{"id":4839,"name":"uri","ecosystem":"rubygems","repository_url":"https://github.com/ruby/uri","issues_count":587,"created_at":"2025-06-06T16:38:36.179Z","updated_at":"2025-06-06T16:38:36.179Z","purl":"pkg:gem/uri","metadata":{"id":322911,"name":"uri","ecosystem":"rubygems","description":"URI is a module providing classes to handle Uniform Resource Identifiers","homepage":"https://github.com/ruby/uri","licenses":"Ruby,BSD-2-Clause","normalized_licenses":["Ruby","BSD-2-Clause"],"repository_url":"https://github.com/ruby/uri","keywords_array":[],"namespace":null,"versions_count":23,"first_release_published_at":"2020-04-07T01:02:27.751Z","latest_release_published_at":"2025-02-26T07:13:32.007Z","latest_release_number":"1.0.3","last_synced_at":"2025-06-04T03:44:11.664Z","created_at":"2022-04-06T12:05:59.868Z","updated_at":"2025-06-05T02:02:54.110Z","registry_url":"https://rubygems.org/gems/uri","install_command":"gem install uri -s https://rubygems.org","documentation_url":"http://www.rubydoc.info/gems/uri/","metadata":{"funding":null},"repo_metadata":{"id":40370632,"uuid":"200769931","full_name":"ruby/uri","owner":"ruby","description":"URI is a module providing classes to handle Uniform Resource Identifiers","archived":false,"fork":false,"pushed_at":"2025-06-03T08:40:39.000Z","size":737,"stargazers_count":97,"open_issues_count":22,"forks_count":51,"subscribers_count":34,"default_branch":"master","last_synced_at":"2025-06-03T19:48:17.038Z","etag":null,"topics":["ruby"],"latest_commit_sha":null,"homepage":"https://ruby.github.io/uri/","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ruby.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-08-06T03:31:32.000Z","updated_at":"2025-06-03T08:40:40.000Z","dependencies_parsed_at":"2023-02-08T08:00:41.040Z","dependency_job_id":"22c3aa90-5b32-4839-9e8b-4acffa26573b","html_url":"https://github.com/ruby/uri","commit_stats":{"total_commits":406,"total_committers":58,"mean_commits":7.0,"dds":0.7906403940886699,"last_synced_commit":"1ca66879fe6ff3bae4fb98074ac5aaeffd4ad436"},"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ruby","download_url":"https://codeload.github.com/ruby/uri/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":257879725,"owners_count":22616799,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"ruby","name":"The Ruby Programming Language","uuid":"210414","kind":"organization","description":"Repositories related to the Ruby Programming language","email":"info@ruby-lang.org","website":"https://www.ruby-lang.org/","location":"Matsue, Japan","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/210414?v=4","repositories_count":171,"last_synced_at":"2023-04-09T03:40:20.875Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/ruby","funding_links":[],"total_stars":41804,"followers":null,"following":null,"created_at":"2022-11-02T16:17:15.462Z","updated_at":"2023-04-09T03:40:20.938Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ruby","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ruby/repositories"},"tags":[{"name":"v1.0.3","sha":"3213f4a0f80f10c8f36993dbb9eabe7f2c1b50fd","kind":"commit","published_at":"2025-02-26T07:12:46.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v1.0.3","html_url":"https://github.com/ruby/uri/releases/tag/v1.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v1.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v1.0.3/manifests"},{"name":"v0.13.2","sha":"cef02d63f5e0d7685631e0ed9324b2801784c871","kind":"commit","published_at":"2025-02-26T07:12:07.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.13.2","html_url":"https://github.com/ruby/uri/releases/tag/v0.13.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.13.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.13.2/manifests"},{"name":"v0.12.4","sha":"b079fb331eba7254d13e5e3c7e1853f9b28fc63a","kind":"commit","published_at":"2025-02-26T07:11:31.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.12.4","html_url":"https://github.com/ruby/uri/releases/tag/v0.12.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.12.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.12.4/manifests"},{"name":"v0.11.3","sha":"c13dfc2164bc4af31085e709ab348fdbd527013f","kind":"commit","published_at":"2025-02-26T07:10:38.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.11.3","html_url":"https://github.com/ruby/uri/releases/tag/v0.11.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.11.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.11.3/manifests"},{"name":"v1.0.2","sha":"e46960a467f2ed398731286ec78b899e1a01655f","kind":"commit","published_at":"2024-11-14T03:48:33.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v1.0.2","html_url":"https://github.com/ruby/uri/releases/tag/v1.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v1.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v1.0.2/manifests"},{"name":"v1.0.1","sha":"3011eb6f6e53c7870f91404d4a789cb854c893ad","kind":"commit","published_at":"2024-11-08T06:07:36.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v1.0.1","html_url":"https://github.com/ruby/uri/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"af8d9d6bb1a90da71f64a9c3f8eddd3626d44efb","kind":"commit","published_at":"2024-11-07T06:52:18.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v1.0.0","html_url":"https://github.com/ruby/uri/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v1.0.0/manifests"},{"name":"v0.12.3","sha":"b67004ce855020206411f805453732d8058d6ed5","kind":"tag","published_at":"2024-08-27T05:24:21.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.12.3","html_url":"https://github.com/ruby/uri/releases/tag/v0.12.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.12.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.12.3/manifests"},{"name":"v0.13.1","sha":"56490e426e7c1d02d900a990f842f6f18c7a9f77","kind":"tag","published_at":"2024-08-27T05:23:48.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.13.1","html_url":"https://github.com/ruby/uri/releases/tag/v0.13.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.13.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.13.1/manifests"},{"name":"v0.13.0","sha":"b50d37f7a193991c56bda7f94e8dd6fec0bb3f7f","kind":"tag","published_at":"2023-11-06T10:08:31.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.13.0","html_url":"https://github.com/ruby/uri/releases/tag/v0.13.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.13.0/manifests"},{"name":"v0.11.2","sha":"5880a5f6a42fe1c588759cd33887919486ccb549","kind":"tag","published_at":"2023-06-29T01:10:40.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.11.2","html_url":"https://github.com/ruby/uri/releases/tag/v0.11.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.11.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.11.2/manifests"},{"name":"v0.10.0.3","sha":"045e752821d93b23bda97ea425af91b8e18cfd98","kind":"tag","published_at":"2023-06-29T01:10:26.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.10.0.3","html_url":"https://github.com/ruby/uri/releases/tag/v0.10.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.0.3/manifests"},{"name":"v0.10.3","sha":"1af8bd42a3ce4202f3d1c9f5058560a1f3aff105","kind":"tag","published_at":"2023-06-29T01:09:46.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.10.3","html_url":"https://github.com/ruby/uri/releases/tag/v0.10.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.3/manifests"},{"name":"v0.12.2","sha":"988ab017b7ee69a2e1b12b64382ae137522af03a","kind":"tag","published_at":"2023-06-29T01:09:19.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.12.2","html_url":"https://github.com/ruby/uri/releases/tag/v0.12.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.12.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.12.2/manifests"},{"name":"v0.10.0.2","sha":"359e6bc3443b26e0c416d52bea34605c6975dad7","kind":"tag","published_at":"2023-03-28T08:30:23.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.10.0.2","html_url":"https://github.com/ruby/uri/releases/tag/v0.10.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.0.2/manifests"},{"name":"v0.12.1","sha":"50cadd437cdc10e469a31ffa8d620cbfc706d50f","kind":"tag","published_at":"2023-03-28T01:27:49.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.12.1","html_url":"https://github.com/ruby/uri/releases/tag/v0.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.12.1/manifests"},{"name":"v0.11.1","sha":"f0a10975c33656a976b51b16a6475c5dbe368535","kind":"tag","published_at":"2023-03-28T01:27:35.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.11.1","html_url":"https://github.com/ruby/uri/releases/tag/v0.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.11.1/manifests"},{"name":"v0.10.2","sha":"0ff6c0360ae29643a433f385fd49587589b8cd02","kind":"tag","published_at":"2023-03-28T01:27:19.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.10.2","html_url":"https://github.com/ruby/uri/releases/tag/v0.10.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.2/manifests"},{"name":"v0.10.0.1","sha":"83ff0f037018eaba5e434bb68ca96d906ad1b9f7","kind":"tag","published_at":"2023-03-28T01:27:06.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.10.0.1","html_url":"https://github.com/ruby/uri/releases/tag/v0.10.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.0.1/manifests"},{"name":"v0.12.0","sha":"72f22716f86fe6bccf52c167cbb30e1a6e70aaca","kind":"tag","published_at":"2022-12-05T08:20:12.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.12.0","html_url":"https://github.com/ruby/uri/releases/tag/v0.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.12.0/manifests"},{"name":"v0.11.0","sha":"1619f713e60ddffd238276e5f03f4f916074476b","kind":"tag","published_at":"2021-10-21T06:54:00.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.11.0","html_url":"https://github.com/ruby/uri/releases/tag/v0.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.11.0/manifests"},{"name":"v0.10.1","sha":"94e9ac5d5588718556bd1be1665d7ad60633b275","kind":"tag","published_at":"2020-12-22T12:33:43.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.10.1","html_url":"https://github.com/ruby/uri/releases/tag/v0.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.1/manifests"},{"name":"v0.10.0","sha":"c86081f25ed7dfc132a0f2db1ece10999af7bbe2","kind":"commit","published_at":"2019-11-08T21:54:35.000Z","download_url":"https://codeload.github.com/ruby/uri/tar.gz/v0.10.0","html_url":"https://github.com/ruby/uri/releases/tag/v0.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruby%2Furi/tags/v0.10.0/manifests"}]},"repo_metadata_updated_at":"2025-06-04T03:44:15.691Z","dependent_packages_count":81,"downloads":88881845,"downloads_period":"total","dependent_repos_count":1166,"rankings":{"downloads":1.1266605420820957,"dependent_repos_count":0.9558860827269807,"dependent_packages_count":0.46500617190009974,"stargazers_count":6.507465041960919,"forks_count":4.143135729825391,"docker_downloads_count":0.019726422697785566,"average":2.202979998532212},"purl":"pkg:gem/uri","advisories":[{"uuid":"GSA_kwCzR0hTQS1od3cyLTVnODUtNDI5bc4AA0Ip","url":"https://github.com/advisories/GHSA-hww2-5g85-429m","title":"URI gem has ReDoS vulnerability","description":"A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with `rfc2396_parser.rb` and `rfc3986_parser.rb`.\n\nNOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.\n\n[The Ruby advisory recommends](https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/) updating the uri gem to 0.12.2. In order to ensure compatibility with the bundled version in older Ruby series, you may update as follows instead:\n- For Ruby 3.0: Update to uri 0.10.3\n- For Ruby 3.1 and 3.2: Update to uri 0.12.2.\n\nYou can use gem update uri to update it. If you are using bundler, please add gem `uri`, `\u003e= 0.12.2` (or other version mentioned above) to your Gemfile.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-06-29T15:30:34.