 0600 permissions on SSO/login cache files.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.244.0 (2026-03-18)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Support waiter error matcher to handle both boolean and boolean-string acceptors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rspec-core` from 3.12.1 to 3.13.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rspec/rspec/blob/rspec-core-v3.13.6/rspec-core/Changelog.md\"\u003erspec-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e3.13.6 / 2025-10-19\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec/compare/rspec-core-v3.13.4...rspec-core-v3.13.5\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug Fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit block parameter to \u003ccode\u003eRSpec::World::Null.traverse_example_group_trees_until\u003c/code\u003e to\nprevent warning. (\u003ca href=\"https://github.com/viralpraxis\"\u003e\u003ccode\u003e@​viralpraxis\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rspec/rspec/issues/240\"\u003erspec/rspec#240\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.5 / 2025-06-25\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec/compare/rspec-core-v3.13.4...rspec-core-v3.13.5\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug Fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix finding failed lines from frozen backtrace arrays. (Jon Rowe, \u003ca href=\"https://redirect.github.com/rspec/rspec/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.4 / 2025-05-27\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec/compare/rspec-core-v3.13.3...rspec-core-v3.13.4\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug Fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix links in gemspec to point to the monorepo / homepage.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.3 / 2025-02-06\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec/compare/rspec-core-v3.13.4...rspec-core-v3.13.3\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix reporter memorisation of \u003ccode\u003eExamplesNotification\u003c/code\u003e used in \u003ccode\u003eRSpec::Core::Reporter#finish\u003c/code\u003e\nby reusing an instance across notifcations. (Maxime Lapointe, \u003ca href=\"https://redirect.github.com/rspec/rspec/issues/172\"\u003erspec/rspec#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix memorisation of \u003ccode\u003eRSpec::Core::Example#location_rerun_argument\u003c/code\u003e.\n(Maxime Lapointe, \u003ca href=\"https://redirect.github.com/rspec/rspec/issues/173\"\u003erspec/rspec#173\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.2 / 2024-10-18\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec-core/compare/v3.13.1...v3.13.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eRSpec::Configuration#requires\u003c/code\u003e will reflect files already required, whilst requiring\nthem. (Jon Rowe, \u003ca href=\"https://redirect.github.com/rspec/rspec-core/issues/3117\"\u003erspec/rspec-core#3117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.1 / 2024-09-02\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec-core/compare/v3.13.0...v3.13.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSort ids to run as the original order to fix \u003ccode\u003e--bisect\u003c/code\u003e. (Maki Kawahara, \u003ca href=\"https://redirect.github.com/rspec/rspec-core/issues/3093\"\u003erspec/rspec-core#3093\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e3.13.0 / 2024-02-04\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"http://github.com/rspec/rspec-core/compare/v3.12.3...v3.13.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rspec/rspec/commits/rspec-core-v3.13.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleauth` from 1.3.0 to 1.16.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/dpla/dashboard-analytics/pull/306","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpla%2Fdashboard-analytics/issues/306","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/306/packages"}},{"old_version":"3.2.4","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-04-28T07:21:11.000Z","version_change":"3.2.4 → 3.2.6","issue":{"uuid":"4341314422","node_id":"PR_kwDOAAXsEc7WPO-i","number":2039,"state":"open","title":"Bump rack from 3.2.4 to 3.2.6","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T07:21:11.000Z","updated_at":"2026-05-01T03:56:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"rack","old_version":"3.2.4","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [rack](https://github.com/rack/rack) from 3.2.4 to 3.2.6.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.5] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.4...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/openaustralia/planningalerts/pull/2039","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/openaustralia%2Fplanningalerts/issues/2039","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2039/packages"}},{"old_version":"3.2.5","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-04-24T14:47:13.000Z","version_change":"3.2.5 → 3.2.6","issue":{"uuid":"4323694450","node_id":"PR_kwDORfLItc7VXyIk","number":150,"state":"closed","title":"build(deps): bump the bundler-production-dependencies group across 1 directory with 72 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T00:36:04.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-24T14:47:13.000Z","updated_at":"2026-05-20T00:36:06.000Z","time_to_close":2195331,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"bundler-production-dependencies","update_count":72,"packages":[{"name":"puma","old_version":"7.2.0","new_version":"8.0.0","repository_url":"https://github.com/puma/puma"},{"name":"google-protobuf","old_version":"4.34.0","new_version":"4.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"opentelemetry-sdk","old_version":"1.10.0","new_version":"1.11.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-common","old_version":"0.23.0","new_version":"0.24.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-logs-sdk","old_version":"0.4.0","new_version":"0.5.1","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-metrics-sdk","old_version":"0.12.0","new_version":"0.13.1","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp","old_version":"0.31.1","new_version":"0.33.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-metrics","old_version":"0.6.1","new_version":"0.8.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-logs","old_version":"0.2.2","new_version":"0.4.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-instrumentation-all","old_version":"0.90.1","new_version":"0.92.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby-contrib"},{"name":"openfeature-sdk","old_version":"0.5.0","new_version":"0.6.5","repository_url":"https://github.com/open-feature/ruby-sdk"},{"name":"grpc","old_version":"1.78.1","new_version":"1.80.0","repository_url":"https://github.com/google/grpc"},{"name":"mustermann","old_version":"3.0.4","new_version":"3.1.1","repository_url":"https://github.com/sinatra/mustermann"},{"name":"net-imap","old_version":"0.6.3","new_version":"0.6.4","repository_url":"https://github.com/ruby/net-imap"},{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler-production-dependencies group with 16 updates in the /src/email directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [puma](https://github.com/puma/puma) | `7.2.0` | `8.0.0` |\n| [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.34.0` | `4.34.1` |\n| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `1.10.0` | `1.11.0` |\n| [opentelemetry-common](https://github.com/open-telemetry/opentelemetry-ruby) | `0.23.0` | `0.24.0` |\n| [opentelemetry-logs-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.4.0` | `0.5.1` |\n| [opentelemetry-metrics-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.12.0` | `0.13.1` |\n| [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-ruby) | `0.31.1` | `0.33.0` |\n| [opentelemetry-exporter-otlp-metrics](https://github.com/open-telemetry/opentelemetry-ruby) | `0.6.1` | `0.8.0` |\n| [opentelemetry-exporter-otlp-logs](https://github.com/open-telemetry/opentelemetry-ruby) | `0.2.2` | `0.4.0` |\n| [opentelemetry-instrumentation-all](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.90.1` | `0.92.0` |\n| [openfeature-sdk](https://github.com/open-feature/ruby-sdk) | `0.5.0` | `0.6.5` |\n| [grpc](https://github.com/google/grpc) | `1.78.1` | `1.80.0` |\n| [mustermann](https://github.com/sinatra/mustermann) | `3.0.4` | `3.1.1` |\n| [net-imap](https://github.com/ruby/net-imap) | `0.6.3` | `0.6.4` |\n| [rack](https://github.com/rack/rack) | `3.2.5` | `3.2.6` |\n| [rack-session](https://github.com/rack/rack-session) | `2.1.1` | `2.1.2` |\n\n\nUpdates `puma` from 7.2.0 to 8.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0 - Into the Arena\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eRead our \u003ca href=\"https://github.com/puma/puma/blob/main/docs/8.0-Upgrade.md\"\u003eVersion 8 Upgrade Guide.\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.0 / 2026-03-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/08f63d495955eaee065d0ee18849f4ddcd52fe72\"\u003e\u003ccode\u003e08f63d4\u003c/code\u003e\u003c/a\u003e Release v8.0.0 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3914\"\u003e#3914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7406cc192480ce9d01c9a47e6f41fcb1548217a6\"\u003e\u003ccode\u003e7406cc1\u003c/code\u003e\u003c/a\u003e Fix IPv4-mapped IPv6 addresses in \u003ccode\u003eREMOTE_ADDR\u003c/code\u003e and request logs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3916\"\u003e#3916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/e090243320eb743a6c03f77f4ffa9e1a24c677b1\"\u003e\u003ccode\u003ee090243\u003c/code\u003e\u003c/a\u003e Build(deps): Bump actions/checkout from 4 to 6 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3915\"\u003e#3915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7d5dca1a561a95c2a6b8742b52c81c73cd2b95ca\"\u003e\u003ccode\u003e7d5dca1\u003c/code\u003e\u003c/a\u003e Update SECURITY.md, native Github vuln reports [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3913\"\u003e#3913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/66e6a32de52d9beed43e1c598bda360f906ccbef\"\u003e\u003ccode\u003e66e6a32\u003c/code\u003e\u003c/a\u003e Minor correction to defaults documented in dsl.rb (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/3788eca453a64ffb05a67115d3e2a276bbaf21a3\"\u003e\u003ccode\u003e3788eca\u003c/code\u003e\u003c/a\u003e ci: limit rack-conform to main pushes and scope ragel PR runs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3908\"\u003e#3908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/57b7799201adf43cdf508f90c57b95e23f49bbcd\"\u003e\u003ccode\u003e57b7799\u003c/code\u003e\u003c/a\u003e ci: run turbo-rails only on latest stable Ruby and Rails (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3909\"\u003e#3909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/6685d6b8024c5480774b790808e4f0343e414fa5\"\u003e\u003ccode\u003e6685d6b\u003c/code\u003e\u003c/a\u003e ci: replace skip-duplicate jobs with concurrency and trigger filters (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3907\"\u003e#3907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/2848c823dfc9838033d6ce342fee917e81aeedc1\"\u003e\u003ccode\u003e2848c82\u003c/code\u003e\u003c/a\u003e ci: run push workflows only on main and release branches (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3906\"\u003e#3906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/97a37bb7c6a457f8846eb3ce307daadd4b38b4f8\"\u003e\u003ccode\u003e97a37bb\u003c/code\u003e\u003c/a\u003e Add release pre-merge checks and align Release.md [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3904\"\u003e#3904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/puma/puma/compare/v7.2.0...v8.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-protobuf` from 4.34.0 to 4.34.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-sdk` from 1.10.0 to 1.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-sdk 1.11.0\u003c/h2\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/sdk/CHANGELOG.md\"\u003eopentelemetry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/1933d4c18e5f5e45c53fa9e902e58aa91e85cc38\"\u003e\u003ccode\u003e1933d4c\u003c/code\u003e\u003c/a\u003e chore: add explicit logger dependency to api and sdk gems (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1951\"\u003e#1951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-sdk/v1.10.0...opentelemetry-sdk/v1.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-common` from 0.23.0 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-common 0.24.0\u003c/h2\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/common/CHANGELOG.md\"\u003eopentelemetry-common's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-common/v0.23.0...opentelemetry-common/v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-logs-sdk` from 0.4.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-logs-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-logs-sdk 0.5.1\u003c/h2\u003e\n\u003ch3\u003ev0.5.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the logs-sdk requires to support \u0026quot;require 'opentelemetry/sdk/logs'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-logs-sdk 0.5.0\u003c/h2\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/logs_sdk/CHANGELOG.md\"\u003eopentelemetry-logs-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.5.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the logs-sdk requires to support \u0026quot;require 'opentelemetry/sdk/logs'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/65863064ace194de643d55e9dc9ab38207e8170a\"\u003e\u003ccode\u003e6586306\u003c/code\u003e\u003c/a\u003e release: Release 2 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/ba74c81d83cdc06a01303040325f5b2982291bc1\"\u003e\u003ccode\u003eba74c81\u003c/code\u003e\u003c/a\u003e fix: Move the logs-sdk and metrics-sdk requires (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/c3cf68e8ac491457591c52ed69fedc3fe9190616\"\u003e\u003ccode\u003ec3cf68e\u003c/code\u003e\u003c/a\u003e chore: Skip flaky test on CI (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-logs-sdk/v0.4.0...opentelemetry-logs-sdk/v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-metrics-sdk` from 0.12.0 to 0.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-metrics-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-metrics-sdk 0.13.1\u003c/h2\u003e\n\u003ch3\u003ev0.13.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the metrics-sdk requires to support \u0026quot;require 'opentelemetry/sdk/metrics'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-metrics-sdk 0.13.0\u003c/h2\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/metrics_sdk/CHANGELOG.md\"\u003eopentelemetry-metrics-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.13.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the metrics-sdk requires to support \u0026quot;require 'opentelemetry/sdk/metrics'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/65863064ace194de643d55e9dc9ab38207e8170a\"\u003e\u003ccode\u003e6586306\u003c/code\u003e\u003c/a\u003e release: Release 2 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/aaf78f11ee3f63aabfc5826655c5999c66d0fc86\"\u003e\u003ccode\u003eaaf78f1\u003c/code\u003e\u003c/a\u003e chore(readme): clean up and docs for exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/ba74c81d83cdc06a01303040325f5b2982291bc1\"\u003e\u003ccode\u003eba74c81\u003c/code\u003e\u003c/a\u003e fix: Move the logs-sdk and metrics-sdk requires (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/60ffa1ecce42200d0d552d78a9d00a61eb703f29\"\u003e\u003ccode\u003e60ffa1e\u003c/code\u003e\u003c/a\u003e chore(readme): update metrics sdk readme (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2051\"\u003e#2051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-metrics-sdk/v0.12.0...opentelemetry-metrics-sdk/v0.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp` from 0.31.1 to 0.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.33.0\u003c/h2\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.32.0\u003c/h2\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp/v0.31.1...opentelemetry-exporter-otlp/v0.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-metrics` from 0.6.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-metrics's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.8.0\u003c/h2\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.7.0\u003c/h2\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-metrics/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-metrics's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-metrics/v0.6.1...opentelemetry-exporter-otlp-metrics/v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-logs` from 0.2.2 to 0.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-logs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.4.0\u003c/h2\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.3.0\u003c/h2\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-logs/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-logs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/86e979e6c607dab253ca8110566880afd5e192cf\"\u003e\u003ccode\u003e86e979e\u003c/code\u003e\u003c/a\u003e docs: fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-logs/v0.2.2...opentelemetry-exporter-otlp-logs/v0.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-instrumentation-all` from 0.90.1 to 0.92.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases\"\u003eopentelemetry-instrumentation-all's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.92.0\u003c/h2\u003e\n\u003ch2\u003ev0.92.0 / 2026-04-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBREAKING CHANGE: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add release tag into source code url of gem metadata (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/1984\"\u003e#1984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCHANGED: Update transitive dependencies for all instrumentation gems to new versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.91.0\u003c/h2\u003e\n\u003ch3\u003ev0.91.0 / 2026-03-17\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-anthropic to 0.4.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-dalli to 0.29.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-ethon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-excon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-faraday to 0.32.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-grape to 0.6.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-graphql to 0.31.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http_client to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-httpx to 0.7.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-net_http to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-racecar to 0.6.1\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rack to 0.30.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rails to 0.40.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-restclient to 0.27.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-sinatra to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-trilogy to 0.67.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/compare/opentelemetry-instrumentation-all/v0.90.1...opentelemetry-instrumentation-all/v0.92.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openfeature-sdk` from 0.5.0 to 0.6.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/releases\"\u003eopenfeature-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.3...v0.6.4\"\u003e0.6.4\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd OTel-compatible telemetry utility (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/240\"\u003e#240\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a03e524681a38c8762257049fae360fa15fcfba3\"\u003ea03e524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.2...v0.6.3\"\u003e0.6.3\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose spec compliance gaps for OpenFeature v0.8.0 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/237\"\u003e#237\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/9a87d04d5f261ea06e073f405c15613db7099d8a\"\u003e9a87d04\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eenable Gherkin feature tests (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/50\"\u003e#50\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/233\"\u003e#233\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/95845ba6ec26357d9c0895d310361e411f85da11\"\u003e95845ba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose remaining MUST-level spec compliance gaps (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/238\"\u003e#238\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/1d084911964c8672dd66b23834eec6f14e453749\"\u003e1d08491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.1...v0.6.2\"\u003e0.6.2\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd logging hook (spec Appendix A) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/229\"\u003e#229\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/2f681c910198d2bfa16389018f42ca9dc3270936\"\u003e2f681c9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd transaction context propagation (spec 3.3) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/230\"\u003e#230\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0aff30f77a0b680341cfd3d1f43e9d1f0ede1b75\"\u003e0aff30f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.0...v0.6.1\"\u003e0.6.1\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd flag metadata defaulting and immutability (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/221\"\u003e#221\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a300fc559293169f22eb1ce26f738cdee664cd26\"\u003ea300fc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd hook data per-hook mutable state (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/222\"\u003e#222\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/28518a0e08143d167b9d34c86e57a583fe5ee0de\"\u003e28518a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd InMemoryProvider context callbacks and event emission (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/224\"\u003e#224\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0a148f66abc815fc2ec9fd70027075125dbd504a\"\u003e0a148f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd shutdown API, provider status, and status short-circuit (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/223\"\u003e#223\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9c32ad1b467af25697423a542bc568597f39743\"\u003ef9c32ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement Tracking API (spec section 6) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/227\"\u003e#227\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/5576fce1c3bcf6e7510d8957c7e40e85c4b83b6f\"\u003e5576fce\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/blob/main/CHANGELOG.md\"\u003eopenfeature-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.3...v0.6.4\"\u003e0.6.4\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd OTel-compatible telemetry utility (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/240\"\u003e#240\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a03e524681a38c8762257049fae360fa15fcfba3\"\u003ea03e524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.2...v0.6.3\"\u003e0.6.3\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose spec compliance gaps for OpenFeature v0.8.0 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/237\"\u003e#237\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/9a87d04d5f261ea06e073f405c15613db7099d8a\"\u003e9a87d04\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eenable Gherkin feature tests (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/50\"\u003e#50\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/233\"\u003e#233\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/95845ba6ec26357d9c0895d310361e411f85da11\"\u003e95845ba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose remaining MUST-level spec compliance gaps (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/238\"\u003e#238\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/1d084911964c8672dd66b23834eec6f14e453749\"\u003e1d08491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.1...v0.6.2\"\u003e0.6.2\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd logging hook (spec Appendix A) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/229\"\u003e#229\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/2f681c910198d2bfa16389018f42ca9dc3270936\"\u003e2f681c9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd transaction context propagation (spec 3.3) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/230\"\u003e#230\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0aff30f77a0b680341cfd3d1f43e9d1f0ede1b75\"\u003e0aff30f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.0...v0.6.1\"\u003e0.6.1\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd flag metadata defaulting and immutability (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/221\"\u003e#221\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a300fc559293169f22eb1ce26f738cdee664cd26\"\u003ea300fc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd hook data per-hook mutable state (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/222\"\u003e#222\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/28518a0e08143d167b9d34c86e57a583fe5ee0de\"\u003e28518a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd InMemoryProvider context callbacks and event emission (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/224\"\u003e#224\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0a148f66abc815fc2ec9fd70027075125dbd504a\"\u003e0a148f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd shutdown API, provider status, and status short-circuit (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/223\"\u003e#223\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9c32ad1b467af25697423a542bc568597f39743\"\u003ef9c32ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement Tracking API (spec section 6) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/227\"\u003e#227\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/5576fce1c3bcf6e7510d8957c7e40e85c4b83b6f\"\u003e5576fce\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epopulate event details payload with error_code and message (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/225\"\u003e#225\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a185003dc09a69b2dda1fe569d1f82c45979cdad\"\u003ea185003\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.5.1...v0.6.0\"\u003e0.6.0\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/fa8026fb4edb1541e3eeb382709da2f389f68e6a\"\u003e\u003ccode\u003efa8026f\u003c/code\u003e\u003c/a\u003e chore(main): release 0.6.5 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/602d9723f56ed04c56834d0e185c4f0ab1c71f38\"\u003e\u003ccode\u003e602d972\u003c/code\u003e\u003c/a\u003e chore(deps): update codecov/codecov-action action to v5.5.3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e\u003ccode\u003e506e999\u003c/code\u003e\u003c/a\u003e feat: add RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/3f339dc391d35e2509b85e40be22a6d5a35b399d\"\u003e\u003ccode\u003e3f339dc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v4.0.2 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/250\"\u003e#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/c9472a40cc09620be9ffed546abbf34967d3207c\"\u003e\u003ccode\u003ec9472a4\u003c/code\u003e\u003c/a\u003e ci: add Claude Code GitHub Action (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/998c06c4220f854d5f5c7b8d1d1f738fde29d359\"\u003e\u003ccode\u003e998c06c\u003c/code\u003e\u003c/a\u003e chore(deps): update marocchino/sticky-pull-request-comment action to v3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a86856b9b5cbd4bb41de4824fe3f6ff00791cfec\"\u003e\u003ccode\u003ea86856b\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v3.4.9 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/cfdf4789d2a2105c7d38f69255d85afe820d0a3f\"\u003e\u003ccode\u003ecfdf478\u003c/code\u003e\u003c/a\u003e chore: remove known providers table from README (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9d5cfa014ed72ad6a33f67ed2a73651acbf58a5\"\u003e\u003ccode\u003ef9d5cfa\u003c/code\u003e\u003c/a\u003e chore: remove Claude plans and prevent future commits (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a10e3baf916331f902b9f525f62797fd0136f9c7\"\u003e\u003ccode\u003ea10e3ba\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rspec to \u0026quot;~\u0026gt; 3.13.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.5.0...v0.6.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bigdecimal` from 4.0.1 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/releases\"\u003ebigdecimal's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize BigDecimal#to_s by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/519\"\u003eruby/bigdecimal#519\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix calloc-transposed-args warning by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/520\"\u003eruby/bigdecimal#520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse '0'+n for converting single digit to char by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/521\"\u003eruby/bigdecimal#521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Add a workaround for slow BigDecimal#to_f when it has large N_significant_digits\u0026quot; by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/522\"\u003eruby/bigdecimal#522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBigMath.exp overflow/underflow check by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/523\"\u003eruby/bigdecimal#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unary minus on unsigned type warning by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/525\"\u003eruby/bigdecimal#525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dtoa to version from Ruby 4.0 by \u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/528\"\u003eruby/bigdecimal#528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to v4.1.2 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/529\"\u003eruby/bigdecimal#529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/528\"\u003eruby/bigdecimal#528\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/bigdecimal/compare/v4.1.1...v4.1.2\"\u003ehttps://github.com/ruby/bigdecimal/compare/v4.1.1...v4.