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-36617","https://github.com/ruby/uri/commit/3cd938df20db26c9439e9f681aadfb9bbeb6d1c0","https://github.com/ruby/uri/commit/4d02315181d8a485496f1bb107a6ab51d6f3a35f","https://github.com/ruby/uri/commit/7e33934c91b7f8f3ea7b7a4258b468e19f636bc3","https://github.com/ruby/uri/commit/ba36c8a3ecad8c16dd3e60a6da9abd768206c8fa","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-36617.yml","https://github.com/ruby/uri/commit/05b1e7d026b886e65a60ee35625229da9ec220bb","https://github.com/ruby/uri/commit/38bf797c488bcb4a37fb322bfa84977981863ec6","https://github.com/ruby/uri/commit/70794abc162bb15bb934713b5669713d6700d35c","https://github.com/ruby/uri/commit/9a8e0cc03da964054c2a4ea26b59c53c3bae4921","https://security.netapp.com/advisory/ntap-20230725-0002","https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ","https://github.com/advisories/GHSA-hww2-5g85-429m"],"source_kind":"github","identifiers":["GHSA-hww2-5g85-429m","CVE-2023-36617"],"repository_url":"https://github.com/ruby/uri","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"0.10.0.3","vulnerable_version_range":"\u003c 0.10.0.3"},{"first_patched_version":"0.11.2","vulnerable_version_range":"\u003e= 0.11.0, \u003c 0.11.2"},{"first_patched_version":"0.12.2","vulnerable_version_range":"\u003e= 0.12.0, \u003c 0.12.2"},{"first_patched_version":"0.10.3","vulnerable_version_range":"\u003e= 0.10.1, \u003c 0.10.3"}],"ecosystem":"rubygems","package_name":"uri"}],"created_at":"2023-07-14T22:03:42.506Z","updated_at":"2025-06-05T01:14:10.925Z","epss_percentage":0.00889,"epss_percentile":0.74418},{"uuid":"GSA_kwCzR0hTQS1odjVqLTNoOWYtOTljMs4AAyes","url":"https://github.com/advisories/GHSA-hv5j-3h9f-99c2","title":"Ruby URI component ReDoS issue","description":"A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-31T06:30:15.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-28755","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-28755.yml","https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html","https://security.gentoo.org/glsa/202401-27","https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755","https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released","https://www.ruby-lang.org/en/downloads/releases","https://security.netapp.com/advisory/ntap-20230526-0003","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF","https://github.com/ruby/uri/releases","https://github.com/advisories/GHSA-hv5j-3h9f-99c2"],"source_kind":"github","identifiers":["GHSA-hv5j-3h9f-99c2","CVE-2023-28755"],"repository_url":"https://github.com/ruby/uri","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"0.10.0.1","vulnerable_version_range":"\u003c 0.10.0.1"},{"first_patched_version":"0.10.2","vulnerable_version_range":"= 0.10.1"},{"first_patched_version":"0.11.1","vulnerable_version_range":"= 0.11.0"},{"first_patched_version":"0.12.1","vulnerable_version_range":"= 0.12.0"}],"ecosystem":"rubygems","package_name":"uri"}],"created_at":"2023-03-31T23:03:04.513Z","updated_at":"2025-06-05T01:16:32.509Z","epss_percentage":0.00452,"epss_percentile":0.62719},{"uuid":"GSA_kwCzR0hTQS0yMmg1LXBxM3gtMmdmMs4ABFB0","url":"https://github.com/advisories/GHSA-22h5-pq3x-2gf2","title":"URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+","description":"There is a possibility for userinfo leakage by in the uri gem.\nThis vulnerability has been assigned the CVE identifier CVE-2025-27221. We recommend upgrading the uri gem.\n\n## Details\n\nThe methods `URI#join`, `URI#merge`, and `URI#+` retained userinfo, such as `user:password`, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using these methods, and having someone access that URL, an unintended userinfo leak could occur.\n\nPlease update URI gem to version 0.11.3, 0.12.4, 0.13.2, 1.0.3 or later.\n\n## Affected versions\n\nuri gem versions \u003c 0.11.3, 0.12.0 to 0.12.3, 0.13.0, 0.13.1 and 1.0.0 to 1.0.2.\n\n## Credits\n\nThanks to Tsubasa Irisawa (lambdasawa) for discovering this issue.\nAlso thanks to nobu for additional fixes of this vulnerability.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2025-03-03T22:07:53.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":2.1,"cvss_vector":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N","references":["https://github.com/ruby/uri/pull/154","https://github.com/ruby/uri/pull/155","https://github.com/ruby/uri/pull/156","https://github.com/ruby/uri/pull/157","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml","https://www.cve.org/CVERecord?id=CVE-2025-27221","https://www.ruby-lang.org/en/news/2025/02/26/security-advisories","https://nvd.nist.gov/vuln/detail/CVE-2025-27221","https://hackerone.com/reports/2957667","https://github.com/advisories/GHSA-22h5-pq3x-2gf2"],"source_kind":"github","identifiers":["GHSA-22h5-pq3x-2gf2","CVE-2025-27221"],"repository_url":"https://github.com/ruby/uri","blast_radius":6.44006695588829,"packages":[{"versions":[{"first_patched_version":"1.0.3","vulnerable_version_range":"\u003e= 1.0.0, \u003c 1.0.3"},{"first_patched_version":"0.13.2","vulnerable_version_range":"\u003e= 0.13.0, \u003c 0.13.2"},{"first_patched_version":"0.12.4","vulnerable_version_range":"\u003e= 0.12.0, \u003c 0.12.4"},{"first_patched_version":"0.11.3","vulnerable_version_range":"\u003c 0.11.3"}],"ecosystem":"rubygems","package_name":"uri"}],"created_at":"2025-03-03T23:07:27.536Z","updated_at":"2025-06-05T01:11:38.459Z","epss_percentage":0.00016,"epss_percentile":0.02437}],"docker_usage_url":"https://docker.ecosyste.ms/usage/rubygems/uri","docker_dependents_count":2762,"docker_downloads_count":3639838571,"usage_url":"https://repos.ecosyste.ms/usage/rubygems/uri","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/rubygems/uri/dependencies","status":null,"funding_links":[],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/uri/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/uri/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/uri/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/uri/related_packages","maintainers":[{"uuid":"36956","login":"hsbt","name":null,"email":null,"url":null,"packages_count":176,"html_url":"https://rubygems.org/profiles/hsbt","role":null,"created_at":"2022-11-09T09:55:26.411Z","updated_at":"2022-11-09T09:55:26.411Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/hsbt/packages"}],"registry":{"name":"rubygems.org","url":"https://rubygems.org","ecosystem":"rubygems","default":true,"packages_count":198115,"maintainers_count":66429,"namespaces_count":0,"keywords_count":17799,"github":"rubygems","metadata":{"funded_packages_count":7045},"icon_url":"https://github.com/rubygems.png","created_at":"2022-04-04T15:19:23.446Z","updated_at":"2025-06-06T05:59:27.395Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/namespaces"}},"unique_repositories_count":521,"unique_repositories_count_past_30_days":2,"recent_issues":[{"uuid":"4476481658","node_id":"PR_kwDOFtoPcs7dBT8O","number":401,"state":"closed","title":"Bump uri from 0.12.5 to 1.1.1","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T03:10:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T10:13:40.000Z","updated_at":"2026-05-20T03:10:41.000Z","time_to_close":61018,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"0.12.5","new_version":"1.1.1","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 0.12.5 to 1.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v0.12.5...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.12.5\u0026new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/jellyswitch/new-jellyswitch/pull/401","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jellyswitch%2Fnew-jellyswitch/issues/401","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/401/packages"},{"uuid":"4387350290","node_id":"PR_kwDOAAtoss7Yj32L","number":2711,"state":"closed","title":"build(deps-dev): bump uri from 0.13.1 to 0.13.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-05T22:04:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-05T21:56:55.000Z","updated_at":"2026-05-05T22:04:57.000Z","time_to_close":480,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev)","packages":[{"name":"uri","old_version":"0.13.1","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 0.13.1 to 0.13.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove userinfo for v0.13.x by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/155\"\u003eruby/uri#155\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.2\"\u003ehttps://github.com/ruby/uri/compare/v0.13.1...v0.13.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cef02d63f5e0d7685631e0ed9324b2801784c871\"\u003e\u003ccode\u003ecef02d6\u003c/code\u003e\u003c/a\u003e Bump up v0.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/07fe169e21b09542473c41a80884bb7fe6ecb468\"\u003e\u003ccode\u003e07fe169\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/155\"\u003e#155\u003c/a\u003e from ruby/remove-userinfo-v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/75aeb4ae19f463e886b570cc0c4a0f8ea8eec069\"\u003e\u003ccode\u003e75aeb4a\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cc7d2c7f532eb3b2cc9b326b2b2cee3f72c9e937\"\u003e\u003ccode\u003ecc7d2c7\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.13.1\u0026new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sinonjs/sinon/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/sinonjs/sinon/pull/2711","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sinonjs%2Fsinon/issues/2711","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2711/packages"},{"uuid":"4223253824","node_id":"PR_kwDOPJd-3c7Qvt_2","number":4,"state":"closed","title":"Bump the bundler group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T15:00:01.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T08:44:14.000Z","updated_at":"2026-05-18T15:00:04.000Z","time_to_close":3478547,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":6,"packages":[{"name":"faraday","old_version":"2.12.1","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"ruby-lsp","old_version":"0.19.1","new_version":"0.26.9","repository_url":"https://github.com/Shopify/ruby-lsp"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rack","old_version":"3.0.16","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.3","new_version":"1.1.1","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [faraday](https://github.com/lostisland/faraday), [ruby-lsp](https://github.com/Shopify/ruby-lsp), [addressable](https://github.com/sporkmonger/addressable), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml) and [uri](https://github.com/ruby/uri) to permit the latest version.\nUpdates `faraday` from 2.12.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruby-lsp` from 0.19.1 to 0.26.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Shopify/ruby-lsp/releases\"\u003eruby-lsp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev0.26.9\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent workspace_dependencies failing if directory gets removed during execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3980\"\u003eShopify/ruby-lsp#3980\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix semantic token \u003ccode\u003edefaultLibrary\u003c/code\u003e modifier casing (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4005\"\u003eShopify/ruby-lsp#4005\u003c/a\u003e) by \u003ca href=\"https://github.com/a-lavis\"\u003e\u003ccode\u003e@​a-lavis\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix document links for source comments above sig blocks (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4018\"\u003eShopify/ruby-lsp#4018\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.8\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix send_log_message ignoring type parameter (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3969\"\u003eShopify/ruby-lsp#3969\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly reset state after leaving a regex capture (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3970\"\u003eShopify/ruby-lsp#3970\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClean up cancelled requests after processing them (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3971\"\u003eShopify/ruby-lsp#3971\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply lower bound \u003ccode\u003eruby-lsp\u003c/code\u003e version constraint in composed bundle (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3985\"\u003eShopify/ruby-lsp#3985\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure the original CLI arguments are used when updating (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3986\"\u003eShopify/ruby-lsp#3986\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure bundle is re-composed when CLI arguments change (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3987\"\u003eShopify/ruby-lsp#3987\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eStart accepting --beta flag to install beta server version (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3976\"\u003eShopify/ruby-lsp#3976\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.7\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip disable line action for self-resolving cops (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3945\"\u003eShopify/ruby-lsp#3945\u003c/a\u003e) by \u003ca href=\"https://github.com/sucicfilip\"\u003e\u003ccode\u003e@​sucicfilip\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix test runner silent failure on dual-stack IPv4/IPv6 systems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3953\"\u003eShopify/ruby-lsp#3953\u003c/a\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Bundler::GemNotFound error introduced in 0.26.5 (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3961\"\u003eShopify/ruby-lsp#3961\u003c/a\u003e) by \u003ca href=\"https://github.com/jesse-shopify\"\u003e\u003ccode\u003e@​jesse-shopify\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix incompatible addon version activation when Bundler.setup fails after retry (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3963\"\u003eShopify/ruby-lsp#3963\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid failing if \u003ccode\u003eneeds_update\u003c/code\u003e file is deleted by concurrent process (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3964\"\u003eShopify/ruby-lsp#3964\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport IPv4 and IPv6 for LSP reporter connection (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3965\"\u003eShopify/ruby-lsp#3965\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDecouple test reporter IO from test execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3962\"\u003eShopify/ruby-lsp#3962\u003c/a\u003e) by \u003ca href=\"https://github.com/alexcrocha\"\u003e\u003ccode\u003e@​alexcrocha\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.6\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop when collecting transitive excluded gems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3913\"\u003eShopify/ruby-lsp#3913\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't include test files in the gem package (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3916\"\u003eShopify/ruby-lsp#3916\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd rbs to composed bundle update commands (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3938\"\u003eShopify/ruby-lsp#3938\u003c/a\u003e) by \u003ca href=\"https://github.com/modille\"\u003e\u003ccode\u003e@​modille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtract GEMS_TO_UPDATE constant and fix missing prism in command path (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3939\"\u003eShopify/ruby-lsp#3939\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[DOC] Add security documentation (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3928\"\u003eShopify/ruby-lsp#3928\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.5\u003c/h1\u003e\n\u003ch2\u003e✨ Enhancements\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/29ecc8d29dde87e6157a75bc2f0a3eb62db02ea3\"\u003e\u003ccode\u003e29ecc8d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/f6d9ee44200cb2c0bd3feeb75ff9b7547accd6ad\"\u003e\u003ccode\u003ef6d9ee4\u003c/code\u003e\u003c/a\u003e Bump version to v0.26.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/97f817d489a212faa6dd876bf129b300ea492fbc\"\u003e\u003ccode\u003e97f817d\u003c/code\u003e\u003c/a\u003e Remove --branch flag from server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/9e53e7e8366a13e44079f252ee8e5d5000803fe2\"\u003e\u003ccode\u003e9e53e7e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/eb746d3554f8666e980fa3cffc0d03d7aa062fdd\"\u003e\u003ccode\u003eeb746d3\u003c/code\u003e\u003c/a\u003e Bump extension version to v0.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8834520c7d4ebd067527bc9ba0db3aff586e5df8\"\u003e\u003ccode\u003e8834520\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4030\"\u003e#4030\u003c/a\u003e from Shopify/use-prism-parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/e4026eac5293387aa1e77a62253ae5dc5a9806b5\"\u003e\u003ccode\u003ee4026ea\u003c/code\u003e\u003c/a\u003e Use Prism parser for Sorbet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/81843e7a15f2b5428dbe73d87ef3a3ceccb6c411\"\u003e\u003ccode\u003e81843e7\u003c/code\u003e\u003c/a\u003e Bump Sorbet to 0.6.13055\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/b61a59498b70e864ac67c87bafbf72851ecb2ba7\"\u003e\u003ccode\u003eb61a594\u003c/code\u003e\u003c/a\u003e Remove rubyLsp.branch setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8c1e9b6b3f69a45dd6853d43d3dfae158f9e555d\"\u003e\u003ccode\u003e8c1e9b6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4028\"\u003e#4028\u003c/a\u003e from Shopify/dependabot/npm_and_yarn/vscode/minor-an...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Shopify/ruby-lsp/compare/v0.19.1...v0.26.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.0.16 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.1.21] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.20] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.19] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.18] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.17] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.16] - 2025-06-04\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-47m2-26rw-j2jw\"\u003eCVE-2025-49007\u003c/a\u003e Fix ReDoS in multipart request.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ae8431120e66e92d1885ab8ec0a553d9cad5ec13\"\u003e\u003ccode\u003eae84311\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/87961c306df1894fb5efaa57d29179091b4bc194\"\u003e\u003ccode\u003e87961c3\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fd1c23dc762225e68b50d392142e6a6bf54bf9af\"\u003e\u003ccode\u003efd1c23d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c59d924f215e41ae8ce1bae1633c34f1ca64b182\"\u003e\u003ccode\u003ec59d924\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/176f468e0d575e2f4d7583ff95f30bb53360e3fe\"\u003e\u003ccode\u003e176f468\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/28569342665fee07f161f0974826eb85c1244533\"\u003e\u003ccode\u003e2856934\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/17ce7836be1523a7b453f3c06fe070ad7c954708\"\u003e\u003ccode\u003e17ce783\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/367a2a0ec6fbef605c9412dadfd5763b7867441f\"\u003e\u003ccode\u003e367a2a0\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a17cb99b3440a4db09fb920407adf5ead127704c\"\u003e\u003ccode\u003ea17cb99\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/59a0966a484f2903833fa3e4c81919d3c645738d\"\u003e\u003ccode\u003e59a0966\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.0.16...v3.1.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Lynquatiq/entitlements-github-plugin/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Lynquatiq/entitlements-github-plugin/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lynquatiq%2Fentitlements-github-plugin/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4202340707","node_id":"PR_kwDOAAGm9s7P4RG0","number":15804,"state":"open","title":"Update uri requirement from ~\u003e 1.0.4 to \u003e= 1.0.4, \u003c 1.2.0","user":"dependabot[bot]","labels":["Type: Chore"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-03T21:54:01.000Z","updated_at":"2026-04-04T23:00:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Update","packages":[{"name":"uri","old_version":"~\u003e 1.0.4","new_version":"\u003e= 1.0.4, \u003c 1.2.0","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [uri](https://github.com/ruby/uri) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/chef/chef/pull/15804","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/chef%2Fchef/issues/15804","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15804/packages"},{"uuid":"4196377004","node_id":"PR_kwDOPJd-3c7PpLmd","number":3,"state":"closed","title":"Bump the bundler group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-08T08:44:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-02T18:52:05.000Z","updated_at":"2026-04-08T08:44:19.000Z","time_to_close":481932,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":5,"packages":[{"name":"faraday","old_version":"2.12.1","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"ruby-lsp","old_version":"0.19.1","new_version":"0.26.9","repository_url":"https://github.com/Shopify/ruby-lsp"},{"name":"rack","old_version":"3.0.16","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.3","new_version":"1.1.1","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [faraday](https://github.com/lostisland/faraday), [ruby-lsp](https://github.com/Shopify/ruby-lsp), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml) and [uri](https://github.com/ruby/uri) to permit the latest version.\nUpdates `faraday` from 2.12.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruby-lsp` from 0.19.1 to 0.26.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Shopify/ruby-lsp/releases\"\u003eruby-lsp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev0.26.9\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent workspace_dependencies failing if directory gets removed during execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3980\"\u003eShopify/ruby-lsp#3980\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix semantic token \u003ccode\u003edefaultLibrary\u003c/code\u003e modifier casing (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4005\"\u003eShopify/ruby-lsp#4005\u003c/a\u003e) by \u003ca href=\"https://github.com/a-lavis\"\u003e\u003ccode\u003e@​a-lavis\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix document links for source comments above sig blocks (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4018\"\u003eShopify/ruby-lsp#4018\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.8\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix send_log_message ignoring type parameter (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3969\"\u003eShopify/ruby-lsp#3969\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly reset state after leaving a regex capture (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3970\"\u003eShopify/ruby-lsp#3970\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClean up cancelled requests after processing them (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3971\"\u003eShopify/ruby-lsp#3971\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply lower bound \u003ccode\u003eruby-lsp\u003c/code\u003e version constraint in composed bundle (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3985\"\u003eShopify/ruby-lsp#3985\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure the original CLI arguments are used when updating (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3986\"\u003eShopify/ruby-lsp#3986\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure bundle is re-composed when CLI arguments change (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3987\"\u003eShopify/ruby-lsp#3987\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eStart accepting --beta flag to install beta server version (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3976\"\u003eShopify/ruby-lsp#3976\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.7\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip disable line action for self-resolving cops (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3945\"\u003eShopify/ruby-lsp#3945\u003c/a\u003e) by \u003ca href=\"https://github.com/sucicfilip\"\u003e\u003ccode\u003e@​sucicfilip\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix test runner silent failure on dual-stack IPv4/IPv6 systems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3953\"\u003eShopify/ruby-lsp#3953\u003c/a\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Bundler::GemNotFound error introduced in 0.26.5 (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3961\"\u003eShopify/ruby-lsp#3961\u003c/a\u003e) by \u003ca href=\"https://github.com/jesse-shopify\"\u003e\u003ccode\u003e@​jesse-shopify\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix incompatible addon version activation when Bundler.setup fails after retry (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3963\"\u003eShopify/ruby-lsp#3963\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid failing if \u003ccode\u003eneeds_update\u003c/code\u003e file is deleted by concurrent process (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3964\"\u003eShopify/ruby-lsp#3964\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport IPv4 and IPv6 for LSP reporter connection (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3965\"\u003eShopify/ruby-lsp#3965\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDecouple test reporter IO from test execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3962\"\u003eShopify/ruby-lsp#3962\u003c/a\u003e) by \u003ca href=\"https://github.com/alexcrocha\"\u003e\u003ccode\u003e@​alexcrocha\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.6\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop when collecting transitive excluded gems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3913\"\u003eShopify/ruby-lsp#3913\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't include test files in the gem package (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3916\"\u003eShopify/ruby-lsp#3916\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd rbs to composed bundle update commands (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3938\"\u003eShopify/ruby-lsp#3938\u003c/a\u003e) by \u003ca href=\"https://github.com/modille\"\u003e\u003ccode\u003e@​modille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtract GEMS_TO_UPDATE constant and fix missing prism in command path (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3939\"\u003eShopify/ruby-lsp#3939\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[DOC] Add security documentation (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3928\"\u003eShopify/ruby-lsp#3928\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.5\u003c/h1\u003e\n\u003ch2\u003e✨ Enhancements\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/29ecc8d29dde87e6157a75bc2f0a3eb62db02ea3\"\u003e\u003ccode\u003e29ecc8d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/f6d9ee44200cb2c0bd3feeb75ff9b7547accd6ad\"\u003e\u003ccode\u003ef6d9ee4\u003c/code\u003e\u003c/a\u003e Bump version to v0.26.