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003etest\u003c/code\u003e as the default rake task by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd changelog for 4.1.0. by \u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake BigDecimal object embedded by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/507\"\u003eruby/bigdecimal#507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused minitest from Gemfile by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/510\"\u003eruby/bigdecimal#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiplication with 8-decdig batch by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/501\"\u003eruby/bigdecimal#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease VpMult batch size by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/511\"\u003eruby/bigdecimal#511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to cover change in Bundler by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etiny grammar fix in README.md by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/513\"\u003eruby/bigdecimal#513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workaround for slow BigDecimal#to_f when it has large N_significant_digits by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/514\"\u003eruby/bigdecimal#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to v4.1.1 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/516\"\u003eruby/bigdecimal#516\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove ENABLE_NUMERIC_STRING flag by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/479\"\u003eruby/bigdecimal#479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSample code without deprecated modules by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/480\"\u003eruby/bigdecimal#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of add/sub when exponent of two bigdecimals have huge difference by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/478\"\u003eruby/bigdecimal#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange frozen_string_literal from false to true by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/481\"\u003eruby/bigdecimal#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNTT multiplication and Newton-Raphson division by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/407\"\u003eruby/bigdecimal#407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement BigMath::PI with Gauss-Legendre algorithm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/434\"\u003eruby/bigdecimal#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/blob/master/CHANGES.md\"\u003ebigdecimal's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix dtoa Ractor-safety bug. Update dtoa to version from Ruby 4.0 \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/528\"\u003eGH-528\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jhawthorn\"\u003e\u003ccode\u003e@​jhawthorn\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOptimize BigDecimal#to_s \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/519\"\u003eGH-519\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMake BigDecimal object embedded \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/507\"\u003eGH-507\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMultiplication with 16-decdig batch \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/501\"\u003eGH-501\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/511\"\u003eGH-511\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Ruby 2.5 support \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/505\"\u003eGH-505\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance improvements: NTT multiplication, Newton-Raphson division, bit-burst algorithm for exp/sin, Gauss-Legendre for PI, improved log, and faster add/sub for large exponent differences \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/407\"\u003eGH-407\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/433\"\u003eGH-433\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/434\"\u003eGH-434\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/478\"\u003eGH-478\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/484\"\u003eGH-484\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove ENABLE_NUMERIC_STRING flag \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/479\"\u003eGH-479\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd RBS signature and testing \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/488\"\u003eGH-488\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/492\"\u003eGH-492\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix erfc(x,prec) precision when x is huge \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/502\"\u003eGH-502\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix error compiling with ruby.wasm \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/504\"\u003eGH-504\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/9160561c149c370784c793ea6aaa62f8f326280d\"\u003e\u003ccode\u003e9160561\u003c/code\u003e\u003c/a\u003e Bump version to v4.1.2 (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/8050ec79c046665dff237bcd8f85d8ec830a9cc4\"\u003e\u003ccode\u003e8050ec7\u003c/code\u003e\u003c/a\u003e Update dtoa to version from Ruby 4.0 (\u003ca href=\"https://redirect.github.com...\n\n_Description has been truncated_","html_url":"https://github.com/owjoel/is469/pull/150","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/owjoel%2Fis469/issues/150","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/150/packages"}},{"old_version":"3.2.5","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-04-23T14:20:22.000Z","version_change":"3.2.5 → 3.2.6","issue":{"uuid":"4316652304","node_id":"PR_kwDOQ3MpKM7VArMr","number":160,"state":"closed","title":"Bump rack from 3.2.5 to 3.2.6","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-27T06:56:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-23T14:20:22.000Z","updated_at":"2026-04-27T06:56:25.000Z","time_to_close":318961,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [rack](https://github.com/rack/rack) from 3.2.5 to 3.2.6.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack\u0026package-manager=bundler\u0026previous-version=3.2.5\u0026new-version=3.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/poposann0746/kebab-tokyo/pull/160","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/poposann0746%2Fkebab-tokyo/issues/160","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/160/packages"}},{"old_version":"2.2.9","new_version":"2.2.23","update_type":"patch","path":null,"pr_created_at":"2026-04-19T23:12:57.000Z","version_change":"2.2.9 → 2.2.23","issue":{"uuid":"4292283068","node_id":"PR_kwDOJK-Qg87Txwig","number":991,"state":"open","title":"Bump rack from 2.2.9 to 2.2.23","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-19T23:12:57.000Z","updated_at":"2026-04-19T23:12:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"rack","old_version":"2.2.9","new_version":"2.2.23","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [rack](https://github.com/rack/rack) from 2.2.9 to 2.2.23.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.2.23] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.22] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.21] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.20] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.19] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.18] - 2025-09-25\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-625h-95r8-8xpm\"\u003eCVE-2025-59830\u003c/a\u003e Unbounded parameter parsing in \u003ccode\u003eRack::QueryParser\u003c/code\u003e can lead to memory exhaustion via semicolon-separated parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.2.17] - 2025-06-03\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/f2af0c8f869193fa7bb7d20b619b3003418e1055\"\u003e\u003ccode\u003ef2af0c8\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/345b74428e278540bb6c68484e60e01b7542fd49\"\u003e\u003ccode\u003e345b744\u003c/code\u003e\u003c/a\u003e Fix tests for old Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e2d8e309680f2b9820ab5de13a43f76778bd2c6d\"\u003e\u003ccode\u003ee2d8e30\u003c/code\u003e\u003c/a\u003e Add version guard around non-default gems.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/add1a80fa7a3772605cae8a45e29af6b1d425057\"\u003e\u003ccode\u003eadd1a80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/54261eccf12bb01952f7cbc8203fe68a0e5a1ee3\"\u003e\u003ccode\u003e54261ec\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a36f48bbda4835aa00c3c2f2dbddc5a734dcdfcd\"\u003e\u003ccode\u003ea36f48b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eostruct\u003c/code\u003e to Gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8883f0da7bf9606d0973f7915a30c3edfc0d3038\"\u003e\u003ccode\u003e8883f0d\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/2287a3babec2e80d47329e7e75b5f15c406a07ab\"\u003e\u003ccode\u003e2287a3b\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e6540e5f11e75c9fb4335934de54b6de05bcf626\"\u003e\u003ccode\u003ee6540e5\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de\"\u003e\u003ccode\u003ec42e357\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.9...v2.2.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack\u0026package-manager=bundler\u0026previous-version=2.2.9\u0026new-version=2.2.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/assirims/test_gems/pull/991","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/assirims%2Ftest_gems/issues/991","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/991/packages"}},{"old_version":"3.2.5","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-04-15T23:46:13.000Z","version_change":"3.2.5 → 3.2.6","issue":{"uuid":"4272370124","node_id":"PR_kwDORxQaNc7Sz6By","number":72,"state":"closed","title":"build(deps): bump the bundler-production-dependencies group across 1 directory with 70 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-23T23:37:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-15T23:46:13.000Z","updated_at":"2026-04-23T23:37:59.000Z","time_to_close":690704,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"bundler-production-dependencies","update_count":70,"packages":[{"name":"puma","old_version":"7.2.0","new_version":"8.0.0","repository_url":"https://github.com/puma/puma"},{"name":"google-protobuf","old_version":"4.34.0","new_version":"4.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"opentelemetry-sdk","old_version":"1.10.0","new_version":"1.11.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-common","old_version":"0.23.0","new_version":"0.24.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-logs-sdk","old_version":"0.4.0","new_version":"0.5.1","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-metrics-sdk","old_version":"0.12.0","new_version":"0.13.1","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp","old_version":"0.31.1","new_version":"0.33.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-metrics","old_version":"0.6.1","new_version":"0.8.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-logs","old_version":"0.2.2","new_version":"0.4.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-instrumentation-all","old_version":"0.90.1","new_version":"0.92.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby-contrib"},{"name":"openfeature-sdk","old_version":"0.6.4","new_version":"0.6.5","repository_url":"https://github.com/open-feature/ruby-sdk"},{"name":"grpc","old_version":"1.78.1","new_version":"1.80.0","repository_url":"https://github.com/google/grpc"},{"name":"mustermann","old_version":"3.0.4","new_version":"3.1.0","repository_url":"https://github.com/sinatra/mustermann"},{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler-production-dependencies group with 15 updates in the /src/email directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [puma](https://github.com/puma/puma) | `7.2.0` | `8.0.0` |\n| [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.34.0` | `4.34.1` |\n| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `1.10.0` | `1.11.0` |\n| [opentelemetry-common](https://github.com/open-telemetry/opentelemetry-ruby) | `0.23.0` | `0.24.0` |\n| [opentelemetry-logs-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.4.0` | `0.5.1` |\n| [opentelemetry-metrics-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.12.0` | `0.13.1` |\n| [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-ruby) | `0.31.1` | `0.33.0` |\n| [opentelemetry-exporter-otlp-metrics](https://github.com/open-telemetry/opentelemetry-ruby) | `0.6.1` | `0.8.0` |\n| [opentelemetry-exporter-otlp-logs](https://github.com/open-telemetry/opentelemetry-ruby) | `0.2.2` | `0.4.0` |\n| [opentelemetry-instrumentation-all](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.90.1` | `0.92.0` |\n| [openfeature-sdk](https://github.com/open-feature/ruby-sdk) | `0.6.4` | `0.6.5` |\n| [grpc](https://github.com/google/grpc) | `1.78.1` | `1.80.0` |\n| [mustermann](https://github.com/sinatra/mustermann) | `3.0.4` | `3.1.0` |\n| [rack](https://github.com/rack/rack) | `3.2.5` | `3.2.6` |\n| [rack-session](https://github.com/rack/rack-session) | `2.1.1` | `2.1.2` |\n\n\nUpdates `puma` from 7.2.0 to 8.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0 - Into the Arena\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eRead our \u003ca href=\"https://github.com/puma/puma/blob/main/docs/8.0-Upgrade.md\"\u003eVersion 8 Upgrade Guide.\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.0 / 2026-03-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/08f63d495955eaee065d0ee18849f4ddcd52fe72\"\u003e\u003ccode\u003e08f63d4\u003c/code\u003e\u003c/a\u003e Release v8.0.0 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3914\"\u003e#3914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7406cc192480ce9d01c9a47e6f41fcb1548217a6\"\u003e\u003ccode\u003e7406cc1\u003c/code\u003e\u003c/a\u003e Fix IPv4-mapped IPv6 addresses in \u003ccode\u003eREMOTE_ADDR\u003c/code\u003e and request logs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3916\"\u003e#3916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/e090243320eb743a6c03f77f4ffa9e1a24c677b1\"\u003e\u003ccode\u003ee090243\u003c/code\u003e\u003c/a\u003e Build(deps): Bump actions/checkout from 4 to 6 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3915\"\u003e#3915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7d5dca1a561a95c2a6b8742b52c81c73cd2b95ca\"\u003e\u003ccode\u003e7d5dca1\u003c/code\u003e\u003c/a\u003e Update SECURITY.md, native Github vuln reports [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3913\"\u003e#3913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/66e6a32de52d9beed43e1c598bda360f906ccbef\"\u003e\u003ccode\u003e66e6a32\u003c/code\u003e\u003c/a\u003e Minor correction to defaults documented in dsl.rb (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/3788eca453a64ffb05a67115d3e2a276bbaf21a3\"\u003e\u003ccode\u003e3788eca\u003c/code\u003e\u003c/a\u003e ci: limit rack-conform to main pushes and scope ragel PR runs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3908\"\u003e#3908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/57b7799201adf43cdf508f90c57b95e23f49bbcd\"\u003e\u003ccode\u003e57b7799\u003c/code\u003e\u003c/a\u003e ci: run turbo-rails only on latest stable Ruby and Rails (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3909\"\u003e#3909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/6685d6b8024c5480774b790808e4f0343e414fa5\"\u003e\u003ccode\u003e6685d6b\u003c/code\u003e\u003c/a\u003e ci: replace skip-duplicate jobs with concurrency and trigger filters (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3907\"\u003e#3907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/2848c823dfc9838033d6ce342fee917e81aeedc1\"\u003e\u003ccode\u003e2848c82\u003c/code\u003e\u003c/a\u003e ci: run push workflows only on main and release branches (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3906\"\u003e#3906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/97a37bb7c6a457f8846eb3ce307daadd4b38b4f8\"\u003e\u003ccode\u003e97a37bb\u003c/code\u003e\u003c/a\u003e Add release pre-merge checks and align Release.md [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3904\"\u003e#3904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/puma/puma/compare/v7.2.0...v8.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-protobuf` from 4.34.0 to 4.34.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-sdk` from 1.10.0 to 1.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-sdk 1.11.0\u003c/h2\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/sdk/CHANGELOG.md\"\u003eopentelemetry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/1933d4c18e5f5e45c53fa9e902e58aa91e85cc38\"\u003e\u003ccode\u003e1933d4c\u003c/code\u003e\u003c/a\u003e chore: add explicit logger dependency to api and sdk gems (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1951\"\u003e#1951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-sdk/v1.10.0...opentelemetry-sdk/v1.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-common` from 0.23.0 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-common 0.24.0\u003c/h2\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/common/CHANGELOG.md\"\u003eopentelemetry-common's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-common/v0.23.0...opentelemetry-common/v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-logs-sdk` from 0.4.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-logs-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-logs-sdk 0.5.1\u003c/h2\u003e\n\u003ch3\u003ev0.5.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the logs-sdk requires to support \u0026quot;require 'opentelemetry/sdk/logs'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-logs-sdk 0.5.0\u003c/h2\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/logs_sdk/CHANGELOG.md\"\u003eopentelemetry-logs-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.5.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the logs-sdk requires to support \u0026quot;require 'opentelemetry/sdk/logs'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/65863064ace194de643d55e9dc9ab38207e8170a\"\u003e\u003ccode\u003e6586306\u003c/code\u003e\u003c/a\u003e release: Release 2 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/ba74c81d83cdc06a01303040325f5b2982291bc1\"\u003e\u003ccode\u003eba74c81\u003c/code\u003e\u003c/a\u003e fix: Move the logs-sdk and metrics-sdk requires (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/c3cf68e8ac491457591c52ed69fedc3fe9190616\"\u003e\u003ccode\u003ec3cf68e\u003c/code\u003e\u003c/a\u003e chore: Skip flaky test on CI (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-logs-sdk/v0.4.0...opentelemetry-logs-sdk/v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-metrics-sdk` from 0.12.0 to 0.13.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-metrics-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-metrics-sdk 0.13.1\u003c/h2\u003e\n\u003ch3\u003ev0.13.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the metrics-sdk requires to support \u0026quot;require 'opentelemetry/sdk/metrics'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-metrics-sdk 0.13.0\u003c/h2\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/metrics_sdk/CHANGELOG.md\"\u003eopentelemetry-metrics-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.13.1 / 2026-04-15\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFIXED: Move the metrics-sdk requires to support \u0026quot;require 'opentelemetry/sdk/metrics'\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/65863064ace194de643d55e9dc9ab38207e8170a\"\u003e\u003ccode\u003e6586306\u003c/code\u003e\u003c/a\u003e release: Release 2 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/aaf78f11ee3f63aabfc5826655c5999c66d0fc86\"\u003e\u003ccode\u003eaaf78f1\u003c/code\u003e\u003c/a\u003e chore(readme): clean up and docs for exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/ba74c81d83cdc06a01303040325f5b2982291bc1\"\u003e\u003ccode\u003eba74c81\u003c/code\u003e\u003c/a\u003e fix: Move the logs-sdk and metrics-sdk requires (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/60ffa1ecce42200d0d552d78a9d00a61eb703f29\"\u003e\u003ccode\u003e60ffa1e\u003c/code\u003e\u003c/a\u003e chore(readme): update metrics sdk readme (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2051\"\u003e#2051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-metrics-sdk/v0.12.0...opentelemetry-metrics-sdk/v0.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp` from 0.31.1 to 0.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.33.0\u003c/h2\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.32.0\u003c/h2\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp/v0.31.1...opentelemetry-exporter-otlp/v0.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-metrics` from 0.6.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-metrics's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.8.0\u003c/h2\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.7.0\u003c/h2\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-metrics/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-metrics's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-metrics/v0.6.1...opentelemetry-exporter-otlp-metrics/v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-logs` from 0.2.2 to 0.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-logs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.4.0\u003c/h2\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.3.0\u003c/h2\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-logs/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-logs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/86e979e6c607dab253ca8110566880afd5e192cf\"\u003e\u003ccode\u003e86e979e\u003c/code\u003e\u003c/a\u003e docs: fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-logs/v0.2.2...opentelemetry-exporter-otlp-logs/v0.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-instrumentation-all` from 0.90.1 to 0.92.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases\"\u003eopentelemetry-instrumentation-all's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.92.0\u003c/h2\u003e\n\u003ch2\u003ev0.92.0 / 2026-04-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBREAKING CHANGE: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add release tag into source code url of gem metadata (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/1984\"\u003e#1984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCHANGED: Update transitive dependencies for all instrumentation gems to new versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.91.0\u003c/h2\u003e\n\u003ch3\u003ev0.91.0 / 2026-03-17\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-anthropic to 0.4.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-dalli to 0.29.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-ethon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-excon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-faraday to 0.32.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-grape to 0.6.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-graphql to 0.31.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http_client to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-httpx to 0.7.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-net_http to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-racecar to 0.6.1\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rack to 0.30.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rails to 0.40.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-restclient to 0.27.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-sinatra to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-trilogy to 0.67.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/compare/opentelemetry-instrumentation-all/v0.90.1...opentelemetry-instrumentation-all/v0.92.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openfeature-sdk` from 0.6.4 to 0.6.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/releases\"\u003eopenfeature-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/blob/main/CHANGELOG.md\"\u003eopenfeature-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/fa8026fb4edb1541e3eeb382709da2f389f68e6a\"\u003e\u003ccode\u003efa8026f\u003c/code\u003e\u003c/a\u003e chore(main): release 0.6.5 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/602d9723f56ed04c56834d0e185c4f0ab1c71f38\"\u003e\u003ccode\u003e602d972\u003c/code\u003e\u003c/a\u003e chore(deps): update codecov/codecov-action action to v5.5.3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e\u003ccode\u003e506e999\u003c/code\u003e\u003c/a\u003e feat: add RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/3f339dc391d35e2509b85e40be22a6d5a35b399d\"\u003e\u003ccode\u003e3f339dc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v4.0.2 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/250\"\u003e#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/c9472a40cc09620be9ffed546abbf34967d3207c\"\u003e\u003ccode\u003ec9472a4\u003c/code\u003e\u003c/a\u003e ci: add Claude Code GitHub Action (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/998c06c4220f854d5f5c7b8d1d1f738fde29d359\"\u003e\u003ccode\u003e998c06c\u003c/code\u003e\u003c/a\u003e chore(deps): update marocchino/sticky-pull-request-comment action to v3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a86856b9b5cbd4bb41de4824fe3f6ff00791cfec\"\u003e\u003ccode\u003ea86856b\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v3.4.9 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/cfdf4789d2a2105c7d38f69255d85afe820d0a3f\"\u003e\u003ccode\u003ecfdf478\u003c/code\u003e\u003c/a\u003e chore: remove known providers table from README (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9d5cfa014ed72ad6a33f67ed2a73651acbf58a5\"\u003e\u003ccode\u003ef9d5cfa\u003c/code\u003e\u003c/a\u003e chore: remove Claude plans and prevent future commits (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a10e3baf916331f902b9f525f62797fd0136f9c7\"\u003e\u003ccode\u003ea10e3ba\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rspec to \u0026quot;~\u0026gt; 3.13.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bigdecimal` from 4.0.1 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/releases\"\u003ebigdecimal's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003etest\u003c/code\u003e as the default rake task by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd changelog for 4.1.0. by \u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake BigDecimal object embedded by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/507\"\u003eruby/bigdecimal#507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused minitest from Gemfile by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/510\"\u003eruby/bigdecimal#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiplication with 8-decdig batch by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/501\"\u003eruby/bigdecimal#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease VpMult batch size by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/511\"\u003eruby/bigdecimal#511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to cover change in Bundler by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etiny grammar fix in README.md by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/513\"\u003eruby/bigdecimal#513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workaround for slow BigDecimal#to_f when it has large N_significant_digits by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/514\"\u003eruby/bigdecimal#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to v4.1.1 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/516\"\u003eruby/bigdecimal#516\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove ENABLE_NUMERIC_STRING flag by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/479\"\u003eruby/bigdecimal#479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSample code without deprecated modules by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/480\"\u003eruby/bigdecimal#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of add/sub when exponent of two bigdecimals have huge difference by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/478\"\u003eruby/bigdecimal#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange frozen_string_literal from false to true by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/481\"\u003eruby/bigdecimal#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNTT multiplication and Newton-Raphson division by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/407\"\u003eruby/bigdecimal#407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement BigMath::PI with Gauss-Legendre algorithm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/434\"\u003eruby/bigdecimal#434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove taylor series calculation of exp and sin by bit burst algorithm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/433\"\u003eruby/bigdecimal#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove calculating log(10) in BigMath.log for large/small x by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/484\"\u003eruby/bigdecimal#484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing call-seq by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/485\"\u003eruby/bigdecimal#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSplit internal extra calculation prec and BigDecimal.double_fig usage by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/486\"\u003eruby/bigdecimal#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RBS signature and testing by \u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/488\"\u003eruby/bigdecimal#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing sig file by \u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/492\"\u003eruby/bigdecimal#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify butterfly operation of Number Theoretic Transform by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/496\"\u003eruby/bigdecimal#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAssume always have uint64_t by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/497\"\u003eruby/bigdecimal#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse bit_length to calculate NTT bit size by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/498\"\u003eruby/bigdecimal#498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate depend files, etc by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/499\"\u003eruby/bigdecimal#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix erfc(x,prec) precision when x is huge by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/502\"\u003eruby/bigdecimal#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease BigMath converge test precisions by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/503\"\u003eruby/bigdecimal#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix error compiling with ruby.wasm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/504\"\u003eruby/bigdecimal#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to 4.1.0 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/505\"\u003eruby/bigdecimal#505\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/488\"\u003eruby/bigdecimal#488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/blob/master/CHANGES.md\"\u003ebigdecimal's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMake BigDecimal object embedded \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/507\"\u003eGH-507\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMultiplication with 16-decdig batch \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/501\"\u003eGH-501\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/511\"\u003eGH-511\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Ruby 2.5 support \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/505\"\u003eGH-505\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance improvements: NTT multiplication, Newton-Raphson division, bit-burst algorithm for exp/sin, Gauss-Legendre for PI, improved log, and faster add/sub for large exponent differences \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/407\"\u003eGH-407\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/433\"\u003eGH-433\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/434\"\u003eGH-434\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/478\"\u003eGH-478\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/484\"\u003eGH-484\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove ENABLE_NUMERIC_STRING flag \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/479\"\u003eGH-479\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd RBS signature and testing \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/488\"\u003eGH-488\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/492\"\u003eGH-492\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix erfc(x,prec) precision when x is huge \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/502\"\u003eGH-502\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix error compiling with ruby.wasm \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/504\"\u003eGH-504\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/219cb2e641e3a1242f7fbe43025bf1ea3b2797af\"\u003e\u003ccode\u003e219cb2e\u003c/code\u003e\u003c/a\u003e Bump version to v4.1.1 (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/516\"\u003e#516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/3bf735fbe41fb07832ddf01ff507d92ea1810b05\"\u003e\u003ccode\u003e3bf735f\u003c/code\u003e\u003c/a\u003e Add a workaround for slow BigDecimal#to_f when it has large N_significant_dig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/ae1d238b0d32cd7456a7cf9fc376b8e46a711f40\"\u003e\u003ccode\u003eae1d238\u003c/code\u003e\u003c/a\u003e tiny grammar fix in README.md (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/513\"\u003e#513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/70caa24f43032b8033e5b0678bb40b940b22a4c4\"\u003e\u003ccode\u003e70caa24\u003c/code\u003e\u003c/a\u003e Update to cover change in Bundler (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/512\"\u003e#512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/f0985b36f5b4b7c13605d8eb15fce18b194a61b0\"\u003e\u003ccode\u003ef0985b3\u003c/code\u003e\u003c/a\u003e Increase VpMult batch size (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/511\"\u003e#511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/32fb1de0aca598ce417e5cf751ffa141633c4a8a\"\u003e\u003ccode\u003e32fb1de\u003c/code\u003e\u003c/a\u003e Multiplication with 8-decdig batch (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/1f2894fd94f2811f0ea5038cc0298f041daa049b\"\u003e\u003ccode\u003e1f2894f\u003c/code\u003e\u003c/a\u003e Remove unused minitest from Gemfile (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/510\"\u003e#510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/bf04ad4066381795c7a5f9a761f140c15feaef54\"\u003e\u003ccode\u003ebf04ad4\u003c/code\u003e\u003c/a\u003e Make BigDecimal object embedded (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/507\"\u003e#507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/64834a8e61d01a467a8185c0823c53ffd3e8b238\"\u003e\u003ccode\u003e64834a8\u003c/code\u003e\u003c/a\u003e Add changelog for 4.1.0. (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/db5888a9e003d99bb867ae695a02a81b2204d1f6\"\u003e\u003ccode\u003edb5888a\u003c/code\u003e\u003c/a\u003e Define \u003ccode\u003etest\u003c/code\u003e as the default rake task (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/bigdecimal/compare/v4.0.1...v4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `grpc` from 1.78.1 to 1.80.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/grpc/releases\"\u003egrpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.80.0\u003c/h2\u003e\n\u003cp\u003eThis is release 1.80.0 (\u003ca href=\"https://github.com/grpc/grpc/blob/master/doc/g_stands_for.md\"\u003eglimmering\u003c/a\u003e) of gRPC Core.\u003c/p\u003e\n\u003cp\u003eFor gRPC documentation, see \u003ca href=\"https://grpc.io/\"\u003egrpc.io\u003c/a\u003e. For previous releases, see \u003ca href=\"https://github.com/grpc/grpc/releases\"\u003eReleases\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release contains refinements, improvements, and bug fixes, with highlights listed below.\u003c/p\u003e\n\u003ch2\u003eCore\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ssl] Implement TLS private key signer in Python. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41701\"\u003e#41701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[TLS Credentials]: Private Key Offload Implementation. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41606\"\u003e#41606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix max sockaddr struct size on OpenBSD. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/40454\"\u003e#40454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[core] Enable EventEngine for Python by default, and EventEngine fork support in Python and Ruby. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41432\"\u003e#41432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[TLS Credentials]: Create InMemoryCertificateProvider to update certificates independently. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41484\"\u003e#41484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Ruby] Build/test ruby 4.0 and build native gems with Ruby 4.0 support. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41324\"\u003e#41324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[EventEngine] Remove an incorrect std::move in DNSServiceResolver constructor. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41502\"\u003e#41502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[RR and WRR] enable change to connect from a random index. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41472\"\u003e#41472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[xds] Implement gRFC A101. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41051\"\u003e#41051\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eC++\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[C++] Add SNI override option to C++ channel credentials options API. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41460\"\u003e#41460\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eC#\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[C# tools] Option to append Async to server side method names \u003ca href=\"https://redirect.github.com/google/grpc/issues/39010\"\u003e#39010\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/39797\"\u003e#39797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eObjective-C\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41357\"\u003e#41357\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePHP\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[PHP] Disable php infinite recursion check for callback from Core to PHP. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41835\"\u003e#41835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Fix runtime error with PHp8.5 alpha because zend_exception_get_defaul…. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/40337\"\u003e#40337\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePython\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Python] Fix \u003ccode\u003eGRPC_TRACE\u003c/code\u003e not working when absl log initialized in cython. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41814\"\u003e#41814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;[Python] Align GRPC_ENABLE_FORK_SUPPORT env defaults in core and python (\u003ca href=\"https://redirect.github.com/google/grpc/issues/41455\"\u003e#41455\u003c/a\u003e)\u0026quot;. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41769\"\u003e#41769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Fix AsyncIO Server maximum_concurrent_rpcs enforcement preventing negative active_rpcs count. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41532\"\u003e#41532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Docs: correct \u003ccode\u003egrpc.Compression\u003c/code\u003e references. (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/41705\"\u003e#41705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] [Typeguard] Part 4 - Add Typeguard to AIO stack in tests . (\u003ca href=\"https://redirect.github.com/grpc/grpc/pull/40226\"\u003e#40226\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc/commit/f5e2d6e856176c2f6b7691032adfefe21e5f64c1\"\u003e\u003ccode\u003ef5e2d6e\u003c/code\u003e\u003c/a\u003e [Release] Bump version to 1.80.0 (on v1.80.x branch) (\u003ca href=\"https://redirect.github.com/google/grpc/issues/41857\"\u003e#41857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc/commit/938cfecaebfc28b5e6bcdb95d55aba3962d9b55b\"\u003e\u003ccode\u003e938cfec\u003c/code\u003e\u003c/a\u003e [subchannel connection scaling] fix when we reset backoff (\u003ca href=\"https://redirect.github.com/google/grpc/issues/41935\"\u003e#41935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc/commit/91778bec667d7310864420f2b32aeb2e41e1b51c\"\u003e\u003ccode\u003e91778be\u003c/code\u003e\u003c/a\u003e [Backport][v1.80.x][Python] New \u003ccode\u003e_create\u003c/code\u003e method for aio.Metadata (\u003ca href=\"https://redirect.github.com/google/grpc/issues/41888\"\u003e#41888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc/commit/be4c1c55b69493868241bfffd4bc318d3d592656\"\u003e\u003ccode\u003ebe4c1c5\u003c/code\u003e\u003c/a\u003e [subchannel] fix crash in connection scaling...\n\n_Description has been truncated_","html_url":"https://github.com/GuanceDemo/OpenTelemetry_Demo/pull/72","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GuanceDemo%2FOpenTelemetry_Demo/issues/72","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/72/packages"}},{"old_version":"3.2.5","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-04-15T04:47:17.000Z","version_change":"3.2.5 → 3.2.6","issue":{"uuid":"4266310457","node_id":"PR_kwDORfOU_c7ShA9M","number":123,"state":"closed","title":"Bump the bundler-production-dependencies group across 1 directory with 71 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-24T04:42:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-15T04:47:17.000Z","updated_at":"2026-04-24T04:42:09.000Z","time_to_close":777290,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler-production-dependencies","update_count":71,"packages":[{"name":"puma","old_version":"7.2.0","new_version":"8.0.0","repository_url":"https://github.com/puma/puma"},{"name":"google-protobuf","old_version":"4.34.0","new_version":"4.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"opentelemetry-sdk","old_version":"1.10.0","new_version":"1.11.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-common","old_version":"0.23.0","new_version":"0.24.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-logs-sdk","old_version":"0.4.0","new_version":"0.5.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-metrics-sdk","old_version":"0.12.0","new_version":"0.13.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp","old_version":"0.31.1","new_version":"0.33.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-metrics","old_version":"0.6.1","new_version":"0.8.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-exporter-otlp-logs","old_version":"0.2.2","new_version":"0.4.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby"},{"name":"opentelemetry-instrumentation-all","old_version":"0.90.1","new_version":"0.92.0","repository_url":"https://github.com/open-telemetry/opentelemetry-ruby-contrib"},{"name":"openfeature-sdk","old_version":"0.5.0","new_version":"0.6.5","repository_url":"https://github.com/open-feature/ruby-sdk"},{"name":"grpc","old_version":"1.78.1","new_version":"1.80.0","repository_url":"https://github.com/google/grpc"},{"name":"mustermann","old_version":"3.0.4","new_version":"3.1.0","repository_url":"https://github.com/sinatra/mustermann"},{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"},{"name":"timeout","old_version":"0.6.0","new_version":"0.6.1","repository_url":"https://github.com/ruby/timeout"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler-production-dependencies group with 16 updates in the /src/email directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [puma](https://github.com/puma/puma) | `7.2.0` | `8.0.0` |\n| [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.34.0` | `4.34.1` |\n| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `1.10.0` | `1.11.0` |\n| [opentelemetry-common](https://github.com/open-telemetry/opentelemetry-ruby) | `0.23.0` | `0.24.0` |\n| [opentelemetry-logs-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.4.0` | `0.5.0` |\n| [opentelemetry-metrics-sdk](https://github.com/open-telemetry/opentelemetry-ruby) | `0.12.0` | `0.13.0` |\n| [opentelemetry-exporter-otlp](https://github.com/open-telemetry/opentelemetry-ruby) | `0.31.1` | `0.33.0` |\n| [opentelemetry-exporter-otlp-metrics](https://github.com/open-telemetry/opentelemetry-ruby) | `0.6.1` | `0.8.0` |\n| [opentelemetry-exporter-otlp-logs](https://github.com/open-telemetry/opentelemetry-ruby) | `0.2.2` | `0.4.0` |\n| [opentelemetry-instrumentation-all](https://github.com/open-telemetry/opentelemetry-ruby-contrib) | `0.90.1` | `0.92.0` |\n| [openfeature-sdk](https://github.com/open-feature/ruby-sdk) | `0.5.0` | `0.6.5` |\n| [grpc](https://github.com/google/grpc) | `1.78.1` | `1.80.0` |\n| [mustermann](https://github.com/sinatra/mustermann) | `3.0.4` | `3.1.0` |\n| [rack](https://github.com/rack/rack) | `3.2.5` | `3.2.6` |\n| [rack-session](https://github.com/rack/rack-session) | `2.1.1` | `2.1.2` |\n| [timeout](https://github.com/ruby/timeout) | `0.6.0` | `0.6.1` |\n\n\nUpdates `puma` from 7.2.0 to 8.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/releases\"\u003epuma's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.0 - Into the Arena\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eRead our \u003ca href=\"https://github.com/puma/puma/blob/main/docs/8.0-Upgrade.md\"\u003eVersion 8 Upgrade Guide.\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puma/puma/blob/main/History.md\"\u003epuma's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.0 / 2026-03-27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eenv[\u0026quot;puma.mark_as_io_bound\u0026quot;]\u003c/code\u003e API and \u003ccode\u003emax_io_threads\u003c/code\u003e config to allow IO-bound requests to exceed the thread pool max, enabling better handling of mixed workloads (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3816\"\u003e#3816\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/puma/puma/issues/3894\"\u003e#3894\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esingle\u003c/code\u003e and \u003ccode\u003ecluster\u003c/code\u003e DSL hooks for mode-specific configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eon_force\u003c/code\u003e option to \u003ccode\u003eshutdown_debug\u003c/code\u003e to only dump thread backtraces on forced (non-graceful) shutdown (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3671\"\u003e#3671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd API to dynamically update min and max thread counts at runtime via \u003ccode\u003eupdate_thread_pool_min_max\u003c/code\u003e and \u003ccode\u003eServerPluginControl\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3658\"\u003e#3658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse SIGPWR for thread backtrace dumps on Linux/JRuby where SIGINFO is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3829\"\u003e#3829\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBugfixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix phased restart for \u003ccode\u003efork_worker\u003c/code\u003e to avoid forking from stale worker 0 when it has been replaced (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3853\"\u003e#3853\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJRuby HTTP parser improvements: pre-allocated header keys, perfect hash lookup, reduced memory copies (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3838\"\u003e#3838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCache downcased header key in \u003ccode\u003estr_headers\u003c/code\u003e to avoid redundant \u003ccode\u003eString#downcase\u003c/code\u003e calls, reducing allocations by ~50% per response (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3874\"\u003e#3874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCollect \u003ccode\u003eenv\u003c/code\u003e processing into dedicated \u003ccode\u003eclient_env.rb\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMove event to default configuration (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3872\"\u003e#3872\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd gRPC guide for configuring gRPC lifecycle hooks in clustered mode (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3885\"\u003e#3885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd 7.0 upgrade guide, move 5.0/6.0 upgrade guides to docs directory (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3900\"\u003e#3900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect default values for \u003ccode\u003epersistent_timeout\u003c/code\u003e and \u003ccode\u003eworker_boot_timeout\u003c/code\u003e in DSL docs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd file descriptor limit warning in test helper for contributors (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3893\"\u003e#3893\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDefault production bind address changed from \u003ccode\u003e0.0.0.0\u003c/code\u003e to \u003ccode\u003e::\u003c/code\u003e (IPv6) when a non-loopback IPv6 interface is available; falls back to \u003ccode\u003e0.0.0.0\u003c/code\u003e if IPv6 is unavailable (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3847\"\u003e#3847\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/08f63d495955eaee065d0ee18849f4ddcd52fe72\"\u003e\u003ccode\u003e08f63d4\u003c/code\u003e\u003c/a\u003e Release v8.0.0 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3914\"\u003e#3914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7406cc192480ce9d01c9a47e6f41fcb1548217a6\"\u003e\u003ccode\u003e7406cc1\u003c/code\u003e\u003c/a\u003e Fix IPv4-mapped IPv6 addresses in \u003ccode\u003eREMOTE_ADDR\u003c/code\u003e and request logs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3916\"\u003e#3916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/e090243320eb743a6c03f77f4ffa9e1a24c677b1\"\u003e\u003ccode\u003ee090243\u003c/code\u003e\u003c/a\u003e Build(deps): Bump actions/checkout from 4 to 6 (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3915\"\u003e#3915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/7d5dca1a561a95c2a6b8742b52c81c73cd2b95ca\"\u003e\u003ccode\u003e7d5dca1\u003c/code\u003e\u003c/a\u003e Update SECURITY.md, native Github vuln reports [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3913\"\u003e#3913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/66e6a32de52d9beed43e1c598bda360f906ccbef\"\u003e\u003ccode\u003e66e6a32\u003c/code\u003e\u003c/a\u003e Minor correction to defaults documented in dsl.rb (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3912\"\u003e#3912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/3788eca453a64ffb05a67115d3e2a276bbaf21a3\"\u003e\u003ccode\u003e3788eca\u003c/code\u003e\u003c/a\u003e ci: limit rack-conform to main pushes and scope ragel PR runs (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3908\"\u003e#3908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/57b7799201adf43cdf508f90c57b95e23f49bbcd\"\u003e\u003ccode\u003e57b7799\u003c/code\u003e\u003c/a\u003e ci: run turbo-rails only on latest stable Ruby and Rails (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3909\"\u003e#3909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/6685d6b8024c5480774b790808e4f0343e414fa5\"\u003e\u003ccode\u003e6685d6b\u003c/code\u003e\u003c/a\u003e ci: replace skip-duplicate jobs with concurrency and trigger filters (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3907\"\u003e#3907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/2848c823dfc9838033d6ce342fee917e81aeedc1\"\u003e\u003ccode\u003e2848c82\u003c/code\u003e\u003c/a\u003e ci: run push workflows only on main and release branches (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3906\"\u003e#3906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puma/puma/commit/97a37bb7c6a457f8846eb3ce307daadd4b38b4f8\"\u003e\u003ccode\u003e97a37bb\u003c/code\u003e\u003c/a\u003e Add release pre-merge checks and align Release.md [ci skip] (\u003ca href=\"https://redirect.github.com/puma/puma/issues/3904\"\u003e#3904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/puma/puma/compare/v7.2.0...v8.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-protobuf` from 4.34.0 to 4.34.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-sdk` from 1.10.0 to 1.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-sdk 1.11.0\u003c/h2\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/sdk/CHANGELOG.md\"\u003eopentelemetry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev1.11.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/1933d4c18e5f5e45c53fa9e902e58aa91e85cc38\"\u003e\u003ccode\u003e1933d4c\u003c/code\u003e\u003c/a\u003e chore: add explicit logger dependency to api and sdk gems (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1951\"\u003e#1951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-sdk/v1.10.0...opentelemetry-sdk/v1.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-common` from 0.23.0 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-common 0.24.0\u003c/h2\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/common/CHANGELOG.md\"\u003eopentelemetry-common's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.24.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-common/v0.23.0...opentelemetry-common/v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-logs-sdk` from 0.4.0 to 0.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-logs-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-logs-sdk 0.5.0\u003c/h2\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/logs_sdk/CHANGELOG.md\"\u003eopentelemetry-logs-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.5.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/c3cf68e8ac491457591c52ed69fedc3fe9190616\"\u003e\u003ccode\u003ec3cf68e\u003c/code\u003e\u003c/a\u003e chore: Skip flaky test on CI (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/184eae3e391dc9f000e958fb96d365a90cb39f93\"\u003e\u003ccode\u003e184eae3\u003c/code\u003e\u003c/a\u003e chore: Remove Explicit Bundler Dependency (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-logs-sdk/v0.4.0...opentelemetry-logs-sdk/v0.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-metrics-sdk` from 0.12.0 to 0.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-metrics-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-metrics-sdk 0.13.0\u003c/h2\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/metrics_sdk/CHANGELOG.md\"\u003eopentelemetry-metrics-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.13.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/60ffa1ecce42200d0d552d78a9d00a61eb703f29\"\u003e\u003ccode\u003e60ffa1e\u003c/code\u003e\u003c/a\u003e chore(readme): update metrics sdk readme (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2051\"\u003e#2051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-metrics-sdk/v0.12.0...opentelemetry-metrics-sdk/v0.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp` from 0.31.1 to 0.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.33.0\u003c/h2\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp 0.32.0\u003c/h2\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.33.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.32.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/4c1649b647ed37b216e264a648187815cc7736f8\"\u003e\u003ccode\u003e4c1649b\u003c/code\u003e\u003c/a\u003e chore: Replace codespell with cspell to mirror contrib (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2009\"\u003e#2009\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp/v0.31.1...opentelemetry-exporter-otlp/v0.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-metrics` from 0.6.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-metrics's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.8.0\u003c/h2\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-metrics 0.7.0\u003c/h2\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-metrics/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-metrics's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.8.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.7.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f81fbeeae1d18c06d1662bbb1c4162ad8e2b8e20\"\u003e\u003ccode\u003ef81fbee\u003c/code\u003e\u003c/a\u003e feat: add basic support for metrics exemplar (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1609\"\u003e#1609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-metrics/v0.6.1...opentelemetry-exporter-otlp-metrics/v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-exporter-otlp-logs` from 0.2.2 to 0.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/releases\"\u003eopentelemetry-exporter-otlp-logs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.4.0\u003c/h2\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-exporter-otlp-logs 0.3.0\u003c/h2\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/blob/main/exporter/otlp-logs/CHANGELOG.md\"\u003eopentelemetry-exporter-otlp-logs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003ev0.4.0 / 2026-04-07\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFIXED: Issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDOCS: Fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ev0.3.0 / 2026-03-10\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/0b94ef6086facf3c7ad584485bb3825b0ab90e39\"\u003e\u003ccode\u003e0b94ef6\u003c/code\u003e\u003c/a\u003e release: Release 17 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/51cf44d87b68b704d545ee4ed562bd018a78230a\"\u003e\u003ccode\u003e51cf44d\u003c/code\u003e\u003c/a\u003e fix: issue with sending traces to IPv6 endpoints (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e86d81aea0e6e7c9463cf993add66dcd8ee604e6\"\u003e\u003ccode\u003ee86d81a\u003c/code\u003e\u003c/a\u003e feat: Handle HTTP 2XX responses as successful in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/56c223aa56b2391d4aa1fba1ebb07150e13b60f2\"\u003e\u003ccode\u003e56c223a\u003c/code\u003e\u003c/a\u003e feat!: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/86e979e6c607dab253ca8110566880afd5e192cf\"\u003e\u003ccode\u003e86e979e\u003c/code\u003e\u003c/a\u003e docs: fix exporter-otlp-logs gemspec metadata links (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/e82dc1ec7af056ea645eb602fdcd08a4facd20c4\"\u003e\u003ccode\u003ee82dc1e\u003c/code\u003e\u003c/a\u003e chore: Remove faraday from dev dependencies (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2052\"\u003e#2052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/567c13fb187b59ad26035df4b8a4df21a91fff53\"\u003e\u003ccode\u003e567c13f\u003c/code\u003e\u003c/a\u003e release: Release 5 items (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/f41c77dabadd8694738026eda83dc401f9ff1c57\"\u003e\u003ccode\u003ef41c77d\u003c/code\u003e\u003c/a\u003e feat: replace cgi with uri for encode and decode (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/d4024453b7ed8e2088174470d8c799b95bf94401\"\u003e\u003ccode\u003ed402445\u003c/code\u003e\u003c/a\u003e test: remove ostruct dependency by updating rake to 13 for ruby 4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/commit/740a5ff2b6793ddfa58d858136c03fc97c164b3d\"\u003e\u003ccode\u003e740a5ff\u003c/code\u003e\u003c/a\u003e chore: update for rubocop 1.84.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby/compare/opentelemetry-exporter-otlp-logs/v0.2.2...opentelemetry-exporter-otlp-logs/v0.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `opentelemetry-instrumentation-all` from 0.90.1 to 0.92.