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/97f817d489a212faa6dd876bf129b300ea492fbc\"\u003e\u003ccode\u003e97f817d\u003c/code\u003e\u003c/a\u003e Remove --branch flag from server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/9e53e7e8366a13e44079f252ee8e5d5000803fe2\"\u003e\u003ccode\u003e9e53e7e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/eb746d3554f8666e980fa3cffc0d03d7aa062fdd\"\u003e\u003ccode\u003eeb746d3\u003c/code\u003e\u003c/a\u003e Bump extension version to v0.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8834520c7d4ebd067527bc9ba0db3aff586e5df8\"\u003e\u003ccode\u003e8834520\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4030\"\u003e#4030\u003c/a\u003e from Shopify/use-prism-parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/e4026eac5293387aa1e77a62253ae5dc5a9806b5\"\u003e\u003ccode\u003ee4026ea\u003c/code\u003e\u003c/a\u003e Use Prism parser for Sorbet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/81843e7a15f2b5428dbe73d87ef3a3ceccb6c411\"\u003e\u003ccode\u003e81843e7\u003c/code\u003e\u003c/a\u003e Bump Sorbet to 0.6.13055\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/b61a59498b70e864ac67c87bafbf72851ecb2ba7\"\u003e\u003ccode\u003eb61a594\u003c/code\u003e\u003c/a\u003e Remove rubyLsp.branch setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8c1e9b6b3f69a45dd6853d43d3dfae158f9e555d\"\u003e\u003ccode\u003e8c1e9b6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4028\"\u003e#4028\u003c/a\u003e from Shopify/dependabot/npm_and_yarn/vscode/minor-an...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Shopify/ruby-lsp/compare/v0.19.1...v0.26.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.0.16 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.1.21] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.20] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.19] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.18] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.17] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.16] - 2025-06-04\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-47m2-26rw-j2jw\"\u003eCVE-2025-49007\u003c/a\u003e Fix ReDoS in multipart request.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ae8431120e66e92d1885ab8ec0a553d9cad5ec13\"\u003e\u003ccode\u003eae84311\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/87961c306df1894fb5efaa57d29179091b4bc194\"\u003e\u003ccode\u003e87961c3\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fd1c23dc762225e68b50d392142e6a6bf54bf9af\"\u003e\u003ccode\u003efd1c23d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c59d924f215e41ae8ce1bae1633c34f1ca64b182\"\u003e\u003ccode\u003ec59d924\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/176f468e0d575e2f4d7583ff95f30bb53360e3fe\"\u003e\u003ccode\u003e176f468\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/28569342665fee07f161f0974826eb85c1244533\"\u003e\u003ccode\u003e2856934\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/17ce7836be1523a7b453f3c06fe070ad7c954708\"\u003e\u003ccode\u003e17ce783\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/367a2a0ec6fbef605c9412dadfd5763b7867441f\"\u003e\u003ccode\u003e367a2a0\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a17cb99b3440a4db09fb920407adf5ead127704c\"\u003e\u003ccode\u003ea17cb99\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/59a0966a484f2903833fa3e4c81919d3c645738d\"\u003e\u003ccode\u003e59a0966\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.0.16...v3.1.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Lynquatiq/entitlements-github-plugin/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Lynquatiq/entitlements-github-plugin/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lynquatiq%2Fentitlements-github-plugin/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4185523178","node_id":"PR_kwDOOYsges7PMwSv","number":5,"state":"open","title":"chore(deps): bump uri from 1.0.3 to 1.0.4","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-01T09:32:27.000Z","updated_at":"2026-04-01T09:32:32.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"uri","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 1.0.3 to 1.0.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=1.0.3\u0026new-version=1.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/arthrod/explore/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/arthrod/explore/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthrod%2Fexplore/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4180962941","node_id":"PR_kwDOHZEAys7PBAZm","number":56,"state":"closed","title":"Bump uri from 1.0.2 to 1.0.4","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-22T05:01:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-31T17:22:13.000Z","updated_at":"2026-05-22T05:01:40.000Z","time_to_close":4448365,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"1.0.2","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 1.0.2 to 1.0.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.1 to 2.10.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/136\"\u003eruby/uri#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump rubygems/release-gem from 612653d273a73bdae1df8453e090060bb4db5f31 to 9e85cb11501bebc2ae661c1500176316d3987059 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/137\"\u003eruby/uri#137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent a warning: URI::REGEXP is obsolete by \u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/138\"\u003eruby/uri#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevisit deprecated test  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/139\"\u003eruby/uri#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress deprecate warning of test class (retry) by \u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/140\"\u003eruby/uri#140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix README by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/142\"\u003eruby/uri#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump rubygems/release-gem from 1.1.0 to 1.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/143\"\u003eruby/uri#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.2 to 2.10.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/144\"\u003eruby/uri#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.3 to 2.10.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/145\"\u003eruby/uri#145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake documentation 100% by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/147\"\u003eruby/uri#147\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.4 to 2.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/153\"\u003eruby/uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove userinfo  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/154\"\u003eruby/uri#154\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/138\"\u003eruby/uri#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.0.3\"\u003ehttps://github.com/ruby/uri/compare/v1.0.2...v1.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/3213f4a0f80f10c8f36993dbb9eabe7f2c1b50fd\"\u003e\u003ccode\u003e3213f4a\u003c/code\u003e\u003c/a\u003e Bump up v1.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5a3fa52fc7629310254d4fffe9c4a6edf6fed848\"\u003e\u003ccode\u003e5a3fa52\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/154\"\u003e#154\u003c/a\u003e from ruby/remove-userinfo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5\"\u003e\u003ccode\u003e2789182\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495\"\u003e\u003ccode\u003e3675494\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f198601f68f9f7f70b7cf9ca0439e0453b83a456\"\u003e\u003ccode\u003ef198601\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/153\"\u003e#153\u003c/a\u003e from ruby/dependabot/github_actions/step-security/har...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c0594630f0219ffb48f1f2a9bd2621ecf055b39b\"\u003e\u003ccode\u003ec059463\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.10.4 to 2.11.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.","html_url":"https://github.com/dpep/rspec-twirp/pull/56","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpep%2Frspec-twirp/issues/56","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/56/packages"},{"uuid":"4130174658","node_id":"PR_kwDOOTp4f87NHPm7","number":4,"state":"closed","title":"Bump the bundler group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-25T22:10:58.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-24T19:27:55.000Z","updated_at":"2026-03-25T22:11:00.000Z","time_to_close":96183,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":9,"packages":[{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.7","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"carrierwave","old_version":"1.3.4","new_version":"2.2.6","repository_url":"https://github.com/carrierwaveuploader/carrierwave"},{"name":"aws-sdk-s3","old_version":"1.183.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"actionview","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activerecord","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activestorage","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activesupport","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"uri","old_version":"1.0.3","new_version":"1.1.1","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [carrierwave](https://github.com/carrierwaveuploader/carrierwave), [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby), [actionview](https://github.com/rails/rails), [activerecord](https://github.com/rails/rails), [activestorage](https://github.com/rails/rails), [activesupport](https://github.com/rails/rails) and [uri](https://github.com/ruby/uri) to permit the latest version.\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.7 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8\"\u003ev2.13.8\u003c/a\u003e to address CVE-2025-32414 and CVE-2025-32415. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc\"\u003eGHSA-5w6v-399v-w3cc\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.7...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `carrierwave` from 1.3.4 to 2.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/releases\"\u003ecarrierwave's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/blob/v2.2.6/CHANGELOG.md\"\u003ecarrierwave's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6 - 2024-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5 - 2023-11-29\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4 - 2023-06-10\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3 - 2022-11-21\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2 - 2021-05-28\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1 - 2021-03-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0 - 2021-02-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/eb6359e79fee43d1c480b0f50d9a585b3c3b1c1c\"\u003e\u003ccode\u003eeb6359e\u003c/code\u003e\u003c/a\u003e Version 2.