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/releases\"\u003eopentelemetry-instrumentation-all's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.92.0\u003c/h2\u003e\n\u003ch2\u003ev0.92.0 / 2026-04-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBREAKING CHANGE: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Min Ruby Version 3.3 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eADDED: Add release tag into source code url of gem metadata (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-ruby-contrib/issues/1984\"\u003e#1984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCHANGED: Update transitive dependencies for all instrumentation gems to new versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eopentelemetry-instrumentation-all 0.91.0\u003c/h2\u003e\n\u003ch3\u003ev0.91.0 / 2026-03-17\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-anthropic to 0.4.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-dalli to 0.29.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-ethon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-excon to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-faraday to 0.32.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-grape to 0.6.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-graphql to 0.31.2\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-http_client to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-httpx to 0.7.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-net_http to 0.28.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-racecar to 0.6.1\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rack to 0.30.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-rails to 0.40.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-restclient to 0.27.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-sinatra to 0.29.0\u003c/li\u003e\n\u003cli\u003eADDED: Upgrade opentelemetry-instrumentation-trilogy to 0.67.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-ruby-contrib/compare/opentelemetry-instrumentation-all/v0.90.1...opentelemetry-instrumentation-all/v0.92.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openfeature-sdk` from 0.5.0 to 0.6.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/releases\"\u003eopenfeature-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.3...v0.6.4\"\u003e0.6.4\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd OTel-compatible telemetry utility (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/240\"\u003e#240\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a03e524681a38c8762257049fae360fa15fcfba3\"\u003ea03e524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.2...v0.6.3\"\u003e0.6.3\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose spec compliance gaps for OpenFeature v0.8.0 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/237\"\u003e#237\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/9a87d04d5f261ea06e073f405c15613db7099d8a\"\u003e9a87d04\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eenable Gherkin feature tests (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/50\"\u003e#50\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/233\"\u003e#233\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/95845ba6ec26357d9c0895d310361e411f85da11\"\u003e95845ba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose remaining MUST-level spec compliance gaps (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/238\"\u003e#238\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/1d084911964c8672dd66b23834eec6f14e453749\"\u003e1d08491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.1...v0.6.2\"\u003e0.6.2\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd logging hook (spec Appendix A) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/229\"\u003e#229\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/2f681c910198d2bfa16389018f42ca9dc3270936\"\u003e2f681c9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd transaction context propagation (spec 3.3) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/230\"\u003e#230\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0aff30f77a0b680341cfd3d1f43e9d1f0ede1b75\"\u003e0aff30f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.0...v0.6.1\"\u003e0.6.1\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd flag metadata defaulting and immutability (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/221\"\u003e#221\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a300fc559293169f22eb1ce26f738cdee664cd26\"\u003ea300fc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd hook data per-hook mutable state (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/222\"\u003e#222\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/28518a0e08143d167b9d34c86e57a583fe5ee0de\"\u003e28518a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd InMemoryProvider context callbacks and event emission (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/224\"\u003e#224\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0a148f66abc815fc2ec9fd70027075125dbd504a\"\u003e0a148f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd shutdown API, provider status, and status short-circuit (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/223\"\u003e#223\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9c32ad1b467af25697423a542bc568597f39743\"\u003ef9c32ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement Tracking API (spec section 6) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/227\"\u003e#227\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/5576fce1c3bcf6e7510d8957c7e40e85c4b83b6f\"\u003e5576fce\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-feature/ruby-sdk/blob/main/CHANGELOG.md\"\u003eopenfeature-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.4...v0.6.5\"\u003e0.6.5\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e506e999\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.3...v0.6.4\"\u003e0.6.4\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd OTel-compatible telemetry utility (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/240\"\u003e#240\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a03e524681a38c8762257049fae360fa15fcfba3\"\u003ea03e524\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.2...v0.6.3\"\u003e0.6.3\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose spec compliance gaps for OpenFeature v0.8.0 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/237\"\u003e#237\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/9a87d04d5f261ea06e073f405c15613db7099d8a\"\u003e9a87d04\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eenable Gherkin feature tests (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/50\"\u003e#50\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/233\"\u003e#233\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/95845ba6ec26357d9c0895d310361e411f85da11\"\u003e95845ba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclose remaining MUST-level spec compliance gaps (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/238\"\u003e#238\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/1d084911964c8672dd66b23834eec6f14e453749\"\u003e1d08491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.1...v0.6.2\"\u003e0.6.2\u003c/a\u003e (2026-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd logging hook (spec Appendix A) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/229\"\u003e#229\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/2f681c910198d2bfa16389018f42ca9dc3270936\"\u003e2f681c9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd transaction context propagation (spec 3.3) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/230\"\u003e#230\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0aff30f77a0b680341cfd3d1f43e9d1f0ede1b75\"\u003e0aff30f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.6.0...v0.6.1\"\u003e0.6.1\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd flag metadata defaulting and immutability (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/221\"\u003e#221\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a300fc559293169f22eb1ce26f738cdee664cd26\"\u003ea300fc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd hook data per-hook mutable state (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/222\"\u003e#222\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/28518a0e08143d167b9d34c86e57a583fe5ee0de\"\u003e28518a0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd InMemoryProvider context callbacks and event emission (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/224\"\u003e#224\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/0a148f66abc815fc2ec9fd70027075125dbd504a\"\u003e0a148f6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd shutdown API, provider status, and status short-circuit (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/223\"\u003e#223\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9c32ad1b467af25697423a542bc568597f39743\"\u003ef9c32ad\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement Tracking API (spec section 6) (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/227\"\u003e#227\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/5576fce1c3bcf6e7510d8957c7e40e85c4b83b6f\"\u003e5576fce\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epopulate event details payload with error_code and message (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/225\"\u003e#225\u003c/a\u003e) (\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a185003dc09a69b2dda1fe569d1f82c45979cdad\"\u003ea185003\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.5.1...v0.6.0\"\u003e0.6.0\u003c/a\u003e (2026-03-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/fa8026fb4edb1541e3eeb382709da2f389f68e6a\"\u003e\u003ccode\u003efa8026f\u003c/code\u003e\u003c/a\u003e chore(main): release 0.6.5 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/602d9723f56ed04c56834d0e185c4f0ab1c71f38\"\u003e\u003ccode\u003e602d972\u003c/code\u003e\u003c/a\u003e chore(deps): update codecov/codecov-action action to v5.5.3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/253\"\u003e#253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/506e9992e6c8b7222b2ae2eb3b1c2fb3d5d148a6\"\u003e\u003ccode\u003e506e999\u003c/code\u003e\u003c/a\u003e feat: add RBS type signatures with Steep type checking (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/3f339dc391d35e2509b85e40be22a6d5a35b399d\"\u003e\u003ccode\u003e3f339dc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v4.0.2 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/250\"\u003e#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/c9472a40cc09620be9ffed546abbf34967d3207c\"\u003e\u003ccode\u003ec9472a4\u003c/code\u003e\u003c/a\u003e ci: add Claude Code GitHub Action (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/998c06c4220f854d5f5c7b8d1d1f738fde29d359\"\u003e\u003ccode\u003e998c06c\u003c/code\u003e\u003c/a\u003e chore(deps): update marocchino/sticky-pull-request-comment action to v3 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a86856b9b5cbd4bb41de4824fe3f6ff00791cfec\"\u003e\u003ccode\u003ea86856b\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency ruby to v3.4.9 (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/cfdf4789d2a2105c7d38f69255d85afe820d0a3f\"\u003e\u003ccode\u003ecfdf478\u003c/code\u003e\u003c/a\u003e chore: remove known providers table from README (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/f9d5cfa014ed72ad6a33f67ed2a73651acbf58a5\"\u003e\u003ccode\u003ef9d5cfa\u003c/code\u003e\u003c/a\u003e chore: remove Claude plans and prevent future commits (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-feature/ruby-sdk/commit/a10e3baf916331f902b9f525f62797fd0136f9c7\"\u003e\u003ccode\u003ea10e3ba\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency rspec to \u0026quot;~\u0026gt; 3.13.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-feature/ruby-sdk/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-feature/ruby-sdk/compare/v0.5.0...v0.6.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bigdecimal` from 4.0.1 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/releases\"\u003ebigdecimal's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003etest\u003c/code\u003e as the default rake task by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd changelog for 4.1.0. by \u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake BigDecimal object embedded by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/507\"\u003eruby/bigdecimal#507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused minitest from Gemfile by \u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/510\"\u003eruby/bigdecimal#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiplication with 8-decdig batch by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/501\"\u003eruby/bigdecimal#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease VpMult batch size by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/511\"\u003eruby/bigdecimal#511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to cover change in Bundler by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etiny grammar fix in README.md by \u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/513\"\u003eruby/bigdecimal#513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workaround for slow BigDecimal#to_f when it has large N_significant_digits by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/514\"\u003eruby/bigdecimal#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to v4.1.1 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/516\"\u003eruby/bigdecimal#516\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/509\"\u003eruby/bigdecimal#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/simi\"\u003e\u003ccode\u003e@​simi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/508\"\u003eruby/bigdecimal#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brandonzylstra\"\u003e\u003ccode\u003e@​brandonzylstra\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/512\"\u003eruby/bigdecimal#512\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/ruby/bigdecimal/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove ENABLE_NUMERIC_STRING flag by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/479\"\u003eruby/bigdecimal#479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSample code without deprecated modules by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/480\"\u003eruby/bigdecimal#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of add/sub when exponent of two bigdecimals have huge difference by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/478\"\u003eruby/bigdecimal#478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange frozen_string_literal from false to true by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/481\"\u003eruby/bigdecimal#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNTT multiplication and Newton-Raphson division by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/407\"\u003eruby/bigdecimal#407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement BigMath::PI with Gauss-Legendre algorithm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/434\"\u003eruby/bigdecimal#434\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove taylor series calculation of exp and sin by bit burst algorithm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/433\"\u003eruby/bigdecimal#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove calculating log(10) in BigMath.log for large/small x by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/484\"\u003eruby/bigdecimal#484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing call-seq by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/485\"\u003eruby/bigdecimal#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSplit internal extra calculation prec and BigDecimal.double_fig usage by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/486\"\u003eruby/bigdecimal#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RBS signature and testing by \u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/488\"\u003eruby/bigdecimal#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing sig file by \u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/492\"\u003eruby/bigdecimal#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify butterfly operation of Number Theoretic Transform by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/496\"\u003eruby/bigdecimal#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAssume always have uint64_t by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/497\"\u003eruby/bigdecimal#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse bit_length to calculate NTT bit size by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/498\"\u003eruby/bigdecimal#498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate depend files, etc by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/499\"\u003eruby/bigdecimal#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix erfc(x,prec) precision when x is huge by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/502\"\u003eruby/bigdecimal#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease BigMath converge test precisions by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/503\"\u003eruby/bigdecimal#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix error compiling with ruby.wasm by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/504\"\u003eruby/bigdecimal#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump version to 4.1.0 by \u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/505\"\u003eruby/bigdecimal#505\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/pull/488\"\u003eruby/bigdecimal#488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/bigdecimal/blob/master/CHANGES.md\"\u003ebigdecimal's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMake BigDecimal object embedded \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/507\"\u003eGH-507\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMultiplication with 16-decdig batch \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/501\"\u003eGH-501\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/511\"\u003eGH-511\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Ruby 2.5 support \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/505\"\u003eGH-505\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance improvements: NTT multiplication, Newton-Raphson division, bit-burst algorithm for exp/sin, Gauss-Legendre for PI, improved log, and faster add/sub for large exponent differences \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/407\"\u003eGH-407\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/433\"\u003eGH-433\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/434\"\u003eGH-434\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/478\"\u003eGH-478\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/484\"\u003eGH-484\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove ENABLE_NUMERIC_STRING flag \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/479\"\u003eGH-479\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd RBS signature and testing \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/488\"\u003eGH-488\u003c/a\u003e \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/492\"\u003eGH-492\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ksss\"\u003e\u003ccode\u003e@​ksss\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix erfc(x,prec) precision when x is huge \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/502\"\u003eGH-502\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix error compiling with ruby.wasm \u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/504\"\u003eGH-504\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tompng\"\u003e\u003ccode\u003e@​tompng\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/219cb2e641e3a1242f7fbe43025bf1ea3b2797af\"\u003e\u003ccode\u003e219cb2e\u003c/code\u003e\u003c/a\u003e Bump version to v4.1.1 (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/516\"\u003e#516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/3bf735fbe41fb07832ddf01ff507d92ea1810b05\"\u003e\u003ccode\u003e3bf735f\u003c/code\u003e\u003c/a\u003e Add a workaround for slow BigDecimal#to_f when it has large N_significant_dig...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/ae1d238b0d32cd7456a7cf9fc376b8e46a711f40\"\u003e\u003ccode\u003eae1d238\u003c/code\u003e\u003c/a\u003e tiny grammar fix in README.md (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/513\"\u003e#513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/70caa24f43032b8033e5b0678bb40b940b22a4c4\"\u003e\u003ccode\u003e70caa24\u003c/code\u003e\u003c/a\u003e Update to cover change in Bundler (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/512\"\u003e#512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/f0985b36f5b4b7c13605d8eb15fce18b194a61b0\"\u003e\u003ccode\u003ef0985b3\u003c/code\u003e\u003c/a\u003e Increase VpMult batch size (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/511\"\u003e#511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/32fb1de0aca598ce417e5cf751ffa141633c4a8a\"\u003e\u003ccode\u003e32fb1de\u003c/code\u003e\u003c/a\u003e Multiplication with 8-decdig batch (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/1f2894fd94f2811f0ea5038cc0298f041daa049b\"\u003e\u003ccode\u003e1f2894f\u003c/code\u003e\u003c/a\u003e Remove unused minitest from Gemfile (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/510\"\u003e#510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/bf04ad4066381795c7a5f9a761f140c15feaef54\"\u003e\u003ccode\u003ebf04ad4\u003c/code\u003e\u003c/a\u003e Make BigDecimal object embedded (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/507\"\u003e#507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/64834a8e61d01a467a8185c0823c53ffd3e8b238\"\u003e\u003ccode\u003e64834a8\u003c/code\u003e\u003c/a\u003e Add changelog for 4.1.0. (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/508\"\u003e#508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/bigdecimal/commit/db5888a9e003d99bb867ae695a02a81b2204d1f6\"\u003e\u003ccode\u003edb5888a\u003c/code\u003e\u003c/a\u003e Define \u003ccode\u003etest\u003c/code\u003e as the default rake task (\u003ca href=\"https://redirect.github.com/ruby/bigdecimal/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/big...\n\n_Description has been truncated_","html_url":"https://github.com/jlawton-cribl/opentelemetry-demo/pull/123","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jlawton-cribl%2Fopentelemetry-demo/issues/123","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/123/packages"}},{"old_version":"3.2.4","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-04-13T08:54:37.000Z","version_change":"3.2.4 → 3.2.6","issue":{"uuid":"4252889798","node_id":"PR_kwDOMdbgsM7R66JS","number":224,"state":"closed","title":"build(deps): bump rack from 3.2.4 to 3.2.6","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-13T12:26:44.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-13T08:54:37.000Z","updated_at":"2026-04-13T12:26:45.000Z","time_to_close":12727,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"rack","old_version":"3.2.4","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [rack](https://github.com/rack/rack) from 3.2.4 to 3.2.6.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.5] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.4...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack\u0026package-manager=bundler\u0026previous-version=3.2.4\u0026new-version=3.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alphagov/govuk_web_banners/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/alphagov/govuk_web_banners/pull/224","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphagov%2Fgovuk_web_banners/issues/224","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/224/packages"}},{"old_version":"3.2.5","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-04-08T09:00:27.000Z","version_change":"3.2.5 → 3.2.6","issue":{"uuid":"4223337413","node_id":"PR_kwDOBNWBj87Qv_KW","number":675,"state":"open","title":"Bump rack from 3.2.5 to 3.2.6","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-08T09:00:27.000Z","updated_at":"2026-04-15T09:10:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [rack](https://github.com/rack/rack) from 3.2.5 to 3.2.6.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/quintel/etlocal/pull/675","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/quintel%2Fetlocal/issues/675","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/675/packages"}},{"old_version":"3.0.16","new_version":"3.1.21","update_type":"minor","path":null,"pr_created_at":"2026-04-08T08:44:14.000Z","version_change":"3.0.16 → 3.1.21","issue":{"uuid":"4223253824","node_id":"PR_kwDOPJd-3c7Qvt_2","number":4,"state":"closed","title":"Bump the bundler group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T15:00:01.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T08:44:14.000Z","updated_at":"2026-05-18T15:00:04.000Z","time_to_close":3478547,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":6,"packages":[{"name":"faraday","old_version":"2.12.1","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"ruby-lsp","old_version":"0.19.1","new_version":"0.26.9","repository_url":"https://github.com/Shopify/ruby-lsp"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rack","old_version":"3.0.16","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.3","new_version":"1.1.1","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [faraday](https://github.com/lostisland/faraday), [ruby-lsp](https://github.com/Shopify/ruby-lsp), [addressable](https://github.com/sporkmonger/addressable), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml) and [uri](https://github.com/ruby/uri) to permit the latest version.\nUpdates `faraday` from 2.12.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruby-lsp` from 0.19.1 to 0.26.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Shopify/ruby-lsp/releases\"\u003eruby-lsp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev0.26.9\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent workspace_dependencies failing if directory gets removed during execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3980\"\u003eShopify/ruby-lsp#3980\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix semantic token \u003ccode\u003edefaultLibrary\u003c/code\u003e modifier casing (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4005\"\u003eShopify/ruby-lsp#4005\u003c/a\u003e) by \u003ca href=\"https://github.com/a-lavis\"\u003e\u003ccode\u003e@​a-lavis\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix document links for source comments above sig blocks (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4018\"\u003eShopify/ruby-lsp#4018\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.8\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix send_log_message ignoring type parameter (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3969\"\u003eShopify/ruby-lsp#3969\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly reset state after leaving a regex capture (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3970\"\u003eShopify/ruby-lsp#3970\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClean up cancelled requests after processing them (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3971\"\u003eShopify/ruby-lsp#3971\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply lower bound \u003ccode\u003eruby-lsp\u003c/code\u003e version constraint in composed bundle (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3985\"\u003eShopify/ruby-lsp#3985\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure the original CLI arguments are used when updating (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3986\"\u003eShopify/ruby-lsp#3986\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure bundle is re-composed when CLI arguments change (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3987\"\u003eShopify/ruby-lsp#3987\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eStart accepting --beta flag to install beta server version (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3976\"\u003eShopify/ruby-lsp#3976\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.7\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip disable line action for self-resolving cops (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3945\"\u003eShopify/ruby-lsp#3945\u003c/a\u003e) by \u003ca href=\"https://github.com/sucicfilip\"\u003e\u003ccode\u003e@​sucicfilip\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix test runner silent failure on dual-stack IPv4/IPv6 systems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3953\"\u003eShopify/ruby-lsp#3953\u003c/a\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Bundler::GemNotFound error introduced in 0.26.5 (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3961\"\u003eShopify/ruby-lsp#3961\u003c/a\u003e) by \u003ca href=\"https://github.com/jesse-shopify\"\u003e\u003ccode\u003e@​jesse-shopify\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix incompatible addon version activation when Bundler.setup fails after retry (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3963\"\u003eShopify/ruby-lsp#3963\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid failing if \u003ccode\u003eneeds_update\u003c/code\u003e file is deleted by concurrent process (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3964\"\u003eShopify/ruby-lsp#3964\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport IPv4 and IPv6 for LSP reporter connection (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3965\"\u003eShopify/ruby-lsp#3965\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDecouple test reporter IO from test execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3962\"\u003eShopify/ruby-lsp#3962\u003c/a\u003e) by \u003ca href=\"https://github.com/alexcrocha\"\u003e\u003ccode\u003e@​alexcrocha\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.6\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop when collecting transitive excluded gems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3913\"\u003eShopify/ruby-lsp#3913\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't include test files in the gem package (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3916\"\u003eShopify/ruby-lsp#3916\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd rbs to composed bundle update commands (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3938\"\u003eShopify/ruby-lsp#3938\u003c/a\u003e) by \u003ca href=\"https://github.com/modille\"\u003e\u003ccode\u003e@​modille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtract GEMS_TO_UPDATE constant and fix missing prism in command path (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3939\"\u003eShopify/ruby-lsp#3939\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[DOC] Add security documentation (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3928\"\u003eShopify/ruby-lsp#3928\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.5\u003c/h1\u003e\n\u003ch2\u003e✨ Enhancements\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/29ecc8d29dde87e6157a75bc2f0a3eb62db02ea3\"\u003e\u003ccode\u003e29ecc8d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/f6d9ee44200cb2c0bd3feeb75ff9b7547accd6ad\"\u003e\u003ccode\u003ef6d9ee4\u003c/code\u003e\u003c/a\u003e Bump version to v0.26.