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e\u003ccode\u003e4317871\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability remained\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/0fcff94cebce07b856531d6502b11466e8331409\"\u003e\u003ccode\u003e0fcff94\u003c/code\u003e\u003c/a\u003e Version 2.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e\u003ccode\u003e39b282d\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f91bee6487d8e5d8bd2c1a88dd25269a2c1e4d0\"\u003e\u003ccode\u003e2f91bee\u003c/code\u003e\u003c/a\u003e Version 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f2d77a42e9f871ae342920581050cc6669e5c7c\"\u003e\u003ccode\u003e2f2d77a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2665\"\u003e#2665\u003c/a\u003e from SuperTux88/backport-kwargs-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/52237f4992c1dd39dca3bdbac7aa6b242947915d\"\u003e\u003ccode\u003e52237f4\u003c/code\u003e\u003c/a\u003e fix: ruby 2.7 kwarg warning in uploader process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/bdb0be021107a75faabdce4121e493ad3efdcea4\"\u003e\u003ccode\u003ebdb0be0\u003c/code\u003e\u003c/a\u003e File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/ed8c518c8ac0186cb25623895ca40706a65bb7cd\"\u003e\u003ccode\u003eed8c518\u003c/code\u003e\u003c/a\u003e Forward to 1.x changelog for older changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/baf5df7d9acea95f46eaea456743241ef3d644f5\"\u003e\u003ccode\u003ebaf5df7\u003c/code\u003e\u003c/a\u003e Version 2.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/compare/v1.3.4...v2.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.183.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924\"\u003e\u003ccode\u003ec79a07d\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2f3eb21bd6da9a4935314d4a0663c473c4d33700\"\u003e\u003ccode\u003e2f3eb21\u003c/code\u003e\u003c/a\u003e Sync CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/9ab450a023290ff50ed37c8561880a78dabbf19a\"\u003e\u003ccode\u003e9ab450a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55490\"\u003e#55490\u003c/a\u003e from Earlopain/bump-rubocop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/95bee6a4c8132b4caf53e073f7b01ce5cdeed4a6\"\u003e\u003ccode\u003e95bee6a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55738\"\u003e#55738\u003c/a\u003e from skipkayhil/hm-nkxzsnnrqqlyrotw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6409b24dd20ee4076ec3dbefba9edc3376bf13f1\"\u003e\u003ccode\u003e6409b24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55719\"\u003e#55719\u003c/a\u003e from skipkayhil/hm-fix-label-for-namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0160f42886e2ebeb7a0680f073b870326f14c12a\"\u003e\u003ccode\u003e0160f42\u003c/code\u003e\u003c/a\u003e Sync CHANGELOGs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activerecord` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactiverecord's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2f3eb21bd6da9a4935314d4a0663c473c4d33700\"\u003e\u003ccode\u003e2f3eb21\u003c/code\u003e\u003c/a\u003e Sync CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6981fd2fbeadc8bc7db6547604cf2df13cb18a40\"\u003e\u003ccode\u003e6981fd2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55969\"\u003e#55969\u003c/a\u003e from rails/fix-explain-tests-mysql-9.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/52347e0467445b350f482838da5bb503c155eb72\"\u003e\u003ccode\u003e52347e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55938\"\u003e#55938\u003c/a\u003e from aidanharan/truthy-condition-mssql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d2826215f9c9c1fe2f1c91e292171a042be1e9c5\"\u003e\u003ccode\u003ed282621\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55925\"\u003e#55925\u003c/a\u003e from flavorjones/flavorjones/shard-swap-prohibition...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/511dbf2665746e54240c07b93b0d0ddc184873f9\"\u003e\u003ccode\u003e511dbf2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55907\"\u003e#55907\u003c/a\u003e from ruyrocha/fix/sqlite3-data-loss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bf9219d62aed746260e853cebe98503c8c27cdd5\"\u003e\u003ccode\u003ebf9219d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55918\"\u003e#55918\u003c/a\u003e from baarde/with-bound-sql-literals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/865bc776d039645bd4b7f2c826ab4e0aaadf51b6\"\u003e\u003ccode\u003e865bc77\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55332\"\u003e#55332\u003c/a\u003e from zzak/re-54882\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/dee79c4a74723ce8016b2e96e3d6d5723f673aa6\"\u003e\u003ccode\u003edee79c4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55778\"\u003e#55778\u003c/a\u003e from ianterrell/ianterrell/fix-autosave-changed-via...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf\"\u003e\u003ccode\u003e955284d\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348\"\u003e\u003ccode\u003ea290c8a\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e\"\u003e\u003ccode\u003e8fcb934\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d7da4ef03f99035fba5add8828646f1e9173549c\"\u003e\u003ccode\u003ed7da4ef\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5\"\u003e\u003ccode\u003e2cd933c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/82f2c96c394b0cf2c2208a7cbf8ebb4fa591ebd6\"\u003e\u003ccode\u003e82f2c96\u003c/code\u003e\u003c/a\u003e Disable GCS tests in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11\"\u003e\u003ccode\u003e29154f1\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db\"\u003e\u003ccode\u003e6e8a811\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856\"\u003e\u003ccode\u003eee2c59e\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/5b6ad9db89b30b48753cced1fb261781a716fcb4\"\u003e\u003ccode\u003e5b6ad9d\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0ddf2c97b27d25aa1e450545d59ff867df31253f\"\u003e\u003ccode\u003e0ddf2c9\u003c/code\u003e\u003c/a\u003e Delete test that now fails with new version of benchmark gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/3c7a8a8208221c3f01bc841a8f7015ea00e86427\"\u003e\u003ccode\u003e3c7a8a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55864\"\u003e#55864\u003c/a\u003e from RicardoTrindade/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/00e1dfa973ce121d767c299a02d05b028caf8b5c\"\u003e\u003ccode\u003e00e1dfa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LelandParker/openproject/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/LelandParker/openproject/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/LelandParker%2Fopenproject/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4124726057","node_id":"PR_kwDOOHIAw87M2-vi","number":8,"state":"closed","title":"Bump the bundler group across 16 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-24T02:01:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-24T01:57:18.000Z","updated_at":"2026-03-24T02:01:38.000Z","time_to_close":260,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":5,"packages":[{"name":"faraday","old_version":"2.12.2","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.3","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.11","new_version":"2.2.22","repository_url":"https://github.com/rack/rack"},{"name":"uri","old_version":"0.13.2","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"faraday","old_version":"2.12.2","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [faraday](https://github.com/lostisland/faraday), [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri) to permit the latest version.\nUpdates `faraday` from 2.12.2 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.2...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.3 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8\"\u003ev2.13.8\u003c/a\u003e to address CVE-2025-32414 and CVE-2025-32415. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc\"\u003eGHSA-5w6v-399v-w3cc\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.7 / 2025-03-31\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7\"\u003ev2.13.7\u003c/a\u003e, which is a bugfix release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.6 / 2025-03-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.3...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 2.2.11 to 2.2.22\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.11...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 0.13.2 to 0.13.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.11...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.11...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.11...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.12.2 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.2...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack...\n\n_Description has been truncated_","html_url":"https://github.com/vitolothomas1986/gitlabhq/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vitolothomas1986%2Fgitlabhq/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4112451051","node_id":"PR_kwDOLNTHZs7MW0PG","number":16,"state":"closed","title":"Bump the bundler group across 17 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-21T13:15:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-21T13:02:29.000Z","updated_at":"2026-03-21T13:16:04.000Z","time_to_close":805,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":4,"packages":[{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.19","new_version":"2.2.22","repository_url":"https://github.com/rack/rack"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"3.1.17","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"uri","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"3.1.17","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"}],"path":null,"ecosystem":"rubygems"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps the bundler group with 3 updates in the /Ruby/baseball/asagao directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/exercises directory: [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_dojo_1/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_dojo_2/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_dojo_3/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_dojo_4/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_1/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_10/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_11/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_2/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_3/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_4/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_5/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 4 updates in the /Ruby/progate/rails5_study_6/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri).\nBumps the bundler group with 4 updates in the /Ruby/progate/rails5_study_7/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri).\nBumps the bundler group with 4 updates in the /Ruby/progate/rails5_study_8/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri).\nBumps the bundler group with 4 updates in the /Ruby/progate/rails5_study_9/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri).\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 2.2.19 to 2.2.22\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.19...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.17 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.19...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.17 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.19...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a...\n\n_Description has been truncated_","html_url":"https://github.com/tsk-brc/Learning/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsk-brc%2FLearning/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"},{"uuid":"4097900762","node_id":"PR_kwDOAElTNs7LrSDJ","number":16,"state":"closed","title":"Bump uri from 0.13.1 to 0.13.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-18T22:14:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-18T21:51:45.000Z","updated_at":"2026-03-18T22:14:41.000Z","time_to_close":1370,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"0.13.1","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps [uri](https://github.com/ruby/uri) from 0.13.1 to 0.13.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove userinfo for v0.13.x by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/155\"\u003eruby/uri#155\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.2\"\u003ehttps://github.com/ruby/uri/compare/v0.13.1...v0.13.