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/97f817d489a212faa6dd876bf129b300ea492fbc\"\u003e\u003ccode\u003e97f817d\u003c/code\u003e\u003c/a\u003e Remove --branch flag from server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/9e53e7e8366a13e44079f252ee8e5d5000803fe2\"\u003e\u003ccode\u003e9e53e7e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/eb746d3554f8666e980fa3cffc0d03d7aa062fdd\"\u003e\u003ccode\u003eeb746d3\u003c/code\u003e\u003c/a\u003e Bump extension version to v0.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8834520c7d4ebd067527bc9ba0db3aff586e5df8\"\u003e\u003ccode\u003e8834520\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4030\"\u003e#4030\u003c/a\u003e from Shopify/use-prism-parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/e4026eac5293387aa1e77a62253ae5dc5a9806b5\"\u003e\u003ccode\u003ee4026ea\u003c/code\u003e\u003c/a\u003e Use Prism parser for Sorbet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/81843e7a15f2b5428dbe73d87ef3a3ceccb6c411\"\u003e\u003ccode\u003e81843e7\u003c/code\u003e\u003c/a\u003e Bump Sorbet to 0.6.13055\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/b61a59498b70e864ac67c87bafbf72851ecb2ba7\"\u003e\u003ccode\u003eb61a594\u003c/code\u003e\u003c/a\u003e Remove rubyLsp.branch setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8c1e9b6b3f69a45dd6853d43d3dfae158f9e555d\"\u003e\u003ccode\u003e8c1e9b6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4028\"\u003e#4028\u003c/a\u003e from Shopify/dependabot/npm_and_yarn/vscode/minor-an...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Shopify/ruby-lsp/compare/v0.19.1...v0.26.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.0.16 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.1.21] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.20] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.19] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.18] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.17] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.16] - 2025-06-04\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-47m2-26rw-j2jw\"\u003eCVE-2025-49007\u003c/a\u003e Fix ReDoS in multipart request.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ae8431120e66e92d1885ab8ec0a553d9cad5ec13\"\u003e\u003ccode\u003eae84311\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/87961c306df1894fb5efaa57d29179091b4bc194\"\u003e\u003ccode\u003e87961c3\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fd1c23dc762225e68b50d392142e6a6bf54bf9af\"\u003e\u003ccode\u003efd1c23d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c59d924f215e41ae8ce1bae1633c34f1ca64b182\"\u003e\u003ccode\u003ec59d924\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/176f468e0d575e2f4d7583ff95f30bb53360e3fe\"\u003e\u003ccode\u003e176f468\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/28569342665fee07f161f0974826eb85c1244533\"\u003e\u003ccode\u003e2856934\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/17ce7836be1523a7b453f3c06fe070ad7c954708\"\u003e\u003ccode\u003e17ce783\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/367a2a0ec6fbef605c9412dadfd5763b7867441f\"\u003e\u003ccode\u003e367a2a0\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a17cb99b3440a4db09fb920407adf5ead127704c\"\u003e\u003ccode\u003ea17cb99\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/59a0966a484f2903833fa3e4c81919d3c645738d\"\u003e\u003ccode\u003e59a0966\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.0.16...v3.1.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Lynquatiq/entitlements-github-plugin/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Lynquatiq/entitlements-github-plugin/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lynquatiq%2Fentitlements-github-plugin/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"3.2.5","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-04-08T08:07:12.000Z","version_change":"3.2.5 → 3.2.6","issue":{"uuid":"4223046444","node_id":"PR_kwDOAHi-687QvF9R","number":2934,"state":"closed","title":"Bump the bundler group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-09T06:52:03.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T08:07:12.000Z","updated_at":"2026-04-09T06:52:13.000Z","time_to_close":81891,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":3,"packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"},{"name":"addressable","old_version":"2.8.9","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 3 updates in the / directory: [rack](https://github.com/rack/rack), [rack-session](https://github.com/rack/rack-session) and [addressable](https://github.com/sporkmonger/addressable).\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.9 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.9...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/onetimesecret/onetimesecret/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/onetimesecret/onetimesecret/pull/2934","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onetimesecret%2Fonetimesecret/issues/2934","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2934/packages"}},{"old_version":"3.1.15","new_version":"3.2.6","update_type":"minor","path":null,"pr_created_at":"2026-04-08T07:41:29.000Z","version_change":"3.1.15 → 3.2.6","issue":{"uuid":"4222907401","node_id":"PR_kwDOPVgz5c7Qursv","number":248,"state":"open","title":"build(deps): bump the bundler group across 2 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","ruby","Stale"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-08T07:41:29.000Z","updated_at":"2026-04-16T05:36:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"bundler","update_count":5,"packages":[{"name":"sinatra","old_version":"4.1.1","new_version":"4.2.0","repository_url":"https://github.com/sinatra/sinatra"},{"name":"rack","old_version":"3.1.15","new_version":"3.2.6"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rexml","old_version":"3.4.0","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 1 update in the /src/email directory: [sinatra](https://github.com/sinatra/sinatra).\nBumps the bundler group with 2 updates in the /src/react-native-app directory: [addressable](https://github.com/sporkmonger/addressable) and [rexml](https://github.com/ruby/rexml).\n\nUpdates `sinatra` from 4.1.1 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md\"\u003esinatra's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.2.0 / 2025-10-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003e:static_headers\u003c/code\u003e setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Avoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/f2ad45f7d2456172974a30d300e9f82424336e09\"\u003e\u003ccode\u003ef2ad45f\u003c/code\u003e\u003c/a\u003e 4.2.0 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2122\"\u003e#2122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd\"\u003e\u003ccode\u003e3fe8c38\u003c/code\u003e\u003c/a\u003e Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/fa99a21461d4f1f5337b9b9d7a38a1b51c8f4e55\"\u003e\u003ccode\u003efa99a21\u003c/code\u003e\u003c/a\u003e \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ea0d3fae36d8bba330c1d1f88ef1be2e9e54516a\"\u003e\u003ccode\u003eea0d3fa\u003c/code\u003e\u003c/a\u003e Skip broken tests. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2115\"\u003e#2115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/5e1598501eb23a8673d61034df7be7d50c228400\"\u003e\u003ccode\u003e5e15985\u003c/code\u003e\u003c/a\u003e Sync changelog for v4.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/91cfb548c9e50a65324a9ce9e4ea5f10cd897027\"\u003e\u003ccode\u003e91cfb54\u003c/code\u003e\u003c/a\u003e Add :static_headers setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/c918134b0a520cb80b8b4cc3ab222cb6bbd9c827\"\u003e\u003ccode\u003ec918134\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003erubygems_mfa_required\u003c/code\u003e for the \u003ccode\u003esinatra\u003c/code\u003e gem (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2087\"\u003e#2087\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ac3ff2363b6dfc61d2b438c4dfccc515bc6bf48c\"\u003e\u003ccode\u003eac3ff23\u003c/code\u003e\u003c/a\u003e README: Remove duplicate mention of installing puma (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2091\"\u003e#2091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/cfcc70dee1133690207b5a3dc6000426ec04e250\"\u003e\u003ccode\u003ecfcc70d\u003c/code\u003e\u003c/a\u003e CI: don't use \u003ccode\u003eRack::Lint\u003c/code\u003e on invalid hostname (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2086\"\u003e#2086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/c235249abaafa2780b540aca1813dfcf3d17c2dd\"\u003e\u003ccode\u003ec235249\u003c/code\u003e\u003c/a\u003e CI: Test with Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2083\"\u003e#2083\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sinatra/sinatra/compare/v4.1.1...v4.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.15 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.5] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.2] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.1.15...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.4.0 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.4.0...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/burhanuddin-anw/opentelemetry-demo/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/burhanuddin-anw/opentelemetry-demo/pull/248","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/burhanuddin-anw%2Fopentelemetry-demo/issues/248","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/248/packages"}},{"old_version":"3.2.5","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-04-08T03:39:19.000Z","version_change":"3.2.5 → 3.2.6","issue":{"uuid":"4221913725","node_id":"PR_kwDOMffEC87Qrvfj","number":666,"state":"closed","title":"Bump the bundler group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-09T03:52:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T03:39:19.000Z","updated_at":"2026-04-09T03:52:27.000Z","time_to_close":87179,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":2,"packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the / directory: [rack](https://github.com/rack/rack) and [rack-session](https://github.com/rack/rack-session).\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/seahal/umaxica-apps-jit/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/seahal/umaxica-apps-jit/pull/666","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/seahal%2Fumaxica-apps-jit/issues/666","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/666/packages"}},{"old_version":"3.2.5","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-04-08T03:19:38.000Z","version_change":"3.2.5 → 3.2.6","issue":{"uuid":"4221845862","node_id":"PR_kwDOAHi-687QriPq","number":2931,"state":"open","title":"Bump the bundler group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-08T03:19:38.000Z","updated_at":"2026-04-08T03:27:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":2,"packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rack-session","old_version":"2.1.1","new_version":"2.1.2","repository_url":"https://github.com/rack/rack-session"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the / directory: [rack](https://github.com/rack/rack) and [rack-session](https://github.com/rack/rack-session).\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-session` from 2.1.1 to 2.1.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack-session/blob/main/releases.md\"\u003erack-session's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-33qg-7wpp-89cq\"\u003eCVE-2026-39324\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/504367b59caf7ec78127785cc6351f46be14f8ca\"\u003e\u003ccode\u003e504367b\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/f43638cb3a4d15c3ecaf59e67a04b47fda08eeac\"\u003e\u003ccode\u003ef43638c\u003c/code\u003e\u003c/a\u003e Don't fall back to unencrypted coder if encryptors are present.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/dadcfe60f193e8d8540bec6b95ca75bed8e5fd7e\"\u003e\u003ccode\u003edadcfe6\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/54\"\u003e#54\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/4eb9ea83b372e319c65a8c2bcfe87e8be942cf9b\"\u003e\u003ccode\u003e4eb9ea8\u003c/code\u003e\u003c/a\u003e Add top level session spec to validate existing formats.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8f94577c1d11b746692974f1417acff2856060cb\"\u003e\u003ccode\u003e8f94577\u003c/code\u003e\u003c/a\u003e Add rails to external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/38ea47da9937afb4f2140b3c23866e3791a46eaf\"\u003e\u003ccode\u003e38ea47d\u003c/code\u003e\u003c/a\u003e Allow the v2 encryptor to serialize messages with \u003ccode\u003eMarshal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/44\"\u003e#44\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/43f2e3a46393b51473bb90f54e61189465ae759d\"\u003e\u003ccode\u003e43f2e3a\u003c/code\u003e\u003c/a\u003e Fix compatibility with older Rubies.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/6a060b806399bff4961eaf6bf89535395c95549c\"\u003e\u003ccode\u003e6a060b8\u003c/code\u003e\u003c/a\u003e Support UTF-8 data when using the JSON serializer (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/39\"\u003e#39\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/8ce0146a7079332d9c58a43e418acb1ecf904ef6\"\u003e\u003ccode\u003e8ce0146\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eauth_tag\u003c/code\u003e retrieval on JRuby (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/32\"\u003e#32\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack-session/commit/77271850efd977897d02903bfde8ed51e4137a68\"\u003e\u003ccode\u003e7727185\u003c/code\u003e\u003c/a\u003e Add AEAD encryption (\u003ca href=\"https://redirect.github.com/rack/rack-session/issues/23\"\u003e#23\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack-session/compare/v2.1.1...v2.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/onetimesecret/onetimesecret/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/onetimesecret/onetimesecret/pull/2931","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onetimesecret%2Fonetimesecret/issues/2931","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2931/packages"}},{"old_version":"2.2.9","new_version":"3.2.6","update_type":"major","path":null,"pr_created_at":"2026-04-08T01:47:56.000Z","version_change":"2.2.9 → 3.2.6","issue":{"uuid":"4221560219","node_id":"PR_kwDOMt-mx87QqrMs","number":18,"state":"closed","title":"Bump the bundler group across 4 directories with 8 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-08T08:21:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T01:47:56.000Z","updated_at":"2026-04-08T08:21:18.000Z","time_to_close":23599,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":8,"packages":[{"name":"activesupport","old_version":"7.2.1","new_version":"7.2.3.1","repository_url":"https://github.com/rails/rails"},{"name":"nokogiri","old_version":"1.16.7","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"devise","old_version":"4.9.4","new_version":"5.0.3","repository_url":"https://github.com/heartcombo/devise"},{"name":"actionview","old_version":"6.1.7.8","new_version":"8.1.3"},{"name":"activestorage","old_version":"6.1.7.8","new_version":"8.1.3"},{"name":"activesupport","old_version":"6.1.7.8","new_version":"8.1.3","repository_url":"https://github.com/rails/rails"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22"},{"name":"nokogiri","old_version":"1.16.7","new_version":"1.19.2","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.9","new_version":"3.2.6"},{"name":"devise","old_version":"4.9.4","new_version":"5.0.3","repository_url":"https://github.com/heartcombo/devise"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 2 updates in the /docs directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).\nBumps the bundler group with 1 update in the /gemfiles/rails_61 directory: [devise](https://github.com/heartcombo/devise).\nBumps the bundler group with 1 update in the /gemfiles/rails_70 directory: [devise](https://github.com/heartcombo/devise).\nBumps the bundler group with 1 update in the /gemfiles/rails_71 directory: [devise](https://github.com/heartcombo/devise).\n\nUpdates `activesupport` from 7.2.1 to 7.2.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.1...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.16.7 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8\"\u003ev2.13.8\u003c/a\u003e to address CVE-2025-32414 and CVE-2025-32415. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc\"\u003eGHSA-5w6v-399v-w3cc\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.7 / 2025-03-31\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7\"\u003ev2.13.7\u003c/a\u003e, which is a bugfix release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.6 / 2025-03-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.16.7...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devise` from 4.9.4 to 5.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/releases\"\u003edevise's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.2\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0.rc\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/blob/main/CHANGELOG.md\"\u003edevise's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e5.0.3 - 2026-03-16\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix race condition vulnerability on confirmable \u0026quot;change email\u0026quot; which would allow confirming an email they don't own CVE-2026-32700 \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5783\"\u003e#5783\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5784\"\u003e#5784\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2 - 2026-02-18\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eenhancements\n\u003cul\u003e\n\u003cli\u003eAllow resource class scopes to override the global configuration for \u003ccode\u003esign_in_after_change_password\u003c/code\u003e behaviour. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5825\"\u003e#5825\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eNote\u003c/em\u003e: some users ran into an issue with this change because \u003ccode\u003eRegistrationsController\u003c/code\u003e now relies on a setting from the \u003ccode\u003e:registerable\u003c/code\u003e module. These users were configuring their own routes pointing to the \u003ccode\u003eRegistrationsController\u003c/code\u003e for resource edit/update actions mostly, without relying on the other registration actions (e.g. user sign up.), so they omitted \u003ccode\u003e:registerable\u003c/code\u003e from the model declaration. While using just a portion of the controller functionality is a valid use for \u003ccode\u003e:registerable\u003c/code\u003e (or any module really), the module must still be declared in the model, much like the other modules must be declared if you plan on using just a portion of their behavior. Please check \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5828#issuecomment-3926822788\"\u003ethis issue\u003c/a\u003e for more info.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esign_in_after_reset_password?\u003c/code\u003e check hook to passwords controller, to allow it to be customized by users. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5826\"\u003e#5826\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1 - 2026-02-13\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebug fixes\n\u003cul\u003e\n\u003cli\u003eFix translation issue with German \u003ccode\u003eE-Mail\u003c/code\u003e on invalid authentication messages caused by previous fix for incorrect grammar \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5822\"\u003e#5822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0 - 2026-01-23\u003c/h3\u003e\n\u003cp\u003eno changes\u003c/p\u003e\n\u003ch3\u003e5.0.0.rc - 2025-12-31\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Ruby \u0026lt; 2.7\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Rails \u0026lt; 7.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003e:bypass\u003c/code\u003e option from \u003ccode\u003esign_in\u003c/code\u003e helper, use \u003ccode\u003ebypass_sign_in\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003edevise_error_messages!\u003c/code\u003e helper, use \u003ccode\u003erender \u0026quot;devise/shared/error_messages\u0026quot;, resource: resource\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003escope\u003c/code\u003e second argument from \u003ccode\u003esign_in(resource, :admin)\u003c/code\u003e controller test helper, use \u003ccode\u003esign_in(resource, scope: :admin)\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::TestHelpers\u003c/code\u003e, use \u003ccode\u003eDevise::Test::ControllerHelpers\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5598\"\u003e#5598\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise.activerecord51?\u003c/code\u003e method.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove \u003ccode\u003eSecretKeyFinder\u003c/code\u003e and use \u003ccode\u003eapp.secret_key_base\u003c/code\u003e as the default secret key for \u003ccode\u003eDevise.secret_key\u003c/code\u003e if a custom \u003ccode\u003eDevise.secret_key\u003c/code\u003e is not provided.\u003c/p\u003e\n\u003cp\u003eThis is potentially a breaking change because Devise previously used the following order to find a secret key:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eapp.credentials.secret_key_base \u0026gt; app.secrets.secret_key_base \u0026gt; application.config.secret_key_base \u0026gt; application.secret_key_base\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow, it always uses \u003ccode\u003eapplication.secret_key_base\u003c/code\u003e. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for \u003ccode\u003erecoverable\u003c/code\u003e, \u003ccode\u003elockable\u003c/code\u003e, and \u003ccode\u003econfirmable\u003c/code\u003e will be invalid.\n\u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5645\"\u003e#5645\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange password instructions button label on devise view from \u003ccode\u003eSend me reset password instructions\u003c/code\u003e to \u003ccode\u003eSend me password reset instructions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5515\"\u003e#5515\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange \u003ccode\u003e\u0026lt;br\u0026gt;\u003c/code\u003e tags separating form elements to wrapping them in \u003ccode\u003e\u0026lt;p\u0026gt;\u003c/code\u003e tags \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5494\"\u003e#5494\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReplace \u003ccode\u003e[data-turbo-cache=false]\u003c/code\u003e with \u003ccode\u003e[data-turbo-temporary]\u003c/code\u003e on \u003ccode\u003edevise/shared/error_messages\u003c/code\u003e partial. This has been \u003ca href=\"https://github.com/hotwired/turbo/releases/tag/v7.3.0\"\u003edeprecated by Turbo since v7.3.0 (released on Mar 1, 2023)\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIf you are using an older version of Turbo and the default devise template, you'll need to copy it over to your app and change that back to \u003ccode\u003e[data-turbo-cache=false]\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eenhancements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Rails 8 support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/2f809205b2a9112767e68e1a5666c649a42609c6\"\u003e\u003ccode\u003e2f80920\u003c/code\u003e\u003c/a\u003e Release v5.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/53347074021b38590653b95523f9b7113e5dcfdc\"\u003e\u003ccode\u003e5334707\u003c/code\u003e\u003c/a\u003e Add CVE to changelog [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/02527772bd9adbc3357d9c62fbc16e73e438121d\"\u003e\u003ccode\u003e0252777\u003c/code\u003e\u003c/a\u003e Fix race condition vulnerability, by ensuring the \u003ccode\u003eunconfirmed_email\u003c/code\u003e is alwa...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/879f79fceaf2ec6525219ee7bb4057ce4db65729\"\u003e\u003ccode\u003e879f79f\u003c/code\u003e\u003c/a\u003e Bundle update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/0f4493bd0302f85d1662b71c4f2145268fecc200\"\u003e\u003ccode\u003e0f4493b\u003c/code\u003e\u003c/a\u003e Configure default permissions as read-only for the workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/8c785761bd3c717793f0da4146dd630865568567\"\u003e\u003ccode\u003e8c78576\u003c/code\u003e\u003c/a\u003e Ignore test/** folder for GH default code scanning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/c9e655e13253dc53e3c0981a8345f134bcda1fc5\"\u003e\u003ccode\u003ec9e655e\u003c/code\u003e\u003c/a\u003e Bundle update, clear dependabot security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/3fd061095084d8f9d3f8c995c46caabcd15640fd\"\u003e\u003ccode\u003e3fd0610\u003c/code\u003e\u003c/a\u003e Add a note to the changelog about an edge case issue some users ran into\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/5b008ed51c0df3223cf727e7ad07378d6329b12f\"\u003e\u003ccode\u003e5b008ed\u003c/code\u003e\u003c/a\u003e Release v5.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/heartcombo/devise/commit/916f94ed4b4bb8e7881d5cf8c6535b7ccb368f7a\"\u003e\u003ccode\u003e916f94e\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003esign_in_after_reset_password?\u003c/code\u003e check hook to passwords controller (\u003ca href=\"https://redirect.github.com/heartcombo/devise/issues/5826\"\u003e#5826\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/heartcombo/devise/compare/v4.9.4...v5.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 6.1.7.8 to 8.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.1.3\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eJSONGemCoderEncoder\u003c/code\u003e to correctly serialize custom object hash keys.\u003c/p\u003e\n\u003cp\u003eWhen hash keys are custom objects whose \u003ccode\u003eas_json\u003c/code\u003e returns a Hash,\nthe encoder now calls \u003ccode\u003eto_s\u003c/code\u003e on the original key object instead of\non the \u003ccode\u003eas_json\u003c/code\u003e result.\u003c/p\u003e\n\u003cp\u003eBefore:\nhash = {CustomKey.new(123) =\u0026gt; \u0026quot;value\u0026quot;}\nhash.to_json  # =\u0026gt; {\u0026quot;{:id=\u0026gt;123}\u0026quot;:\u0026quot;value\u0026quot;}\u003c/p\u003e\n\u003cp\u003eAfter:\nhash.to_json  # =\u0026gt; {\u0026quot;custom_123\u0026quot;:\u0026quot;value\u0026quot;}\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eDan Sharp\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix inflections to better handle overlapping acronyms.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.inflections(:en) do |inflect|\r\n  inflect.acronym \u0026quot;USD\u0026quot;\r\n  inflect.acronym \u0026quot;USDC\u0026quot;\r\nend\r\n\u003cp\u003e\u0026quot;USDC\u0026quot;.underscore # =\u0026gt; \u0026quot;usdc\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSilence Dalli 4.0+ warning when using \u003ccode\u003eActiveSupport::Cache::MemCacheStore\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ezzak\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix Ruby 4.0 delegator warning when calling inspect on attributes.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eHammad Khan\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNoMethodError\u003c/code\u003e when deserialising \u003ccode\u003eType::Integer\u003c/code\u003e objects marshalled under Rails 8.0.\u003c/p\u003e\n\u003cp\u003eThe performance optimisation that replaced \u003ccode\u003e@range\u003c/code\u003e with \u003ccode\u003e@max\u003c/code\u003e/\u003ccode\u003e@min\u003c/code\u003e\nbroke Marshal compatibility. Objects serialised under 8.0 (with \u003ccode\u003e@range\u003c/code\u003e)\nand deserialised under 8.1 (expecting \u003ccode\u003e@max\u003c/code\u003e/\u003ccode\u003e@min\u003c/code\u003e) would crash with\n\u003ccode\u003eundefined method '\u0026lt;=' for nil\u003c/code\u003e because \u003ccode\u003eMarshal.load\u003c/code\u003e restores instance\nvariables without calling \u003ccode\u003einitialize\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/blob/v8.1.3/actionview/CHANGELOG.md\"\u003eactionview's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRails 8.1.3 (March 24, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix encoding errors for string locals containing non-ASCII characters.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eKataoka Katsuki\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix collection caching to only forward \u003ccode\u003eexpires_in\u003c/code\u003e argument if explicitly set.