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cef02d63f5e0d7685631e0ed9324b2801784c871\"\u003e\u003ccode\u003ecef02d6\u003c/code\u003e\u003c/a\u003e Bump up v0.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/07fe169e21b09542473c41a80884bb7fe6ecb468\"\u003e\u003ccode\u003e07fe169\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/155\"\u003e#155\u003c/a\u003e from ruby/remove-userinfo-v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/75aeb4ae19f463e886b570cc0c4a0f8ea8eec069\"\u003e\u003ccode\u003e75aeb4a\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cc7d2c7f532eb3b2cc9b326b2b2cee3f72c9e937\"\u003e\u003ccode\u003ecc7d2c7\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.13.1\u0026new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/JanAhrens/JanAhrens.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/JanAhrens/JanAhrens.github.io/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/JanAhrens%2FJanAhrens.github.io/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"},{"uuid":"4066123517","node_id":"PR_kwDOCpp2Ys7KHHto","number":628,"state":"open","title":"bundler(deps): bump uri from 1.0.3 to 1.0.4","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-12T17:20:49.000Z","updated_at":"2026-03-12T17:23:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"bundler(deps)","packages":[{"name":"uri","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 1.0.3 to 1.0.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=1.0.3\u0026new-version=1.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/azureossd/azureossd.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/azureossd/azureossd.github.io/pull/628","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/azureossd%2Fazureossd.github.io/issues/628","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/628/packages"},{"uuid":"4051268770","node_id":"PR_kwDORjOOFs7JXCuA","number":2,"state":"closed","title":"Bump the bundler group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-10T12:11:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-10T11:52:54.000Z","updated_at":"2026-03-10T12:12:08.000Z","time_to_close":1141,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":4,"packages":[{"name":"faraday","old_version":"2.12.1","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"rack","old_version":"3.0.9.1","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"rexml","old_version":"3.3.6","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.2","new_version":"1.1.1"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 3 updates in the / directory: [faraday](https://github.com/lostisland/faraday), [rack](https://github.com/rack/rack) and [rexml](https://github.com/ruby/rexml).\n\nUpdates `faraday` from 2.12.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.0.9.1 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/65044344e4780d80b409f9ba27df41b6307b5ff5\"\u003e\u003ccode\u003e6504434\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/48e90303ea09cdcf5091104c1ffc94a2f74e2c5b\"\u003e\u003ccode\u003e48e9030\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed0f455074f9d6aade9793bd8a3dc4aeaecaacd6\"\u003e\u003ccode\u003eed0f455\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b29df3156208326916cf60482eaec42574b65ff0\"\u003e\u003ccode\u003eb29df31\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/72719a8a7447186234379d9bff889273ec3cd35d\"\u003e\u003ccode\u003e72719a8\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/96cf07879a084e4488d705ed093395e86bb554f5\"\u003e\u003ccode\u003e96cf078\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db\"\u003e\u003ccode\u003ecbd541e\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a\"\u003e\u003ccode\u003e7e69f65\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/db6bc0f64f24a3aa1aa83223da112e25333b049a\"\u003e\u003ccode\u003edb6bc0f\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ad81f80d4bc2db6e3ba15c5b1d3b23205f7c5810\"\u003e\u003ccode\u003ead81f80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.0.9.1...v3.1.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.6 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.6...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.2 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/orest2027/communityc223/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/orest2027/communityc223/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/orest2027%2Fcommunityc223/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4042279908","node_id":"PR_kwDORhO0587I54LJ","number":2,"state":"open","title":"Bump uri from 0.13.0 to 0.13.3 in /github-sdks/ruby in the bundler group across 1 directory","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-08T22:03:06.000Z","updated_at":"2026-03-08T22:03:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"0.13.0","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"}],"path":"/github-sdks/ruby in the bundler group across 1 directory","ecosystem":"rubygems"},"body":"Bumps the bundler group with 1 update in the /github-sdks/ruby directory: [uri](https://github.com/ruby/uri).\n\nUpdates `uri` from 0.13.0 to 0.13.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove userinfo for v0.13.x by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/155\"\u003eruby/uri#155\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.2\"\u003ehttps://github.com/ruby/uri/compare/v0.13.1...v0.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefine RFC2396_PARSER for Ruby 3.3 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/119\"\u003eruby/uri#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.0...v0.13.1\"\u003ehttps://github.com/ruby/uri/compare/v0.13.0...v0.13.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cef02d63f5e0d7685631e0ed9324b2801784c871\"\u003e\u003ccode\u003ecef02d6\u003c/code\u003e\u003c/a\u003e Bump up v0.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/07fe169e21b09542473c41a80884bb7fe6ecb468\"\u003e\u003ccode\u003e07fe169\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/155\"\u003e#155\u003c/a\u003e from ruby/remove-userinfo-v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/75aeb4ae19f463e886b570cc0c4a0f8ea8eec069\"\u003e\u003ccode\u003e75aeb4a\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cc7d2c7f532eb3b2cc9b326b2b2cee3f72c9e937\"\u003e\u003ccode\u003ecc7d2c7\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/56490e426e7c1d02d900a990f842f6f18c7a9f77\"\u003e\u003ccode\u003e56490e4\u003c/code\u003e\u003c/a\u003e Bump up 0.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/108c95ceb8f83c1e6da8d3ced7506b87841a948d\"\u003e\u003ccode\u003e108c95c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/119\"\u003e#119\u003c/a\u003e from ruby/define-rfc2396-parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.0...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.13.0\u0026new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/404CellPhoneRepair/Github-Examples/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/404CellPhoneRepair/Github-Examples/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/404CellPhoneRepair%2FGithub-Examples/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4040408964","node_id":"PR_kwDOQxHn9c7I0KLH","number":5,"state":"open","title":"Bump uri from 1.0.3 to 1.0.4","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-08T04:08:38.000Z","updated_at":"2026-04-08T11:56:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 1.0.3 to 1.0.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/SkyMeilin/Gravatar-SDK-Android-Neu/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SkyMeilin%2FGravatar-SDK-Android-Neu/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4004475868","node_id":"PR_kwDOAWa9Js7G_9hR","number":57,"state":"closed","title":"Bump uri from 0.13.0 to 0.13.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-28T11:25:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-28T11:11:25.000Z","updated_at":"2026-02-28T11:25:19.000Z","time_to_close":832,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"0.13.0","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 0.13.0 to 0.13.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove userinfo for v0.13.x by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/155\"\u003eruby/uri#155\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.2\"\u003ehttps://github.com/ruby/uri/compare/v0.13.1...v0.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefine RFC2396_PARSER for Ruby 3.3 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/119\"\u003eruby/uri#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.0...v0.13.1\"\u003ehttps://github.com/ruby/uri/compare/v0.13.0...v0.13.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cef02d63f5e0d7685631e0ed9324b2801784c871\"\u003e\u003ccode\u003ecef02d6\u003c/code\u003e\u003c/a\u003e Bump up v0.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/07fe169e21b09542473c41a80884bb7fe6ecb468\"\u003e\u003ccode\u003e07fe169\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/155\"\u003e#155\u003c/a\u003e from ruby/remove-userinfo-v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/75aeb4ae19f463e886b570cc0c4a0f8ea8eec069\"\u003e\u003ccode\u003e75aeb4a\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cc7d2c7f532eb3b2cc9b326b2b2cee3f72c9e937\"\u003e\u003ccode\u003ecc7d2c7\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/56490e426e7c1d02d900a990f842f6f18c7a9f77\"\u003e\u003ccode\u003e56490e4\u003c/code\u003e\u003c/a\u003e Bump up 0.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/108c95ceb8f83c1e6da8d3ced7506b87841a948d\"\u003e\u003ccode\u003e108c95c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/119\"\u003e#119\u003c/a\u003e from ruby/define-rfc2396-parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.0...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.13.0\u0026new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/JanGorman/jangorman.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/JanGorman/jangorman.github.io/pull/57","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/JanGorman%2Fjangorman.github.io/issues/57","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/57/packages"},{"uuid":"3992253507","node_id":"PR_kwDORPpVyM7GX8Rc","number":2,"state":"closed","title":"Bump uri from 1.0.2 to 1.0.4 in the bundler group across 1 directory","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-25T22:52:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-25T22:52:19.000Z","updated_at":"2026-02-25T22:52:31.000Z","time_to_close":11,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"1.0.2","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":"the bundler group across 1 directory","ecosystem":"rubygems"},"body":"Bumps the bundler group with 1 update in the / directory: [uri](https://github.com/ruby/uri).\n\nUpdates `uri` from 1.0.2 to 1.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.1 to 2.10.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/136\"\u003eruby/uri#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump rubygems/release-gem from 612653d273a73bdae1df8453e090060bb4db5f31 to 9e85cb11501bebc2ae661c1500176316d3987059 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/137\"\u003eruby/uri#137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent a warning: URI::REGEXP is obsolete by \u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/138\"\u003eruby/uri#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevisit deprecated test  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/139\"\u003eruby/uri#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress deprecate warning of test class (retry) by \u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/140\"\u003eruby/uri#140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix README by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/142\"\u003eruby/uri#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump rubygems/release-gem from 1.1.0 to 1.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/143\"\u003eruby/uri#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.2 to 2.10.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/144\"\u003eruby/uri#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.3 to 2.10.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/145\"\u003eruby/uri#145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake documentation 100% by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/147\"\u003eruby/uri#147\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.4 to 2.