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ePieter Visser\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRails 8.1.2.1 (March 23, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix possible XSS in DebugExceptions middleware\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33167]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJohn Hawthorn\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRails 8.1.2 (January 08, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003efile_field\u003c/code\u003e to join mime types with a comma when provided as Array\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003efile_field(:article, :image, accept: ['image/png', 'image/gif', 'image/jpeg'])\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow behaves likes:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003efile_field(:article, :image, accept: 'image/png,image/gif,image/jpeg')\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cem\u003eBogdan Gusiev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix strict locals parsing to handle multiline definitions.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003econtent_security_policy_nonce\u003c/code\u003e error in mailers when using \u003ccode\u003econtent_security_policy_nonce_auto\u003c/code\u003e setting.\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003econtent_security_policy_nonce helper\u003c/code\u003e is provided by \u003ccode\u003eActionController::ContentSecurityPolicy\u003c/code\u003e, and it relies on \u003ccode\u003erequest.content_security_policy_nonc\u003c/code\u003ee. Mailers lack both the module and the request object.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJarrett Lusso\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fa8f0812160665bff083a089d2bb2fc1817ea03e\"\u003e\u003ccode\u003efa8f081\u003c/code\u003e\u003c/a\u003e Preparing for 8.1.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/63cef3de3bd88d5973837ea268dc710e7dbf7b8e\"\u003e\u003ccode\u003e63cef3d\u003c/code\u003e\u003c/a\u003e Merge branch '8-1-sec' into 8-1-stable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/1db4b89687cc18311fc3f92623136705df24e671\"\u003e\u003ccode\u003e1db4b89\u003c/code\u003e\u003c/a\u003e Preparing for 8.1.2.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/1c7d1cf0a1ab4142eb20ef30fe2062aad6f72e21\"\u003e\u003ccode\u003e1c7d1cf\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/e91694b1f0e176eb01bfcc480a008bffc70f7602\"\u003e\u003ccode\u003ee91694b\u003c/code\u003e\u003c/a\u003e Update CHANGELOG (8.1 only)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d\"\u003e\u003ccode\u003e63f5ad8\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/e598b9427876ba44bd62c48390e6568476b3f8f0\"\u003e\u003ccode\u003ee598b94\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56906\"\u003e#56906\u003c/a\u003e from kataokatsuki/fix-strict-locals-non-ascii-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c2ea79c21161de7eb271b2789fbed21dde504071\"\u003e\u003ccode\u003ec2ea79c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56891\"\u003e#56891\u003c/a\u003e from pietervisser/fix-collection-caching-to-preserv...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d7c8ae65b7045490965218a994c300aea8dbb079\"\u003e\u003ccode\u003ed7c8ae6\u003c/code\u003e\u003c/a\u003e Preparing for 8.1.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/27aa94fb4430b8dd9464081ad9b5ca083452570c\"\u003e\u003ccode\u003e27aa94f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56389\"\u003e#56389\u003c/a\u003e from bogdan/semantic-file-input-accept\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v6.1.7.8...v8.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 6.1.7.8 to 8.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.1.3\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eJSONGemCoderEncoder\u003c/code\u003e to correctly serialize custom object hash keys.\u003c/p\u003e\n\u003cp\u003eWhen hash keys are custom objects whose \u003ccode\u003eas_json\u003c/code\u003e returns a Hash,\nthe encoder now calls \u003ccode\u003eto_s\u003c/code\u003e on the original key object instead of\non the \u003ccode\u003eas_json\u003c/code\u003e result.\u003c/p\u003e\n\u003cp\u003eBefore:\nhash = {CustomKey.new(123) =\u0026gt; \u0026quot;value\u0026quot;}\nhash.to_json  # =\u0026gt; {\u0026quot;{:id=\u0026gt;123}\u0026quot;:\u0026quot;value\u0026quot;}\u003c/p\u003e\n\u003cp\u003eAfter:\nhash.to_json  # =\u0026gt; {\u0026quot;custom_123\u0026quot;:\u0026quot;value\u0026quot;}\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eDan Sharp\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix inflections to better handle overlapping acronyms.\u003c/p\u003e\n\u003cpre lang=\"ruby\"\u003e\u003ccode\u003eActiveSupport::Inflector.inflections(:en) do |inflect|\r\n  inflect.acronym \u0026quot;USD\u0026quot;\r\n  inflect.acronym \u0026quot;USDC\u0026quot;\r\nend\r\n\u003cp\u003e\u0026quot;USDC\u0026quot;.underscore # =\u0026gt; \u0026quot;usdc\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eSaid Kaldybaev\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSilence Dalli 4.0+ warning when using \u003ccode\u003eActiveSupport::Cache::MemCacheStore\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ezzak\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix Ruby 4.0 delegator warning when calling inspect on attributes.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eHammad Khan\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNoMethodError\u003c/code\u003e when deserialising \u003ccode\u003eType::Integer\u003c/code\u003e objects marshalled under Rails 8.0.\u003c/p\u003e\n\u003cp\u003eThe performance optimisation that replaced \u003ccode\u003e@range\u003c/code\u003e with \u003ccode\u003e@max\u003c/code\u003e/\u003ccode\u003e@min\u003c/code\u003e\nbroke Marshal compatibility. Objects serialised under 8.0 (with \u003ccode\u003e@range\u003c/code\u003e)\nand deserialised under 8.1 (expecting \u003ccode\u003e@max\u003c/code\u003e/\u003ccode\u003e@min\u003c/code\u003e) would crash with\n\u003ccode\u003eundefined method '\u0026lt;=' for nil\u003c/code\u003e because \u003ccode\u003eMarshal.load\u003c/code\u003e restores instance\nvariables without calling \u003ccode\u003einitialize\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/blob/v8.1.3/activestorage/CHANGELOG.md\"\u003eactivestorage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRails 8.1.3 (March 24, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eActiveStorage::Blob\u003c/code\u003e content type predicate methods to handle \u003ccode\u003enil\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eDaichi KUDO\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRails 8.1.2.1 (March 23, 2026)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFilter user supplied metadata in DirectUploadController\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33173]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eConfigurable maxmimum streaming chunk size\u003c/p\u003e\n\u003cp\u003eMakes sure that byte ranges for blobs don't exceed 100mb by default.\nContent ranges that are too big can result in denial of service.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33174]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eGannon McGibbon\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLimit range requests to a single range\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33658]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePrevent path traversal in \u003ccode\u003eDiskService\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eDiskService#path_for\u003c/code\u003e now raises an \u003ccode\u003eInvalidKeyError\u003c/code\u003e when passed keys with dot segments (\u0026quot;.\u0026quot;,\n\u0026quot;..\u0026quot;), or if the resolved path is outside the storage root directory.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003e#path_for\u003c/code\u003e also now consistently raises \u003ccode\u003eInvalidKeyError\u003c/code\u003e if the key is invalid in any way, for\nexample containing null bytes or having an incompatible encoding. Previously, the exception\nraised may have been \u003ccode\u003eArgumentError\u003c/code\u003e or \u003ccode\u003eEncoding::CompatibilityError\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eDiskController\u003c/code\u003e now explicitly rescues \u003ccode\u003eInvalidKeyError\u003c/code\u003e with appropriate HTTP status codes.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33195]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePrevent glob injection in \u003ccode\u003eDiskService#delete_prefixed\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eEscape glob metacharacters in the resolved path before passing to \u003ccode\u003eDir.glob\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fa8f0812160665bff083a089d2bb2fc1817ea03e\"\u003e\u003ccode\u003efa8f081\u003c/code\u003e\u003c/a\u003e Preparing for 8.1.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/63cef3de3bd88d5973837ea268dc710e7dbf7b8e\"\u003e\u003ccode\u003e63cef3d\u003c/code\u003e\u003c/a\u003e Merge branch '8-1-sec' into 8-1-stable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/1db4b89687cc18311fc3f92623136705df24e671\"\u003e\u003ccode\u003e1db4b89\u003c/code\u003e\u003c/a\u003e Preparing for 8.1.2.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/1c7d1cf0a1ab4142eb20ef30fe2062aad6f72e21\"\u003e\u003ccode\u003e1c7d1cf\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8c9676b803820110548cdb7523800db43bc6874c\"\u003e\u003ccode\u003e8c9676b\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655\"\u003e\u003ccode\u003e9b06fbc\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d9502f5214e2198245a4c1defe9cd02a7c8057d0\"\u003e\u003ccode\u003ed9502f5\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/85ec5b1e00d3197d8c69a5e622e1b398a1b10b06\"\u003e\u003ccode\u003e85ec5b1\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a\"\u003e\u003ccode\u003e42012ea\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/064cea7d610f6020bc8cb97cb693d1fb15ed23c8\"\u003e\u003ccode\u003e064cea7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/56783\"\u003e#56783\u003c/a\u003e from kudoas/fix-activestorage-blob-content-type-nil\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v6.1.7.8...v8.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 6.1.7.8 to 8.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.2.3.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ba76fca032a66f3716ca8a661c9ddb006acaf885\"\u003e\u003ccode\u003eba76fca\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8a379f43ea3e1c62fc7f6eabc1808ae9f74f726d\"\u003e\u003ccode\u003e8a379f4\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974\"\u003e\u003ccode\u003eb54a4b3\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb\"\u003e\u003ccode\u003ec1ad0e8\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a\"\u003e\u003ccode\u003eebd6be1\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/4a155f1fd7d4a1887b169eda4983a052fb2e2f13\"\u003e\u003ccode\u003e4a155f1\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bb2bdef2925433a0c5db31b873f9faddf2e2e65d\"\u003e\u003ccode\u003ebb2bdef\u003c/code\u003e\u003c/a\u003e Preparing for 7.2.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/fe41a9fa77412917ea3f228d6a742f31ad21e26d\"\u003e\u003ccode\u003efe41a9f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/12040a3145012fb312eb2d70fc700f4d34a27934\"\u003e\u003ccode\u003e12040a3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55808\"\u003e#55808\u003c/a\u003e from olivier-thatch/fix-enum-sole\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/58630e19ad0fe3c822302ae147ad1f863c95de2e\"\u003e\u003ccode\u003e58630e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55794\"\u003e#55794\u003c/a\u003e from rails/fix-55513\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v7.2.1...v7.2.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.16.7 to 1.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8\"\u003ev2.13.8\u003c/a\u003e to address CVE-2025-32414 and CVE-2025-32415. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc\"\u003eGHSA-5w6v-399v-w3cc\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.7 / 2025-03-31\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7\"\u003ev2.13.7\u003c/a\u003e, which is a bugfix release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.6 / 2025-03-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.16.7...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 2.2.9 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1\"\u003ehttps://github.com/rack/rack/compare/v3.0.9...v3.0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix content-length calcuation in Rack:Response#write \u003ca href=\"https://redirect.github.com/rack/rack/issues/2150\"\u003e#2150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.8...v3.0.9\"\u003ehttps://github.com/rack/rack/compare/v3.0.8...v3.0.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u0026quot;Fix some unused variable verbose warnings\u0026quot; by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2084\"\u003erack/rack#2084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2084\"\u003erack/rack#2084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.7...v3.0.8\"\u003ehttps://github.com/rack/rack/compare/v3.0.7...v3.0.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u0026quot;Make query parameters without = have nil values\u0026quot;. by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2060\"\u003erack/rack#2060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7\"\u003ehttps://github.com/rack/rack/compare/v3.0.6.1...v3.0.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.6.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.0.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1\"\u003ehttps://github.com/rack/rack/compare/v3.0.4...v3.0.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.3...v3.0.4\"\u003ehttps://github.com/rack/rack/compare/v3.0.3...v3.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRelease v3.0.3 by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2000\"\u003erack/rack#2000\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.5] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.2] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.9...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devise` from 4.9.4 to 5.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/releases\"\u003edevise's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.2\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.2/CHANGELOG.md#502---2026-02-18\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.1/CHANGELOG.md#501---2026-02-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0/CHANGELOG.md#500---2026-01-23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0.rc\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\"\u003ehttps://github.com/heartcombo/devise/blob/v5.0.0.rc/CHANGELOG.md#500rc---2025-12-31\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/heartcombo/devise/blob/main/CHANGELOG.md\"\u003edevise's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e5.0.3 - 2026-03-16\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esecurity fixes\n\u003cul\u003e\n\u003cli\u003eFix race condition vulnerability on confirmable \u0026quot;change email\u0026quot; which would allow confirming an email they don't own CVE-2026-32700 \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5783\"\u003e#5783\u003c/a\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5784\"\u003e#5784\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2 - 2026-02-18\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eenhancements\n\u003cul\u003e\n\u003cli\u003eAllow resource class scopes to override the global configuration for \u003ccode\u003esign_in_after_change_password\u003c/code\u003e behaviour. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5825\"\u003e#5825\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eNote\u003c/em\u003e: some users ran into an issue with this change because \u003ccode\u003eRegistrationsController\u003c/code\u003e now relies on a setting from the \u003ccode\u003e:registerable\u003c/code\u003e module. These users were configuring their own routes pointing to the \u003ccode\u003eRegistrationsController\u003c/code\u003e for resource edit/update actions mostly, without relying on the other registration actions (e.g. user sign up.), so they omitted \u003ccode\u003e:registerable\u003c/code\u003e from the model declaration. While using just a portion of the controller functionality is a valid use for \u003ccode\u003e:registerable\u003c/code\u003e (or any module really), the module must still be declared in the model, much like the other modules must be declared if you plan on using just a portion of their behavior. Please check \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5828#issuecomment-3926822788\"\u003ethis issue\u003c/a\u003e for more info.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003esign_in_after_reset_password?\u003c/code\u003e check hook to passwords controller, to allow it to be customized by users. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5826\"\u003e#5826\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1 - 2026-02-13\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebug fixes\n\u003cul\u003e\n\u003cli\u003eFix translation issue with German \u003ccode\u003eE-Mail\u003c/code\u003e on invalid authentication messages caused by previous fix for incorrect grammar \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5822\"\u003e#5822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0 - 2026-01-23\u003c/h3\u003e\n\u003cp\u003eno changes\u003c/p\u003e\n\u003ch3\u003e5.0.0.rc - 2025-12-31\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebreaking changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Ruby \u0026lt; 2.7\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop support to Rails \u0026lt; 7.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003e:bypass\u003c/code\u003e option from \u003ccode\u003esign_in\u003c/code\u003e helper, use \u003ccode\u003ebypass_sign_in\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003edevise_error_messages!\u003c/code\u003e helper, use \u003ccode\u003erender \u0026quot;devise/shared/error_messages\u0026quot;, resource: resource\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003escope\u003c/code\u003e second argument from \u003ccode\u003esign_in(resource, :admin)\u003c/code\u003e controller test helper, use \u003ccode\u003esign_in(resource, scope: :admin)\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::TestHelpers\u003c/code\u003e, use \u003ccode\u003eDevise::Test::ControllerHelpers\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5803\"\u003e#5803\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION\u003c/code\u003e \u003ca href=\"https://redirect.github.com/heartcombo/devise/pull/5598\"\u003e#5598\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove deprecated \u003ccode\u003eDevise.activerecord51?\u003c/code\u003e method.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove \u003ccode\u003eSecretKeyFinder\u003c/code\u003e and use \u003ccode\u003eapp.secre...\n\n_Description has been truncated_","html_url":"https://github.com/waveaccounting/activeadmin/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/waveaccounting%2Factiveadmin/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"}},{"old_version":"3.2.5","new_version":"3.2.6","update_type":"patch","path":"the bundler group across 1 directory","pr_created_at":"2026-04-07T04:35:21.000Z","version_change":"3.2.5 → 3.2.6","issue":{"uuid":"4215431593","node_id":"PR_kwDOAHi-687QYbup","number":2908,"state":"open","title":"Bump rack from 3.2.5 to 3.2.6 in the bundler group across 1 directory","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-07T04:35:21.000Z","updated_at":"2026-04-07T04:43:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"}],"path":"the bundler group across 1 directory","ecosystem":"rubygems"},"body":"Bumps the bundler group with 1 update in the / directory: [rack](https://github.com/rack/rack).\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack\u0026package-manager=bundler\u0026previous-version=3.2.5\u0026new-version=3.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/onetimesecret/onetimesecret/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/onetimesecret/onetimesecret/pull/2908","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onetimesecret%2Fonetimesecret/issues/2908","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2908/packages"}},{"old_version":"3.2.5","new_version":"3.2.6","update_type":"patch","path":null,"pr_created_at":"2026-04-04T21:52:34.000Z","version_change":"3.2.5 → 3.2.6","issue":{"uuid":"4205880343","node_id":"PR_kwDOBb_6ec7P_h25","number":239,"state":"closed","title":"build(deps): Bump the non-major-updates group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-18T21:52:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-04T21:52:34.000Z","updated_at":"2026-04-18T21:52:34.000Z","time_to_close":1209599,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"non-major-updates","update_count":2,"packages":[{"name":"rack","old_version":"3.2.5","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"rubocop","old_version":"1.85.1","new_version":"1.86.0","repository_url":"https://github.com/rubocop/rubocop"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the non-major-updates group with 2 updates in the /apps/api directory: [rack](https://github.com/rack/rack) and [rubocop](https://github.com/rubocop/rubocop).\n\nUpdates `rack` from 3.2.5 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rubocop` from 1.85.1 to 1.86.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rubocop/rubocop/releases\"\u003erubocop's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRuboCop v1.86.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15000\"\u003e#15000\u003c/a\u003e: Display ZJIT usage when running under LSP. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14961\"\u003e#14961\u003c/a\u003e: Add \u003ccode\u003eAllowedParentClasses\u003c/code\u003e option to \u003ccode\u003eStyle/EmptyClassDefinition\u003c/code\u003e. (\u003ca href=\"https://github.com/hammadkhan\"\u003e\u003ccode\u003e@​hammadkhan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14977\"\u003e#14977\u003c/a\u003e: Support \u003ccode\u003eAllowedReceivers\u003c/code\u003e for \u003ccode\u003eStyle/HashLookupMethod\u003c/code\u003e. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/ConcatArrayLiterals\u003c/code\u003e autocorrect deleting code for percent literals with interpolation. (\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14897\"\u003e#14897\u003c/a\u003e: Detect constant reassignment after class/module definition in \u003ccode\u003eLint/ConstantReassignment\u003c/code\u003e. (\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/11829\"\u003e#11829\u003c/a\u003e: Fix false negatives for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when duplicate methods are defined in anonymous classes and modules not assigned to a constant. (\u003ca href=\"https://github.com/Darhazer\"\u003e\u003ccode\u003e@​Darhazer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14988\"\u003e#14988\u003c/a\u003e: Fix false negative in \u003ccode\u003eStyle/RedundantParentheses\u003c/code\u003e when redundant parentheses around range literals in block body. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14916\"\u003e#14916\u003c/a\u003e: Fix false positive for \u003ccode\u003eLayout/MultilineMethodCallIndentation\u003c/code\u003e when method chain is inside a hash pair value passed to a multiline chained method call. (\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15010\"\u003e#15010\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when modules blocks are passed as method arguments. (\u003ca href=\"https://github.com/5hun-s\"\u003e\u003ccode\u003e@​5hun-s\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15028\"\u003e#15028\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when the same method is defined in different anonymous module blocks passed to a no-receiver call (e.g. \u003ccode\u003estub_const\u003c/code\u003e). (\u003ca href=\"https://github.com/Darhazer\"\u003e\u003ccode\u003e@​Darhazer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15021\"\u003e#15021\u003c/a\u003e: Fix false positives in \u003ccode\u003eLayout/EmptyLineAfterGuardClause\u003c/code\u003e when using a guard clause followed by a multi-line guard clause with \u003ccode\u003eraise\u003c/code\u003e, \u003ccode\u003efail\u003c/code\u003e, \u003ccode\u003ereturn\u003c/code\u003e, \u003ccode\u003ebreak\u003c/code\u003e, or \u003ccode\u003enext\u003c/code\u003e. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15001\"\u003e#15001\u003c/a\u003e: Fix false positives in \u003ccode\u003eLayout/RedundantLineBreak\u003c/code\u003e when setting \u003ccode\u003eInspectBlocks: true\u003c/code\u003e and using \u003ccode\u003erescue\u003c/code\u003e or \u003ccode\u003eensure\u003c/code\u003e in the block. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14997\"\u003e#14997\u003c/a\u003e: Fix false positives in \u003ccode\u003eStyle/FileOpen\u003c/code\u003e when assigning \u003ccode\u003eFile.open\u003c/code\u003e to an instance variable, class variable, global variable, or constant. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15019\"\u003e#15019\u003c/a\u003e: Fix false positives in \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when the same method is defined in anonymous module blocks passed to different receivers. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14987\"\u003e#14987\u003c/a\u003e: Complete ERB and Haml autocorrection in a single run. (\u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15039\"\u003e#15039\u003c/a\u003e: Fix incorrect autocorrect in \u003ccode\u003eStyle/IfWithSemicolon\u003c/code\u003e when \u003ccode\u003ereturn\u003c/code\u003e with value is in the \u003ccode\u003eelse\u003c/code\u003e branch. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14930\"\u003e#14930\u003c/a\u003e: Fix incorrect autocorrection for \u003ccode\u003eStyle/IfUnlessModifier\u003c/code\u003e when multiple \u003ccode\u003eif\u003c/code\u003e/\u003ccode\u003eunless\u003c/code\u003e modifier forms are on the same line inside a collection. (\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14985\"\u003e#14985\u003c/a\u003e: Fix incorrect autocorrection in \u003ccode\u003eLint/SafeNavigationChain\u003c/code\u003e when chaining a method call after safe navigation in the if branch of a ternary. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15009\"\u003e#15009\u003c/a\u003e: Fix infinite loop in \u003ccode\u003eLayout/EndAlignment\u003c/code\u003e when \u003ccode\u003eend\u003c/code\u003e is followed by \u003ccode\u003e||\u003c/code\u003e or \u003ccode\u003e\u0026amp;\u0026amp;\u003c/code\u003e. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14981\"\u003e#14981\u003c/a\u003e: Fix spurious warning \u0026quot;does not support \u003ccode\u003eSafe\u003c/code\u003e/\u003ccode\u003eSafeAutoCorrect\u003c/code\u003e parameter\u0026quot; when those parameters are set for cops that don't have them in their default configuration. ([\u003ca href=\"https://github.com/dduugg\"\u003e\u003ccode\u003e@​dduugg\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15043\"\u003e#15043\u003c/a\u003e: Fix an error for \u003ccode\u003eLint/UselessDefaultValueArgument\u003c/code\u003e when \u003ccode\u003efetch\u003c/code\u003e without a receiver is inside a \u003ccode\u003efetch\u003c/code\u003e block. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15034\"\u003e#15034\u003c/a\u003e: Fix incorrect autocorrection in \u003ccode\u003eStyle/IfWithSemicolon\u003c/code\u003e when using single-line \u003ccode\u003eunless\u003c/code\u003e / \u003ccode\u003e;\u003c/code\u003e / \u003ccode\u003eend\u003c/code\u003e. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/NonNilCheck\u003c/code\u003e autocorrect for receivers containing spaces. (\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/RaiseArgs\u003c/code\u003e to allow anonymous keyword forwarding (\u003ccode\u003eraise Ex.new(**)\u003c/code\u003e). (\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14890\"\u003e#14890\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/RedundantCopDisableDirective\u003c/code\u003e when a \u003ccode\u003erubocop:disable\u003c/code\u003e comment is used to suppress \u003ccode\u003eLint/EmptyWhen\u003c/code\u003e, \u003ccode\u003eLint/EmptyConditionalBody\u003c/code\u003e, \u003ccode\u003eLint/EmptyInPattern\u003c/code\u003e, or \u003ccode\u003eStyle/SymbolProc\u003c/code\u003e. ([\u003ca href=\"https://github.com/eugeneius\"\u003e\u003ccode\u003e@​eugeneius\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix false negative in \u003ccode\u003eStyle/RedundantPercentQ\u003c/code\u003e for \u003ccode\u003e%q\u003c/code\u003e strings with interpolation-like syntax. (\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14984\"\u003e#14984\u003c/a\u003e: Fix \u003ccode\u003eStyle/AndOr\u003c/code\u003e adding unnecessary parentheses around \u003ccode\u003ereturn\u003c/code\u003e without arguments. ([\u003ca href=\"https://github.com/eugeneius\"\u003e\u003ccode\u003e@​eugeneius\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14945\"\u003e#14945\u003c/a\u003e: Support files with multiple modifiers in \u003ccode\u003eLint/UselessConstantScoping\u003c/code\u003e. ([\u003ca href=\"https://github.com/h-lame\"\u003e\u003ccode\u003e@​h-lame\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/TrailingMethodEndStatement\u003c/code\u003e to detect singleton methods (\u003ccode\u003edef self.foo\u003c/code\u003e). (\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/10822\"\u003e#10822\u003c/a\u003e: Don't store results in cache if there are warnings. ([\u003ca href=\"https://github.com/jonas054\"\u003e\u003ccode\u003e@​jonas054\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14718\"\u003e#14718\u003c/a\u003e: Allow setting \u003ccode\u003eMaxFilesInCache\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e to entirely disable cache pruning. ([\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14989\"\u003e#14989\u003c/a\u003e: Make \u003ccode\u003eLint/RedundantSafeNavigation\u003c/code\u003e aware of safe navigation in conditional true branch. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15041\"\u003e#15041\u003c/a\u003e: Remove \u003ccode\u003emcp\u003c/code\u003e gem from runtime dependencies. (\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md\"\u003erubocop's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.86.0 (2026-03-23)\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15000\"\u003e#15000\u003c/a\u003e: Display ZJIT usage when running under LSP. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14961\"\u003e#14961\u003c/a\u003e: Add \u003ccode\u003eAllowedParentClasses\u003c/code\u003e option to \u003ccode\u003eStyle/EmptyClassDefinition\u003c/code\u003e. ([\u003ca href=\"https://github.com/hammadkhan\"\u003e\u003ccode\u003e@​hammadkhan\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14977\"\u003e#14977\u003c/a\u003e: Support \u003ccode\u003eAllowedReceivers\u003c/code\u003e for \u003ccode\u003eStyle/HashLookupMethod\u003c/code\u003e. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/ConcatArrayLiterals\u003c/code\u003e autocorrect deleting code for percent literals with interpolation. ([\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14897\"\u003e#14897\u003c/a\u003e: Detect constant reassignment after class/module definition in \u003ccode\u003eLint/ConstantReassignment\u003c/code\u003e. ([\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/11829\"\u003e#11829\u003c/a\u003e: Fix false negatives for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when duplicate methods are defined in anonymous classes and modules not assigned to a constant. ([\u003ca href=\"https://github.com/Darhazer\"\u003e\u003ccode\u003e@​Darhazer\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14988\"\u003e#14988\u003c/a\u003e: Fix false negative in \u003ccode\u003eStyle/RedundantParentheses\u003c/code\u003e when redundant parentheses around range literals in block body. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14916\"\u003e#14916\u003c/a\u003e: Fix false positive for \u003ccode\u003eLayout/MultilineMethodCallIndentation\u003c/code\u003e when method chain is inside a hash pair value passed to a multiline chained method call. ([\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15010\"\u003e#15010\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when modules blocks are passed as method arguments. ([\u003ca href=\"https://github.com/5hun-s\"\u003e\u003ccode\u003e@​5hun-s\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15028\"\u003e#15028\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when the same method is defined in different anonymous module blocks passed to a no-receiver call (e.g. \u003ccode\u003estub_const\u003c/code\u003e). ([\u003ca href=\"https://github.com/Darhazer\"\u003e\u003ccode\u003e@​Darhazer\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15021\"\u003e#15021\u003c/a\u003e: Fix false positives in \u003ccode\u003eLayout/EmptyLineAfterGuardClause\u003c/code\u003e when using a guard clause followed by a multi-line guard clause with \u003ccode\u003eraise\u003c/code\u003e, \u003ccode\u003efail\u003c/code\u003e, \u003ccode\u003ereturn\u003c/code\u003e, \u003ccode\u003ebreak\u003c/code\u003e, or \u003ccode\u003enext\u003c/code\u003e. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15001\"\u003e#15001\u003c/a\u003e: Fix false positives in \u003ccode\u003eLayout/RedundantLineBreak\u003c/code\u003e when setting \u003ccode\u003eInspectBlocks: true\u003c/code\u003e and using \u003ccode\u003erescue\u003c/code\u003e or \u003ccode\u003eensure\u003c/code\u003e in the block. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14997\"\u003e#14997\u003c/a\u003e: Fix false positives in \u003ccode\u003eStyle/FileOpen\u003c/code\u003e when assigning \u003ccode\u003eFile.open\u003c/code\u003e to an instance variable, class variable, global variable, or constant. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15019\"\u003e#15019\u003c/a\u003e: Fix false positives in \u003ccode\u003eLint/DuplicateMethods\u003c/code\u003e when the same method is defined in anonymous module blocks passed to different receivers. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14987\"\u003e#14987\u003c/a\u003e: Complete ERB and Haml autocorrection in a single run. ([\u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15039\"\u003e#15039\u003c/a\u003e: Fix incorrect autocorrect in \u003ccode\u003eStyle/IfWithSemicolon\u003c/code\u003e when \u003ccode\u003ereturn\u003c/code\u003e with value is in the \u003ccode\u003eelse\u003c/code\u003e branch. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14930\"\u003e#14930\u003c/a\u003e: Fix incorrect autocorrection for \u003ccode\u003eStyle/IfUnlessModifier\u003c/code\u003e when multiple \u003ccode\u003eif\u003c/code\u003e/\u003ccode\u003eunless\u003c/code\u003e modifier forms are on the same line inside a collection. ([\u003ca href=\"https://github.com/ydakuka\"\u003e\u003ccode\u003e@​ydakuka\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14985\"\u003e#14985\u003c/a\u003e: Fix incorrect autocorrection in \u003ccode\u003eLint/SafeNavigationChain\u003c/code\u003e when chaining a method call after safe navigation in the if branch of a ternary. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15009\"\u003e#15009\u003c/a\u003e: Fix infinite loop in \u003ccode\u003eLayout/EndAlignment\u003c/code\u003e when \u003ccode\u003eend\u003c/code\u003e is followed by \u003ccode\u003e||\u003c/code\u003e or \u003ccode\u003e\u0026amp;\u0026amp;\u003c/code\u003e. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14981\"\u003e#14981\u003c/a\u003e: Fix spurious warning \u0026quot;does not support \u003ccode\u003eSafe\u003c/code\u003e/\u003ccode\u003eSafeAutoCorrect\u003c/code\u003e parameter\u0026quot; when those parameters are set for cops that don't have them in their default configuration. ([\u003ca href=\"https://github.com/dduugg\"\u003e\u003ccode\u003e@​dduugg\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15043\"\u003e#15043\u003c/a\u003e: Fix an error for \u003ccode\u003eLint/UselessDefaultValueArgument\u003c/code\u003e when \u003ccode\u003efetch\u003c/code\u003e without a receiver is inside a \u003ccode\u003efetch\u003c/code\u003e block. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15034\"\u003e#15034\u003c/a\u003e: Fix incorrect autocorrection in \u003ccode\u003eStyle/IfWithSemicolon\u003c/code\u003e when using single-line \u003ccode\u003eunless\u003c/code\u003e / \u003ccode\u003e;\u003c/code\u003e / \u003ccode\u003eend\u003c/code\u003e. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/NonNilCheck\u003c/code\u003e autocorrect for receivers containing spaces. ([\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/RaiseArgs\u003c/code\u003e to allow anonymous keyword forwarding (\u003ccode\u003eraise Ex.new(**)\u003c/code\u003e). ([\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14890\"\u003e#14890\u003c/a\u003e: Fix a false positive for \u003ccode\u003eLint/RedundantCopDisableDirective\u003c/code\u003e when a \u003ccode\u003erubocop:disable\u003c/code\u003e comment is used to suppress \u003ccode\u003eLint/EmptyWhen\u003c/code\u003e, \u003ccode\u003eLint/EmptyConditionalBody\u003c/code\u003e, \u003ccode\u003eLint/EmptyInPattern\u003c/code\u003e, or \u003ccode\u003eStyle/SymbolProc\u003c/code\u003e. ([\u003ca href=\"https://github.com/eugeneius\"\u003e\u003ccode\u003e@​eugeneius\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix false negative in \u003ccode\u003eStyle/RedundantPercentQ\u003c/code\u003e for \u003ccode\u003e%q\u003c/code\u003e strings with interpolation-like syntax. ([\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14984\"\u003e#14984\u003c/a\u003e: Fix \u003ccode\u003eStyle/AndOr\u003c/code\u003e adding unnecessary parentheses around \u003ccode\u003ereturn\u003c/code\u003e without arguments. ([\u003ca href=\"https://github.com/eugeneius\"\u003e\u003ccode\u003e@​eugeneius\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14945\"\u003e#14945\u003c/a\u003e: Support files with multiple modifiers in \u003ccode\u003eLint/UselessConstantScoping\u003c/code\u003e. ([\u003ca href=\"https://github.com/h-lame\"\u003e\u003ccode\u003e@​h-lame\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/15015\"\u003e#15015\u003c/a\u003e: Fix \u003ccode\u003eStyle/TrailingMethodEndStatement\u003c/code\u003e to detect singleton methods (\u003ccode\u003edef self.foo\u003c/code\u003e). ([\u003ca href=\"https://github.com/bbatsov\"\u003e\u003ccode\u003e@​bbatsov\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/10822\"\u003e#10822\u003c/a\u003e: Don't store results in cache if there are warnings. ([\u003ca href=\"https://github.com/jonas054\"\u003e\u003ccode\u003e@​jonas054\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14718\"\u003e#14718\u003c/a\u003e: Allow setting \u003ccode\u003eMaxFilesInCache\u003c/code\u003e to \u003ccode\u003efalse\u003c/code\u003e to entirely disable cache pruning. ([\u003ca href=\"https://github.com/byroot\"\u003e\u003ccode\u003e@​byroot\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/pull/14989\"\u003e#14989\u003c/a\u003e: Make \u003ccode\u003eLint/RedundantSafeNavigation\u003c/code\u003e aware of safe navigation in conditional true branch. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/15041\"\u003e#15041\u003c/a\u003e: Remove \u003ccode\u003emcp\u003c/code\u003e gem from runtime dependencies. ([\u003ca href=\"https://github.com/koic\"\u003e\u003ccode\u003e@​koic\u003c/code\u003e\u003c/a\u003e][])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/2c1b30a47d357599f36ae69c41a63966e68d7592\"\u003e\u003ccode\u003e2c1b30a\u003c/code\u003e\u003c/a\u003e Cut 1.86\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/d96701abc80717d473b1bafcb2e283f7462fe48e\"\u003e\u003ccode\u003ed96701a\u003c/code\u003e\u003c/a\u003e Update Changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/9b019c79a45a3699fff553ae7d6a702bda685130\"\u003e\u003ccode\u003e9b019c7\u003c/code\u003e\u003c/a\u003e [Fix rubocop#14916] Fix false positive for `Layout/MultilineMethodCallIndenta...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/a49271db803752640548783aaa8949fa84bfd924\"\u003e\u003ccode\u003ea49271d\u003c/code\u003e\u003c/a\u003e Fix incorrect autocorrection for \u003ccode\u003eStyle/IfUnlessModifier\u003c/code\u003e when multiple \u003ccode\u003eif\u003c/code\u003e/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/8d253110f0c9e93d05ac2fe2367815ea9fafcd56\"\u003e\u003ccode\u003e8d25311\u003c/code\u003e\u003c/a\u003e Document MaxFilesInCache: false option for disabling cache pruning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/12c7d39f2c9a0ed9906d7bfd08e0a2c25c4e369d\"\u003e\u003ccode\u003e12c7d39\u003c/code\u003e\u003c/a\u003e Detect constant reassignment after class/module definition in `Lint/ConstantR...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/fbf175c46cd6ea09bfa6631b7677861878041efe\"\u003e\u003ccode\u003efbf175c\u003c/code\u003e\u003c/a\u003e Allow disabling cache cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/3fcae5d22baa0f56df0c47ce7b672c2e2b6ada2c\"\u003e\u003ccode\u003e3fcae5d\u003c/code\u003e\u003c/a\u003e [Fix \u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/14961\"\u003e#14961\u003c/a\u003e] Add \u003ccode\u003eAllowedParentClasses\u003c/code\u003e option to \u003ccode\u003eStyle/EmptyClassDefinition\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/4eba3e65485b10df08ac571562499faef2282ce4\"\u003e\u003ccode\u003e4eba3e6\u003c/code\u003e\u003c/a\u003e Memoize forwarded arg lookups in ArgumentsForwarding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rubocop/rubocop/commit/fc300c77e61b982be0b42b0e370edcfff6eca963\"\u003e\u003ccode\u003efc300c7\u003c/code\u003e\u003c/a\u003e [Fix \u003ca href=\"https://redirect.github.com/rubocop/rubocop/issues/10822\"\u003e#10822\u003c/a\u003e] Don't cache if there are warnings\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rubocop/rubocop/compare/v1.85.1...v1.86.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/jesse-c/Brewfile/pull/239","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jesse-c%2FBrewfile/issues/239","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/239/packages"}},{"old_version":"1.4.1","new_version":"3.2.6","update_type":"major","path":null,"pr_created_at":"2026-04-03T18:15:27.000Z","version_change":"1.4.1 → 3.2.6","issue":{"uuid":"4201662609","node_id":"PR_kwDOOV0y7M7P2ROS","number":1,"state":"open","title":"Bump the bundler group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-03T18:15:27.000Z","updated_at":"2026-04-03T18:15:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":8,"packages":[{"name":"rake","old_version":"0.9.2.2","new_version":"12.3.3","repository_url":"https://github.com/ruby/rake"},{"name":"rack","old_version":"1.4.1","new_version":"3.2.6","repository_url":"https://github.com/rack/rack"},{"name":"sinatra","old_version":"1.3.3","new_version":"4.2.1","repository_url":"https://github.com/sinatra/sinatra"},{"name":"jekyll","old_version":"0.12.0","new_version":"0.12.1","repository_url":"https://github.com/jekyll/jekyll"},{"name":"RedCloth","old_version":"4.2.9","new_version":"4.3.3","repository_url":"https://github.com/jgarber/redcloth"},{"name":"haml","old_version":"3.1.7","new_version":"5.0.0","repository_url":"https://github.com/haml/haml"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rake](https://github.com/ruby/rake) | `0.9.2.2` | `12.3.3` |\n| [rack](https://github.com/rack/rack) | `1.4.1` | `3.2.6` |\n| [sinatra](https://github.com/sinatra/sinatra) | `1.3.3` | `4.2.1` |\n| [jekyll](https://github.com/jekyll/jekyll) | `0.12.0` | `0.12.1` |\n| [RedCloth](https://github.com/jgarber/redcloth) | `4.2.9` | `4.3.3` |\n| [haml](https://github.com/haml/haml) | `3.1.7` | `5.0.0` |\n\n\nUpdates `rake` from 0.9.2.2 to 12.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rake/releases\"\u003erake's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erake-10.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.1.0.beta.3...rake-10.1.1\"\u003ehttps://github.com/ruby/rake/compare/rake-10.1.0.beta.3...rake-10.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.1.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.4...rake-10.1.0\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.4...rake-10.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.1.0.beta.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.1.0.beta.2...rake-10.1.0.beta.3\"\u003ehttps://github.com/ruby/rake/compare/rake-10.1.0.beta.2...rake-10.1.0.beta.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.1.0.beta.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.1.0.beta.1...rake-10.1.0.beta.2\"\u003ehttps://github.com/ruby/rake/compare/rake-10.1.0.beta.1...rake-10.1.0.beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.1.0.beta.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.4...rake-10.1.0.beta.1\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.4...rake-10.1.0.beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.3...rake-10.0.4\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.3...rake-10.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.2...rake-10.0.3\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.2...rake-10.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.1...rake-10.0.2\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.1...rake-10.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-10.0.0.beta.2...rake-10.0.1\"\u003ehttps://github.com/ruby/rake/compare/rake-10.0.0.beta.2...rake-10.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-10.0.0\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-10.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-10.0.0.beta.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-10.0.0.beta.2\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-10.0.0.beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.5...rake-0.9.6\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.5...rake-0.9.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.4...rake-0.9.5\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.4...rake-0.9.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-0.9.4\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.3.beta.3...rake-0.9.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.2...rake-0.9.3\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.2...rake-0.9.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.3.beta.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.3.beta.2...rake-0.9.3.beta.3\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.3.beta.2...rake-0.9.3.beta.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003erake-0.9.3.beta.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/rake/compare/rake-0.9.3.beta.1...rake-0.9.3.beta.2\"\u003ehttps://github.com/ruby/rake/compare/rake-0.9.3.beta.1...rake-0.9.3.beta.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rake/blob/master/History.rdoc\"\u003erake's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e=== 12.3.3\u003c/p\u003e\n\u003cp\u003e==== Bug fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse the application's name in error message if a task is not found.\nPull Request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/303\"\u003e#303\u003c/a\u003e by tmatilai\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e==== Enhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse File.open explicitly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e=== 12.3.2\u003c/p\u003e\n\u003cp\u003e==== Bug fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed test fails caused by 2.6 warnings.\nPull Request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/297\"\u003e#297\u003c/a\u003e by hsbt\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e==== Enhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRdoc improvements.\nPull Request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/293\"\u003e#293\u003c/a\u003e by colby-swandale\u003c/li\u003e\n\u003cli\u003eImprove multitask performance.\nPull Request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/273\"\u003e#273\u003c/a\u003e by jsm\u003c/li\u003e\n\u003cli\u003eAdd alias \u003ccode\u003eprereqs\u003c/code\u003e.\nPull Request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/268\"\u003e#268\u003c/a\u003e by take-cheeze\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e=== 12.3.1\u003c/p\u003e\n\u003cp\u003e==== Bug fixes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport did_you_mean \u0026gt;= v1.2.0 which has a breaking change on formatters.\nPull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/262\"\u003e#262\u003c/a\u003e by FUJI Goro.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e==== Enhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDon't run task if it depends on already invoked but failed task.\nPull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/252\"\u003e#252\u003c/a\u003e by Gonzalo Rodriguez.\u003c/li\u003e\n\u003cli\u003eMake space trimming consistent for all task arguments.\nPull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/259\"\u003e#259\u003c/a\u003e by Gonzalo Rodriguez.\u003c/li\u003e\n\u003cli\u003eRemoves duplicated inclusion of Rake::DSL in tests.\nPull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/254\"\u003e#254\u003c/a\u003e by Gonzalo Rodriguez.\u003c/li\u003e\n\u003cli\u003eRe-raise a LoadError that didn't come from require in the test loader.\nPull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/250\"\u003e#250\u003c/a\u003e by Dylan Thacker-Smith.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e=== 12.3.0\u003c/p\u003e\n\u003cp\u003e==== Compatibility Changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003erequired_ruby_version\u003c/code\u003e to Ruby 2.0.0. Rake has already\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/5c87c462b64aad674ebb92b1f5b0ff2c911406cd\"\u003e\u003ccode\u003e5c87c46\u003c/code\u003e\u003c/a\u003e Bump version to 12.3.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee\"\u003e\u003ccode\u003e5b8f8fc\u003c/code\u003e\u003c/a\u003e Use File.open explicitly.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/6497ba4d94d12c123df48cc8ab40f0a4eb7fb337\"\u003e\u003ccode\u003e6497ba4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/317\"\u003e#317\u003c/a\u003e from ruby/ignore-gitignore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/be62efb6cdfc2cc00d660f8fc7d6c1c9de8014e2\"\u003e\u003ccode\u003ebe62efb\u003c/code\u003e\u003c/a\u003e Removed gitignore from gemspec files.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/1c22b490ee6cb8bd614fa8d0d6145f671466206b\"\u003e\u003ccode\u003e1c22b49\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/309\"\u003e#309\u003c/a\u003e from RDIL/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/496944a8febd51e20957e6833c7930286a0e9a25\"\u003e\u003ccode\u003e496944a\u003c/code\u003e\u003c/a\u003e Remove deprecated travis ci option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/489c7d863c666b6d287b760527acf3abe13aaf48\"\u003e\u003ccode\u003e489c7d8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/rake/issues/307\"\u003e#307\u003c/a\u003e from ruby/azure-pipelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/77eb6d87cb69c2cc531f72d4aa1948054e9d077f\"\u003e\u003ccode\u003e77eb6d8\u003c/code\u003e\u003c/a\u003e Only enabled macOS environment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/72ffa2ea89f96df2307158fa151825dbb2c28ddf\"\u003e\u003ccode\u003e72ffa2e\u003c/code\u003e\u003c/a\u003e use realpath\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rake/commit/77448726bb057c8ba90a8d12ab6e20ad60dac976\"\u003e\u003ccode\u003e7744872\u003c/code\u003e\u003c/a\u003e Do not specify ruby version of macOS\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rake/compare/v0.9.2.2...v12.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 1.4.1 to 3.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/releases\"\u003erack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.2.5...v3.2.6\"\u003ehttps://github.com/rack/rack/compare/v3.2.5...v3.2.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed ReDoS in Accept header parsing [CVE-2024-26146]\u003c/li\u003e\n\u003cli\u003eFixed ReDoS in Content Type header parsing [CVE-2024-25126]\u003c/li\u003e\n\u003cli\u003eReject Range headers which are too large [CVE-2024-26141]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1\"\u003ehttps://github.com/rack/rack/compare/v3.0.9...v3.0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix content-length calcuation in Rack:Response#write \u003ca href=\"https://redirect.github.com/rack/rack/issues/2150\"\u003e#2150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.8...v3.0.9\"\u003ehttps://github.com/rack/rack/compare/v3.0.8...v3.0.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u0026quot;Fix some unused variable verbose warnings\u0026quot; by \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2084\"\u003erack/rack#2084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2084\"\u003erack/rack#2084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.7...v3.0.8\"\u003ehttps://github.com/rack/rack/compare/v3.0.7...v3.0.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u0026quot;Make query parameters without = have nil values\u0026quot;. by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2060\"\u003erack/rack#2060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7\"\u003ehttps://github.com/rack/rack/compare/v3.0.6.1...v3.0.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.6.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.0.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1\"\u003ehttps://github.com/rack/rack/compare/v3.0.4...v3.0.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/rack/rack/compare/v3.0.3...v3.0.4\"\u003ehttps://github.com/rack/rack/compare/v3.0.3...v3.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRelease v3.0.3 by \u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/rack/rack/pull/2000\"\u003erack/rack#2000\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.6] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-rx22-g9mx-qrhv\"\u003eCVE-2026-26962\u003c/a\u003e Improper unfolding of folded multipart headers preserves CRLF in parsed parameter values.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.5] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.2] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/e1f22fdbe99afd2126b6fbf05bb12399359574b7\"\u003e\u003ccode\u003ee1f22fd\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/31989fd7bb6f806fdb3cfa4e9aec1fe8434f47d1\"\u003e\u003ccode\u003e31989fd\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d268165e390e17b83573fec916dcdef6304a8b4b\"\u003e\u003ccode\u003ed268165\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/8f425de0ee75a2f3cdfbfdd57858c1910b7645ff\"\u003e\u003ccode\u003e8f425de\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bf830426ce5b3daccb5a226b733703c86504ceba\"\u003e\u003ccode\u003ebf83042\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/d50c4d3dab62fa80b2a276271d0d4fb338cfa7df\"\u003e\u003ccode\u003ed50c4d3\u003c/code\u003e\u003c/a\u003e Implement OBS unfolding for multipart requests per RFC 5322 2.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/bfb69142dbe2a1e3298ad52d12935938d1b58205\"\u003e\u003ccode\u003ebfb6914\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b3e5945c648c5a5b6982e5072b26e51990991229\"\u003e\u003ccode\u003eb3e5945\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7a8f32696609b88e2c4c1f09d473a1d2d837ed4b\"\u003e\u003ccode\u003e7a8f326\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a57bc140247f904dc1e3302badedcb73645072c7\"\u003e\u003ccode\u003ea57bc14\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/1.4.1...v3.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sinatra` from 1.3.3 to 4.2.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md\"\u003esinatra's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.2.1 / 2025-10-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Revert \u0026quot;\u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty\u0026quot; (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2124\"\u003e#2124\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eaddresses issues with routing and 404, \u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2113#issuecomment-3388476329\"\u003emore in the original pull request\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 / 2025-10-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003e:static_headers\u003c/code\u003e setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Avoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.1 / 2024-11-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Restore WEBrick support (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 / 2024-11-18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003ehost_authorization\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2053\"\u003e#2053\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDefaults to \u003ccode\u003e.localhost\u003c/code\u003e, \u003ccode\u003e.test\u003c/code\u003e and any IP address in development mode.\u003c/li\u003e\n\u003cli\u003eSecurity: addresses \u003ca href=\"https://github.com/advisories/GHSA-hxx2-7vcw-mqr3\"\u003eCVE-2024-21510\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix: Return an instance of \u003ccode\u003eSinatra::IndifferentHash\u003c/code\u003e when calling \u003ccode\u003e#except\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning from \u003ccode\u003eURI\u003c/code\u003e for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003erackup\u003c/code\u003e no longer depends on WEBrick, recommend Puma instead (\u003ca href=\"https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6\"\u003e\u003ccode\u003e4a558503\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Zeitwerk 2.7.0+ compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning about Hash construction for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Declare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2032\"\u003e#2032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Compatibility with \u003ccode\u003e--enable-frozen-string-literal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2033\"\u003e#2033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Rack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2035\"\u003e#2035\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDon't depend on \u003ccode\u003eRack::Logger\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't delete \u003ccode\u003econtent-length\u003c/code\u003e header when \u003ccode\u003eRack::Files\u003c/code\u003e is used\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.1 / 2025-05-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2035\"\u003e#2035\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix compatibility with --enable-frozen-string-literal (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2033\"\u003e#2033\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeclare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2032\"\u003e#2032\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix warning about Hash construction. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport Zeitwerk 2.7.0+ (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress URI depreciation (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/599a007a779dc9940e49f34e9077220f4c209f4b\"\u003e\u003ccode\u003e599a007\u003c/code\u003e\u003c/a\u003e 4.2.1 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/2c7f8db854a5b75fe08102983788548f8eb806b0\"\u003e\u003ccode\u003e2c7f8db\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;\u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty.\u0026quot; (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2124\"\u003e#2124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/f2ad45f7d2456172974a30d300e9f82424336e09\"\u003e\u003ccode\u003ef2ad45f\u003c/code\u003e\u003c/a\u003e 4.2.0 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2122\"\u003e#2122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd\"\u003e\u003ccode\u003e3fe8c38\u003c/code\u003e\u003c/a\u003e Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/fa99a21461d4f1f5337b9b9d7a38a1b51c8f4e55\"\u003e\u003ccode\u003efa99a21\u003c/code\u003e\u003c/a\u003e \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ea0d3fae36d8bba330c1d1f88ef1be2e9e54516a\"\u003e\u003ccode\u003eea0d3fa\u003c/code\u003e\u003c/a\u003e Skip broken tests. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2115\"\u003e#2115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/5e1598501eb23a8673d61034df7be7d50c228400\"\u003e\u003ccode\u003e5e15985\u003c/code\u003e\u003c/a\u003e Sync changelog for v4.