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/153\"\u003eruby/uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove userinfo  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/154\"\u003eruby/uri#154\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/138\"\u003eruby/uri#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.0.3\"\u003ehttps://github.com/ruby/uri/compare/v1.0.2...v1.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/3213f4a0f80f10c8f36993dbb9eabe7f2c1b50fd\"\u003e\u003ccode\u003e3213f4a\u003c/code\u003e\u003c/a\u003e Bump up v1.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5a3fa52fc7629310254d4fffe9c4a6edf6fed848\"\u003e\u003ccode\u003e5a3fa52\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/154\"\u003e#154\u003c/a\u003e from ruby/remove-userinfo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5\"\u003e\u003ccode\u003e2789182\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495\"\u003e\u003ccode\u003e3675494\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f198601f68f9f7f70b7cf9ca0439e0453b83a456\"\u003e\u003ccode\u003ef198601\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/153\"\u003e#153\u003c/a\u003e from ruby/dependabot/github_actions/step-security/har...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c0594630f0219ffb48f1f2a9bd2621ecf055b39b\"\u003e\u003ccode\u003ec059463\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.10.4 to 2.11.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=1.0.2\u0026new-version=1.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rabiaafter60-jpg/community/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/rabiaafter60-jpg/community/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabiaafter60-jpg%2Fcommunity/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"3980220366","node_id":"PR_kwDOAFNc7s7FwLhV","number":37,"state":"closed","title":"Bump the bundler group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-24T11:55:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-23T21:21:12.000Z","updated_at":"2026-02-24T11:55:30.000Z","time_to_close":52456,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":4,"packages":[{"name":"faraday","old_version":"2.12.1","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"nokogiri","old_version":"1.16.7","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.2","new_version":"1.1.1"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 3 updates in the / directory: [faraday](https://github.com/lostisland/faraday), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rexml](https://github.com/ruby/rexml).\n\nUpdates `faraday` from 2.12.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.16.7 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8\"\u003ev2.13.8\u003c/a\u003e to address CVE-2025-32414 and CVE-2025-32415. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc\"\u003eGHSA-5w6v-399v-w3cc\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.7 / 2025-03-31\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7\"\u003ev2.13.7\u003c/a\u003e, which is a bugfix release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.6 / 2025-03-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.16.7...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.2 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aheusingfeld/aheusingfeld.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/aheusingfeld/aheusingfeld.github.io/pull/37","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aheusingfeld%2Faheusingfeld.github.io/issues/37","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/37/packages"},{"uuid":"3965772917","node_id":"PR_kwDOMHsMr87FBcqQ","number":6,"state":"closed","title":"Bump the bundler group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-22T03:39:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-20T00:05:14.000Z","updated_at":"2026-02-22T03:39:56.000Z","time_to_close":185681,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":4,"packages":[{"name":"httparty","old_version":"0.23.1","new_version":"0.24.0","repository_url":"https://github.com/jnunemaker/httparty"},{"name":"nokogiri","old_version":"1.18.8","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rexml","old_version":"3.4.1","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 4 updates in the / directory: [httparty](https://github.com/jnunemaker/httparty), [nokogiri](https://github.com/sparklemotion/nokogiri), [rexml](https://github.com/ruby/rexml) and [uri](https://github.com/ruby/uri).\n\nUpdates `httparty` from 0.23.1 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jnunemaker/httparty/releases\"\u003ehttparty's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.24.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eForce binary encoding throughout by \u003ca href=\"https://github.com/jnunemaker\"\u003e\u003ccode\u003e@​jnunemaker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/823\"\u003ejnunemaker/httparty#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eset Content-Type for Hash body in requests by \u003ca href=\"https://github.com/jnunemaker\"\u003e\u003ccode\u003e@​jnunemaker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/828\"\u003ejnunemaker/httparty#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: stream multipart file uploads to reduce memory usage by \u003ca href=\"https://github.com/jnunemaker\"\u003e\u003ccode\u003e@​jnunemaker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/829\"\u003ejnunemaker/httparty#829\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent SSRF via absolute URL bypassing base_uri by \u003ca href=\"https://github.com/jnunemaker\"\u003e\u003ccode\u003e@​jnunemaker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/830\"\u003ejnunemaker/httparty#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jnunemaker/httparty/compare/v0.23.2...v0.24.0\"\u003ehttps://github.com/jnunemaker/httparty/compare/v0.23.2...v0.24.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.23.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd changelog_uri metadata to gemspec by \u003ca href=\"https://github.com/baraidrissa\"\u003e\u003ccode\u003e@​baraidrissa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/817\"\u003ejnunemaker/httparty#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix multipart with files in binary mode and fields including non-ASCII characters by \u003ca href=\"https://github.com/rdimartino\"\u003e\u003ccode\u003e@​rdimartino\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/822\"\u003ejnunemaker/httparty#822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baraidrissa\"\u003e\u003ccode\u003e@​baraidrissa\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/817\"\u003ejnunemaker/httparty#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rdimartino\"\u003e\u003ccode\u003e@​rdimartino\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/822\"\u003ejnunemaker/httparty#822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jnunemaker/httparty/compare/v0.23.1...v0.23.2\"\u003ehttps://github.com/jnunemaker/httparty/compare/v0.23.1...v0.23.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/55ec76e8d1df7903eab3f7c2367991400d3cf65e\"\u003e\u003ccode\u003e55ec76e\u003c/code\u003e\u003c/a\u003e Release 0.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/ddfbc8ddfca03d4f4026b01763ee906071ca558b\"\u003e\u003ccode\u003eddfbc8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/issues/830\"\u003e#830\u003c/a\u003e from jnunemaker/fix-ssrf-base-uri-bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240\"\u003e\u003ccode\u003e0529bcd\u003c/code\u003e\u003c/a\u003e fix: prevent SSRF via absolute URL bypassing base_uri (GHSA-hm5p-x4rq-38w4)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/05f38fd35d8088b9770513c2eaecce671f0940ec\"\u003e\u003ccode\u003e05f38fd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/issues/829\"\u003e#829\u003c/a\u003e from jnunemaker/memory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/8901c238c00d0aca8920271314c4c5d7dd2701fb\"\u003e\u003ccode\u003e8901c23\u003c/code\u003e\u003c/a\u003e feat: stream multipart file uploads to reduce memory usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/091bd6aa909e38822b72f8ce2383385cf8eeb302\"\u003e\u003ccode\u003e091bd6a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/issues/828\"\u003e#828\u003c/a\u003e from jnunemaker/issue-826\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/59c0ac5f3d906fb6be2133c1b89d75329755af8f\"\u003e\u003ccode\u003e59c0ac5\u003c/code\u003e\u003c/a\u003e feat: set Content-Type for Hash body in requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/5c8b45e6297d181d99a56f5297dade3e358cc6f9\"\u003e\u003ccode\u003e5c8b45e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/issues/823\"\u003e#823\u003c/a\u003e from jnunemaker/mixed-encodings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/6419cb307dd435572963e4ab40cd96b41389efcf\"\u003e\u003ccode\u003e6419cb3\u003c/code\u003e\u003c/a\u003e Force binary encoding throughout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/c74571f7925c8e142d02c2b7d6ebeedf923b1dd1\"\u003e\u003ccode\u003ec74571f\u003c/code\u003e\u003c/a\u003e Release 0.23.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jnunemaker/httparty/compare/v0.23.1...v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.8 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.8...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.4.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.4.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/garywei944/acad.garywei.dev/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/garywei944/acad.garywei.dev/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/garywei944%2Facad.garywei.dev/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"3953949273","node_id":"PR_kwDONJHnns7Ea5Iq","number":17,"state":"closed","title":"Bump uri from 0.13.2 to 0.13.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-17T18:05:21.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-17T17:45:44.000Z","updated_at":"2026-02-17T18:05:30.000Z","time_to_close":1177,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"0.13.2","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 0.13.2 to 0.13.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.13.2\u0026new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gmoraleda/swift-migration/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/gmoraleda/swift-migration/pull/17","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gmoraleda%2Fswift-migration/issues/17","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/17/packages"}],"issue_packages":[{"old_version":"0.12.5","new_version":"1.1.1","update_type":"major","path":null,"pr_created_at":"2026-05-19T10:13:40.000Z","version_change":"0.12.5 → 1.1.1","issue":{"uuid":"4476481658","node_id":"PR_kwDOFtoPcs7dBT8O","number":401,"state":"closed","title":"Bump uri from 0.12.5 to 1.1.1","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T03:10:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T10:13:40.000Z","updated_at":"2026-05-20T03:10:41.000Z","time_to_close":61018,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"0.12.5","new_version":"1.1.1","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 0.12.5 to 1.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v0.12.5...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.12.5\u0026new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/jellyswitch/new-jellyswitch/pull/401","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jellyswitch%2Fnew-jellyswitch/issues/401","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/401/packages"}},{"old_version":"0.13.1","new_version":"0.13.3","update_type":"patch","path":null,"pr_created_at":"2026-05-05T21:56:55.000Z","version_change":"0.13.1 → 0.13.3","issue":{"uuid":"4387350290","node_id":"PR_kwDOAAtoss7Yj32L","number":2711,"state":"closed","title":"build(deps-dev): bump uri from 0.13.1 to 0.13.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-05T22:04:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-05T21:56:55.000Z","updated_at":"2026-05-05T22:04:57.000Z","time_to_close":480,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps-dev)","packages":[{"name":"uri","old_version":"0.13.1","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 0.13.1 to 0.13.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove userinfo for v0.13.x by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/155\"\u003eruby/uri#155\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.2\"\u003ehttps://github.com/ruby/uri/compare/v0.13.1...v0.13.