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/91cfb548c9e50a65324a9ce9e4ea5f10cd897027\"\u003e\u003ccode\u003e91cfb54\u003c/code\u003e\u003c/a\u003e Add :static_headers setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/c918134b0a520cb80b8b4cc3ab222cb6bbd9c827\"\u003e\u003ccode\u003ec918134\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003erubygems_mfa_required\u003c/code\u003e for the \u003ccode\u003esinatra\u003c/code\u003e gem (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2087\"\u003e#2087\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ac3ff2363b6dfc61d2b438c4dfccc515bc6bf48c\"\u003e\u003ccode\u003eac3ff23\u003c/code\u003e\u003c/a\u003e README: Remove duplicate mention of installing puma (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2091\"\u003e#2091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sinatra/sinatra/compare/1.3.3...v4.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jekyll` from 0.12.0 to 0.12.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jekyll/jekyll/blob/master/History.markdown\"\u003ejekyll's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.12.1 / 2013-02-19\u003c/h2\u003e\n\u003ch3\u003eMinor Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Kramdown version to 0.14.1 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTest Enhancements\u003c/li\u003e\n\u003cli\u003eUpdate Rake version to 10.0.3 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Shoulda version to 3.3.2 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Redcarpet version to 2.2.2 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/95f7baf83741e9fd693f1150627c84201f0906f7\"\u003e\u003ccode\u003e95f7baf\u003c/code\u003e\u003c/a\u003e Release 0.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/399ef34c7940ed38478b405aba00463ba9bdc8bf\"\u003e\u003ccode\u003e399ef34\u003c/code\u003e\u003c/a\u003e Update date in gemspec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/b90ff969448efb1c27de6e2f134f46d334766c31\"\u003e\u003ccode\u003eb90ff96\u003c/code\u003e\u003c/a\u003e Relax Kramdown requirement to 0.14 instead of 0.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/0dc85258b6ed988357057ce7d7700aad3095614d\"\u003e\u003ccode\u003e0dc8525\u003c/code\u003e\u003c/a\u003e Bump version in gemspec and in jekyll.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/b65b29b4297a4f94409fc9bbaa14a73e56ad1fc9\"\u003e\u003ccode\u003eb65b29b\u003c/code\u003e\u003c/a\u003e Update History.txt for 0.12.1 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/e8044772783a435140df3e7d075e6483fd5d7742\"\u003e\u003ccode\u003ee804477\u003c/code\u003e\u003c/a\u003e Fix Kramdown tests: they now use numerical HTML entities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/f9cca40917858804afd8da3f52f9a48b0ba176bd\"\u003e\u003ccode\u003ef9cca40\u003c/code\u003e\u003c/a\u003e Require test/unit in test helper.rb for execution of unit tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/bc8894461c5ef4ea47cbaea53f91a84dd8b5a2bf\"\u003e\u003ccode\u003ebc88944\u003c/code\u003e\u003c/a\u003e Update dependencies: kramdown, rake, shoulda, cucumber, redcarpet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/53b894522622f9e2aec7232ba996db567c636b89\"\u003e\u003ccode\u003e53b8945\u003c/code\u003e\u003c/a\u003e Retrieving gems from rubygems via HTTPS\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jekyll/jekyll/compare/v0.12.0...v0.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jekyll` from 0.12.0 to 0.12.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jekyll/jekyll/blob/master/History.markdown\"\u003ejekyll's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.12.1 / 2013-02-19\u003c/h2\u003e\n\u003ch3\u003eMinor Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Kramdown version to 0.14.1 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTest Enhancements\u003c/li\u003e\n\u003cli\u003eUpdate Rake version to 10.0.3 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Shoulda version to 3.3.2 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Redcarpet version to 2.2.2 (\u003ca href=\"https://redirect.github.com/jekyll/jekyll/issues/744\"\u003e#744\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/95f7baf83741e9fd693f1150627c84201f0906f7\"\u003e\u003ccode\u003e95f7baf\u003c/code\u003e\u003c/a\u003e Release 0.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/399ef34c7940ed38478b405aba00463ba9bdc8bf\"\u003e\u003ccode\u003e399ef34\u003c/code\u003e\u003c/a\u003e Update date in gemspec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/b90ff969448efb1c27de6e2f134f46d334766c31\"\u003e\u003ccode\u003eb90ff96\u003c/code\u003e\u003c/a\u003e Relax Kramdown requirement to 0.14 instead of 0.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/0dc85258b6ed988357057ce7d7700aad3095614d\"\u003e\u003ccode\u003e0dc8525\u003c/code\u003e\u003c/a\u003e Bump version in gemspec and in jekyll.rb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/b65b29b4297a4f94409fc9bbaa14a73e56ad1fc9\"\u003e\u003ccode\u003eb65b29b\u003c/code\u003e\u003c/a\u003e Update History.txt for 0.12.1 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/e8044772783a435140df3e7d075e6483fd5d7742\"\u003e\u003ccode\u003ee804477\u003c/code\u003e\u003c/a\u003e Fix Kramdown tests: they now use numerical HTML entities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/f9cca40917858804afd8da3f52f9a48b0ba176bd\"\u003e\u003ccode\u003ef9cca40\u003c/code\u003e\u003c/a\u003e Require test/unit in test helper.rb for execution of unit tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/bc8894461c5ef4ea47cbaea53f91a84dd8b5a2bf\"\u003e\u003ccode\u003ebc88944\u003c/code\u003e\u003c/a\u003e Update dependencies: kramdown, rake, shoulda, cucumber, redcarpet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jekyll/jekyll/commit/53b894522622f9e2aec7232ba996db567c636b89\"\u003e\u003ccode\u003e53b8945\u003c/code\u003e\u003c/a\u003e Retrieving gems from rubygems via HTTPS\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jekyll/jekyll/compare/v0.12.0...v0.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `RedCloth` from 4.2.9 to 4.3.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jgarber/redcloth/blob/master/CHANGELOG\"\u003eRedCloth's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e== 4.3.3 / Nov 2nd, 2023\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tests for CVE-2023-31606 [Helio Cola]\u003c/li\u003e\n\u003cli\u003eFix rake compile [Helio Cola and Faria Education Group]\u003c/li\u003e\n\u003cli\u003eFix CVE-2023-31606 (ReDOS possible in the sanitize_html function) [Kornelius Kalnbach and Merbin Russel]\u003c/li\u003e\n\u003cli\u003eImmutable strings [Matijs van Zuijlen]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e== 4.3.2 / May 23rd, 2016\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix additional case for CVE-2012-6684 [Joshua Siler]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e== 4.3.1 / May 17th, 2016\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix additional case for CVE-2012-6684 [Joshua Siler]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e== 4.3.0 / April 29th, 2016\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRemove JRuby and Windows cross compilation and support\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd Ruby 2.2.3 testing and support\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003einclude CVE-2012-6684 fix [Tomas Pospisek]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix by [Antonio Terceiro]\n\u003cul\u003e\n\u003cli\u003esee \u003ca href=\"http://sources.debian.net/src/ruby-redcloth/4.2.9-4/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch/\"\u003ehttp://sources.debian.net/src/ruby-redcloth/4.2.9-4/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003evulnerability reported by [Kousuke Ebihara]\n\u003cul\u003e\n\u003cli\u003esee \u003ca href=\"http://co3k.org/blog/redcloth-unfixed-xss-en\"\u003ehttp://co3k.org/blog/redcloth-unfixed-xss-en\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e== 4.2.9.1 / February 24, 2015\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eLazy-load latex_entities.yml [Charlie Somerville]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/8297da8aa071b3bf1584738229f277833bd20c49\"\u003e\u003ccode\u003e8297da8\u003c/code\u003e\u003c/a\u003e 4.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/2600d93ff164a5244cec86a3047619ae8b4e4b04\"\u003e\u003ccode\u003e2600d93\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jgarber/redcloth/issues/80\"\u003e#80\u003c/a\u003e from jgarber/tests/CVE-2023-31606\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/ac10b687041e12cb49a196acf79687d6f596114e\"\u003e\u003ccode\u003eac10b68\u003c/code\u003e\u003c/a\u003e Add tests for CVE-2023-31606\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/4e85481aca18e50fcd17ad432234e0af8245b080\"\u003e\u003ccode\u003e4e85481\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jgarber/redcloth/issues/78\"\u003e#78\u003c/a\u003e from jgarber/fix/build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/ccdd54dd68810f8ccd0c9b11c301d883240fcd22\"\u003e\u003ccode\u003eccdd54d\u003c/code\u003e\u003c/a\u003e Fix rake compile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/8b1327688fef8e6617792054ef299d7bc74c0a1e\"\u003e\u003ccode\u003e8b13276\u003c/code\u003e\u003c/a\u003e Fix CVE-2023-31606 (ReDOS possible in the sanitize_html function) (\u003ca href=\"https://redirect.github.com/jgarber/redcloth/issues/75\"\u003e#75\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/dd7ee6caaa6c899f4d5389c1b2fe4a17f1e5f326\"\u003e\u003ccode\u003edd7ee6c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jgarber/redcloth/issues/47\"\u003e#47\u003c/a\u003e from greggawatt/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/5c9b35c3f8af989cf2a8d22f1bb9d8140641cd5b\"\u003e\u003ccode\u003e5c9b35c\u003c/code\u003e\u003c/a\u003e Update README.rdoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/c34fa195ca540b2bea84d9cfe1813e070e4ed154\"\u003e\u003ccode\u003ec34fa19\u003c/code\u003e\u003c/a\u003e Update README.rdoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jgarber/redcloth/commit/4808b36d7063a7cfade89378d879a9134cd30a3e\"\u003e\u003ccode\u003e4808b36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jgarber/redcloth/issues/38\"\u003e#38\u003c/a\u003e from mvz/immutable-strings\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jgarber/redcloth/compare/v4.2.9...v4.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haml` from 3.1.7 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haml/haml/blob/main/CHANGELOG.md\"\u003ehaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eReleased on April 26, 2017\n(\u003ca href=\"https://github.com/haml/haml/compare/4.0.7...v5.0.0\"\u003ediff\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eBreaking Changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHaml now requires Ruby 2.0.0 or above.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRails 3 is no longer supported, matching the official\n\u003ca href=\"http://weblog.rubyonrails.org/2013/2/24/maintenance-policy-for-ruby-on-rails/\"\u003eMaintenance Policy for Ruby on Rails\u003c/a\u003e.\nUse Haml 4 if you want to use Rails 3.\n(Tee Parham)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove \u003ccode\u003e:ugly\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/haml/haml/pull/894\"\u003e#894\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003ehaml\u003c/code\u003e command's debug option (\u003ccode\u003e-d\u003c/code\u003e) no longer executes the Haml code, but\nrather checks the generated Ruby syntax for errors.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop parser/compiler accessor from \u003ccode\u003eHaml::Engine\u003c/code\u003e. Modify \u003ccode\u003eHaml::Engine#initialize\u003c/code\u003e options\nor \u003ccode\u003eHaml::Template.options\u003c/code\u003e instead. (Takashi Kokubun)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop dynamic quotes support and always escape \u003ccode\u003e'\u003c/code\u003e for \u003ccode\u003eescape_html\u003c/code\u003e/\u003ccode\u003eescape_attrs\u003c/code\u003e instead.\nAlso, escaped results are slightly changed and always unified to the same characters. (Takashi Kokubun)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't preserve newlines in attributes. (Takashi Kokubun)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTML escape interpolated code in filters.\n\u003ca href=\"https://redirect.github.com/haml/haml/pull/770\"\u003e#770\u003c/a\u003e\n(Matt Wildig)\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e  :javascript\n    #{JSON.generate(foo: \u0026quot;bar\u0026quot;)}\n  Haml 4 output: {\u0026quot;foo\u0026quot;:\u0026quot;bar\u0026quot;}\n  Haml 5 output: {\u0026amp;quot;foo\u0026amp;quot;:\u0026amp;quot;bar\u0026amp;quot;}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAdded\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a tracing option. When enabled, Haml will output a data-trace attribute on each tag showing the path\nto the source Haml file from which it was generated. Thanks \u003ca href=\"https://github.com/ababkin\"\u003eAlex Babkin\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ehaml_tag_if\u003c/code\u003e to render a block, conditionally wrapped in another element (Matt Wildig)\u003c/li\u003e\n\u003cli\u003eSupport Rails 5.1 Erubi template handler.\u003c/li\u003e\n\u003cli\u003eSupport Sprockets 3. Thanks \u003ca href=\"https://github.com/samphilipd\"\u003eSam Davies\u003c/a\u003e and \u003ca href=\"https://github.com/jvenezia\"\u003eJeremy Venezia\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eGeneral performance and memory usage improvements. (Akira Matsuda)\u003c/li\u003e\n\u003cli\u003eAnalyze attribute values by Ripper and render static attributes beforehand. (Takashi Kokubun)\u003c/li\u003e\n\u003cli\u003eOptimize attribute rendering about 3x faster. (Takashi Kokubun)\u003c/li\u003e\n\u003cli\u003eAdd temple gem as dependency and create \u003ccode\u003eHaml::TempleEngine\u003c/code\u003e class.\nSome methods in \u003ccode\u003eHaml::Compiler\u003c/code\u003e are migrated to \u003ccode\u003eHaml::TempleEngine\u003c/code\u003e. (Takashi Kokubun)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for attribute merging. When an attribute method (or literal nested hash)\nwas used in an old style attribute hash and there is also a (non-static) new\nstyle hash there is an error. The fix can result in different behavior in\nsome circumstances. See the \u003ca href=\"https://github.com/haml/haml/tree/e475b015d3171fb4c4f140db304f7970c787d6e3\"\u003ecommit message\u003c/a\u003e\nfor detailed info. (Matt Wildig)\u003c/li\u003e\n\u003cli\u003eMake escape_once respect hexadecimal references. (Matt Wildig)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/78e2a09d3b8c6f7cdb3bb87ff84dce8fad5598ac\"\u003e\u003ccode\u003e78e2a09\u003c/code\u003e\u003c/a\u003e Version 5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/e5d6409bad6da77c697efc924c36ad2c5405b680\"\u003e\u003ccode\u003ee5d6409\u003c/code\u003e\u003c/a\u003e Note about \u003ca href=\"https://redirect.github.com/haml/haml/issues/770\"\u003e#770\u003c/a\u003e in Haml 5 changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/1bac6f902fe7683317b46ddcf0fdbbab6ffcd0da\"\u003e\u003ccode\u003e1bac6f9\u003c/code\u003e\u003c/a\u003e Remove JRuby from allow_failures\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/d45c2d44b6b993ae7d54634948d69c2951d6dda3\"\u003e\u003ccode\u003ed45c2d4\u003c/code\u003e\u003c/a\u003e Add backslash for @ to support JRuby\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/8f207073c2e0e2bc296f18424b3fec3dfe659674\"\u003e\u003ccode\u003e8f20707\u003c/code\u003e\u003c/a\u003e Enable frozen_string_literal pragma if possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/a6bb25529a5df92b355f8e4b2a712c2aa3ff1b26\"\u003e\u003ccode\u003ea6bb255\u003c/code\u003e\u003c/a\u003e Oops, this was not intentional...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/aa4c397410312ab3c3ee6191110f5e595e5eea00\"\u003e\u003ccode\u003eaa4c397\u003c/code\u003e\u003c/a\u003e Fix spec in \u003ca href=\"https://redirect.github.com/haml/haml/issues/867\"\u003e#867\u003c/a\u003e for pretty mode removal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/11af7954f3e9ba5e21924c11c49773cacc18eeb2\"\u003e\u003ccode\u003e11af795\u003c/code\u003e\u003c/a\u003e Fallback to default value of preserve option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/bbbeb7ea8ade64fec20de4e0254040a229bdda0e\"\u003e\u003ccode\u003ebbbeb7e\u003c/code\u003e\u003c/a\u003e Update CHANGELOG to include \u003ca href=\"https://redirect.github.com/haml/haml/issues/867\"\u003e#867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haml/haml/commit/ed7f24f1dc63c38f3d143289262266cbf59a9f1f\"\u003e\u003ccode\u003eed7f24f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/haml/haml/issues/867\"\u003e#867\u003c/a\u003e from redoPop/atful-css\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haml/haml/compare/3.1.7...v5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sinatra` from 1.3.3 to 4.2.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md\"\u003esinatra's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.2.1 / 2025-10-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Revert \u0026quot;\u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty\u0026quot; (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2124\"\u003e#2124\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eaddresses issues with routing and 404, \u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2113#issuecomment-3388476329\"\u003emore in the original pull request\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 / 2025-10-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003e:static_headers\u003c/code\u003e setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Avoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.1 / 2024-11-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Restore WEBrick support (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 / 2024-11-18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003ehost_authorization\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2053\"\u003e#2053\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDefaults to \u003ccode\u003e.localhost\u003c/code\u003e, \u003ccode\u003e.test\u003c/code\u003e and any IP address in development mode.\u003c/li\u003e\n\u003cli\u003eSecurity: addresses \u003ca href=\"https://github.com/advisories/GHSA-hxx2-7vcw-mqr3\"\u003eCVE-2024-21510\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix: Return an instance of \u003ccode\u003eSinatra::IndifferentHash\u003c/code\u003e when calling \u003ccode\u003e#except\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning from \u003ccode\u003eURI\u003c/code\u003e for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003erackup\u003c/code\u003e no longer depends on WEBrick, recommend Puma instead (\u003ca href=\"https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6\"\u003e\u003ccode\u003e4a558503\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Zeitwerk 2.7.0+ compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning about Hash construction for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Declare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2032\"\u003e#2032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Compatibility with \u003ccode\u003e--enable-frozen-string-literal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2033\"\u003e#2033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Rack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2035\"\u003e#2035\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDon't depend on \u003ccode\u003eRack::Logger\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't delete \u003ccode\u003econtent-length\u003c/code\u003e header when \u003ccode\u003eRack::Files\u003c/code\u003e is used\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.1 / 2025-05-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2035\"\u003e#2035\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix compatibility with --enable-frozen-string-literal (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2033\"\u003e#2033\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeclare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2032\"\u003e#2032\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix warning about Hash construction. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport Zeitwerk 2.7.0+ (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress URI depreciation (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/599a007a779dc9940e49f34e9077220f4c209f4b\"\u003e\u003ccode\u003e599a007\u003c/code\u003e\u003c/a\u003e 4.2.1 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/2c7f8db854a5b75fe08102983788548f8eb806b0\"\u003e\u003ccode\u003e2c7f8db\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;\u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty.\u0026quot; (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2124\"\u003e#2124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/f2ad45f7d2456172974a30d300e9f82424336e09\"\u003e\u003ccode\u003ef2ad45f\u003c/code\u003e\u003c/a\u003e 4.2.0 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2122\"\u003e#2122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd\"\u003e\u003ccode\u003e3fe8c38\u003c/code\u003e\u003c/a\u003e Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/fa99a21461d4f1f5337b9b9d7a38a1b51c8f4e55\"\u003e\u003ccode\u003efa99a21\u003c/code\u003e\u003c/a\u003e \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ea0d3fae36d8bba330c1d1f88ef1be2e9e54516a\"\u003e\u003ccode\u003eea0d3fa\u003c/code\u003e\u003c/a\u003e Skip broken tests. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2115\"\u003e#2115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/5e1598501eb23a8673d61034df7be7d50c228400\"\u003e\u003ccode\u003e5e15985\u003c/code\u003e\u003c/a\u003e Sync changelog for v4.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/91cfb548c9e50a65324a9ce9e4ea5f10cd897027\"\u003e\u003ccode\u003e91cfb54\u003c/code\u003e\u003c/a\u003e Add :static_headers setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/c918134b0a520cb80b8b4cc3ab222cb6bbd9c827\"\u003e\u003ccode\u003ec918134\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003erubygems_mfa_required\u003c/code\u003e for the \u003ccode\u003esinatra\u003c/code\u003e gem (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2087\"\u003e#2087\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/ac3ff2363b6dfc61d2b438c4dfccc515bc6bf48c\"\u003e\u003ccode\u003eac3ff23\u003c/code\u003e\u003c/a\u003e README: Remove duplicate mention of installing puma (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2091\"\u003e#2091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sinatra/sinatra/compare/1.3.3...v4.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `kramdown` from 0.13.8 to 0.14.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/gettalong/kramdown/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack-protection` from 1.3.2 to 4.2.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md\"\u003erack-protection's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.2.1 / 2025-10-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Revert \u0026quot;\u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty\u0026quot; (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2124\"\u003e#2124\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eaddresses issues with routing and 404, \u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2113#issuecomment-3388476329\"\u003emore in the original pull request\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.2.0 / 2025-10-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003e:static_headers\u003c/code\u003e setting for custom headers in static file responses (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix regex in \u003ccode\u003eetag_matches?\u003c/code\u003e to prevent ReDoS (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003ePATH_INFO\u003c/code\u003e can never be empty (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Fix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Avoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.1 / 2024-11-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Restore WEBrick support (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 / 2024-11-18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew: Add \u003ccode\u003ehost_authorization\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2053\"\u003e#2053\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDefaults to \u003ccode\u003e.localhost\u003c/code\u003e, \u003ccode\u003e.test\u003c/code\u003e and any IP address in development mode.\u003c/li\u003e\n\u003cli\u003eSecurity: addresses \u003ca href=\"https://github.com/advisories/GHSA-hxx2-7vcw-mqr3\"\u003eCVE-2024-21510\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix: Return an instance of \u003ccode\u003eSinatra::IndifferentHash\u003c/code\u003e when calling \u003ccode\u003e#except\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning from \u003ccode\u003eURI\u003c/code\u003e for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003erackup\u003c/code\u003e no longer depends on WEBrick, recommend Puma instead (\u003ca href=\"https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6\"\u003e\u003ccode\u003e4a558503\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Zeitwerk 2.7.0+ compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Address warning about Hash construction for Ruby 3.4 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2028\"\u003e#2028\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Declare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2032\"\u003e#2032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Compatibility with \u003ccode\u003e--enable-frozen-string-literal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2033\"\u003e#2033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix: Rack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/pull/2035\"\u003e#2035\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eDon't depend on \u003ccode\u003eRack::Logger\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't delete \u003ccode\u003econtent-length\u003c/code\u003e header when \u003ccode\u003eRack::Files\u003c/code\u003e is used\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.1 / 2025-05-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRack 3.1 compatibility (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2035\"\u003e#2035\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix malformed Content-Type headers (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid crash for integer values in \u003ccode\u003econtent_type\u003c/code\u003e parameters (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix compatibility with --enable-frozen-string-literal (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2033\"\u003e#2033\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeclare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2032\"\u003e#2032\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix warning about Hash construction. (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2028\"\u003e#2028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport Zeitwerk 2.7.0+ (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress URI depreciation (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/599a007a779dc9940e49f34e9077220f4c209f4b\"\u003e\u003ccode\u003e599a007\u003c/code\u003e\u003c/a\u003e 4.2.1 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2125\"\u003e#2125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/f2ad45f7d2456172974a30d300e9f82424336e09\"\u003e\u003ccode\u003ef2ad45f\u003c/code\u003e\u003c/a\u003e 4.2.0 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2122\"\u003e#2122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/cfcc70dee1133690207b5a3dc6000426ec04e250\"\u003e\u003ccode\u003ecfcc70d\u003c/code\u003e\u003c/a\u003e CI: don't use \u003ccode\u003eRack::Lint\u003c/code\u003e on invalid hostname (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2086\"\u003e#2086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/7b50a1bbb5324838908dfaa00ec53ad322673a29\"\u003e\u003ccode\u003e7b50a1b\u003c/code\u003e\u003c/a\u003e 4.1.1 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/73f3291d114b5b211e067263eeb9c0e197fe8500\"\u003e\u003ccode\u003e73f3291\u003c/code\u003e\u003c/a\u003e 4.1.0 release (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2063\"\u003e#2063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/cd3e00de20ddaff34ea30f7a74a7b9dad189d1d8\"\u003e\u003ccode\u003ecd3e00d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eHostAuthorization\u003c/code\u003e rack-protection middleware (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2053\"\u003e#2053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6\"\u003e\u003ccode\u003e4a55850\u003c/code\u003e\u003c/a\u003e Remove WEBrick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/319af3a298cb8278670f285b6c02df0fd084615d\"\u003e\u003ccode\u003e319af3a\u003c/code\u003e\u003c/a\u003e Declare missing dependencies for Ruby 3.5 (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2032\"\u003e#2032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/8d0095fc8c37f39d41caf74637da72c1ac952299\"\u003e\u003ccode\u003e8d0095f\u003c/code\u003e\u003c/a\u003e Adjust \u003ccode\u003eCookieTossing\u003c/code\u003e spec for Rack 3.1+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sinatra/sinatra/commit/5640495babcb4cfd69ba650b293660b7446402da\"\u003e\u003ccode\u003e5640495\u003c/code\u003e\u003c/a\u003e Fix typos in changelog, readme and code comments (\u003ca href=\"https://redirect.github.com/sinatra/sinatra/issues/2006\"\u003e#2006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sinatra/sinatra/compare/1.3.2...v4.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/octopress/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/octopress/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Foctopress/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}}]}