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cef02d63f5e0d7685631e0ed9324b2801784c871\"\u003e\u003ccode\u003ecef02d6\u003c/code\u003e\u003c/a\u003e Bump up v0.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/07fe169e21b09542473c41a80884bb7fe6ecb468\"\u003e\u003ccode\u003e07fe169\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/155\"\u003e#155\u003c/a\u003e from ruby/remove-userinfo-v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/75aeb4ae19f463e886b570cc0c4a0f8ea8eec069\"\u003e\u003ccode\u003e75aeb4a\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cc7d2c7f532eb3b2cc9b326b2b2cee3f72c9e937\"\u003e\u003ccode\u003ecc7d2c7\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.13.1\u0026new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sinonjs/sinon/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/sinonjs/sinon/pull/2711","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sinonjs%2Fsinon/issues/2711","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2711/packages"}},{"old_version":"1.0.3","new_version":"1.1.1","update_type":"minor","path":null,"pr_created_at":"2026-04-08T08:44:14.000Z","version_change":"1.0.3 → 1.1.1","issue":{"uuid":"4223253824","node_id":"PR_kwDOPJd-3c7Qvt_2","number":4,"state":"closed","title":"Bump the bundler group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T15:00:01.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T08:44:14.000Z","updated_at":"2026-05-18T15:00:04.000Z","time_to_close":3478547,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":6,"packages":[{"name":"faraday","old_version":"2.12.1","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"ruby-lsp","old_version":"0.19.1","new_version":"0.26.9","repository_url":"https://github.com/Shopify/ruby-lsp"},{"name":"addressable","old_version":"2.8.7","new_version":"2.9.0","repository_url":"https://github.com/sporkmonger/addressable"},{"name":"rack","old_version":"3.0.16","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.3","new_version":"1.1.1","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [faraday](https://github.com/lostisland/faraday), [ruby-lsp](https://github.com/Shopify/ruby-lsp), [addressable](https://github.com/sporkmonger/addressable), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml) and [uri](https://github.com/ruby/uri) to permit the latest version.\nUpdates `faraday` from 2.12.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruby-lsp` from 0.19.1 to 0.26.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Shopify/ruby-lsp/releases\"\u003eruby-lsp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev0.26.9\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent workspace_dependencies failing if directory gets removed during execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3980\"\u003eShopify/ruby-lsp#3980\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix semantic token \u003ccode\u003edefaultLibrary\u003c/code\u003e modifier casing (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4005\"\u003eShopify/ruby-lsp#4005\u003c/a\u003e) by \u003ca href=\"https://github.com/a-lavis\"\u003e\u003ccode\u003e@​a-lavis\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix document links for source comments above sig blocks (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4018\"\u003eShopify/ruby-lsp#4018\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.8\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix send_log_message ignoring type parameter (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3969\"\u003eShopify/ruby-lsp#3969\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly reset state after leaving a regex capture (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3970\"\u003eShopify/ruby-lsp#3970\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClean up cancelled requests after processing them (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3971\"\u003eShopify/ruby-lsp#3971\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply lower bound \u003ccode\u003eruby-lsp\u003c/code\u003e version constraint in composed bundle (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3985\"\u003eShopify/ruby-lsp#3985\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure the original CLI arguments are used when updating (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3986\"\u003eShopify/ruby-lsp#3986\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure bundle is re-composed when CLI arguments change (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3987\"\u003eShopify/ruby-lsp#3987\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eStart accepting --beta flag to install beta server version (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3976\"\u003eShopify/ruby-lsp#3976\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.7\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip disable line action for self-resolving cops (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3945\"\u003eShopify/ruby-lsp#3945\u003c/a\u003e) by \u003ca href=\"https://github.com/sucicfilip\"\u003e\u003ccode\u003e@​sucicfilip\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix test runner silent failure on dual-stack IPv4/IPv6 systems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3953\"\u003eShopify/ruby-lsp#3953\u003c/a\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Bundler::GemNotFound error introduced in 0.26.5 (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3961\"\u003eShopify/ruby-lsp#3961\u003c/a\u003e) by \u003ca href=\"https://github.com/jesse-shopify\"\u003e\u003ccode\u003e@​jesse-shopify\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix incompatible addon version activation when Bundler.setup fails after retry (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3963\"\u003eShopify/ruby-lsp#3963\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid failing if \u003ccode\u003eneeds_update\u003c/code\u003e file is deleted by concurrent process (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3964\"\u003eShopify/ruby-lsp#3964\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport IPv4 and IPv6 for LSP reporter connection (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3965\"\u003eShopify/ruby-lsp#3965\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDecouple test reporter IO from test execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3962\"\u003eShopify/ruby-lsp#3962\u003c/a\u003e) by \u003ca href=\"https://github.com/alexcrocha\"\u003e\u003ccode\u003e@​alexcrocha\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.6\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop when collecting transitive excluded gems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3913\"\u003eShopify/ruby-lsp#3913\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't include test files in the gem package (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3916\"\u003eShopify/ruby-lsp#3916\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd rbs to composed bundle update commands (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3938\"\u003eShopify/ruby-lsp#3938\u003c/a\u003e) by \u003ca href=\"https://github.com/modille\"\u003e\u003ccode\u003e@​modille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtract GEMS_TO_UPDATE constant and fix missing prism in command path (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3939\"\u003eShopify/ruby-lsp#3939\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[DOC] Add security documentation (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3928\"\u003eShopify/ruby-lsp#3928\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.5\u003c/h1\u003e\n\u003ch2\u003e✨ Enhancements\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/29ecc8d29dde87e6157a75bc2f0a3eb62db02ea3\"\u003e\u003ccode\u003e29ecc8d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/f6d9ee44200cb2c0bd3feeb75ff9b7547accd6ad\"\u003e\u003ccode\u003ef6d9ee4\u003c/code\u003e\u003c/a\u003e Bump version to v0.26.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/97f817d489a212faa6dd876bf129b300ea492fbc\"\u003e\u003ccode\u003e97f817d\u003c/code\u003e\u003c/a\u003e Remove --branch flag from server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/9e53e7e8366a13e44079f252ee8e5d5000803fe2\"\u003e\u003ccode\u003e9e53e7e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/eb746d3554f8666e980fa3cffc0d03d7aa062fdd\"\u003e\u003ccode\u003eeb746d3\u003c/code\u003e\u003c/a\u003e Bump extension version to v0.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8834520c7d4ebd067527bc9ba0db3aff586e5df8\"\u003e\u003ccode\u003e8834520\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4030\"\u003e#4030\u003c/a\u003e from Shopify/use-prism-parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/e4026eac5293387aa1e77a62253ae5dc5a9806b5\"\u003e\u003ccode\u003ee4026ea\u003c/code\u003e\u003c/a\u003e Use Prism parser for Sorbet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/81843e7a15f2b5428dbe73d87ef3a3ceccb6c411\"\u003e\u003ccode\u003e81843e7\u003c/code\u003e\u003c/a\u003e Bump Sorbet to 0.6.13055\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/b61a59498b70e864ac67c87bafbf72851ecb2ba7\"\u003e\u003ccode\u003eb61a594\u003c/code\u003e\u003c/a\u003e Remove rubyLsp.branch setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8c1e9b6b3f69a45dd6853d43d3dfae158f9e555d\"\u003e\u003ccode\u003e8c1e9b6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4028\"\u003e#4028\u003c/a\u003e from Shopify/dependabot/npm_and_yarn/vscode/minor-an...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Shopify/ruby-lsp/compare/v0.19.1...v0.26.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `addressable` from 2.8.7 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\"\u003eaddressable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAddressable 2.9.0 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete\nremediation in 2.8.10)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.10 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efixes ReDoS vulnerability in Addressable::Template#match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAddressable 2.8.9 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNo need for bundler as development dependency (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e, \u003ca href=\"https://github.com/sporkmonger/addressable/commit/5fc1d93\"\u003e5fc1d93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eidna/pure: stop building the useless \u003ccode\u003eCOMPOSITION_TABLE\u003c/code\u003e (removes the \u003ccode\u003eAddressable::IDNA::COMPOSITION_TABLE\u003c/code\u003e constant) (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/569\"\u003esporkmonger/addressable#569\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/571\"\u003e#571\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/571\"\u003esporkmonger/addressable#571\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/564\"\u003e#564\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/564\"\u003esporkmonger/addressable#564\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAddressable 2.8.8 \u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace the \u003ccode\u003eunicode.data\u003c/code\u003e blob by a ruby constant (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003epublic_suffix\u003c/code\u003e 7 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/561\"\u003e#561\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/561\"\u003esporkmonger/addressable#561\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/558\"\u003e#558\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/sporkmonger/addressable/pull/558\"\u003esporkmonger/addressable#558\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4\"\u003e\u003ccode\u003e0c3e858\u003c/code\u003e\u003c/a\u003e Revving version and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8\"\u003e\u003ccode\u003e91915c1\u003c/code\u003e\u003c/a\u003e Fixing additional vulnerable paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744\"\u003e\u003ccode\u003ea091e39\u003c/code\u003e\u003c/a\u003e Add many more adversarial test cases to ensure we don't have any ReDoS regres...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15\"\u003e\u003ccode\u003e463a819\u003c/code\u003e\u003c/a\u003e Regenerate gemspec on newer rubygems\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0\"\u003e\u003ccode\u003e0afcb0b\u003c/code\u003e\u003c/a\u003e Improve from O(n^2) to O(n)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a\"\u003e\u003ccode\u003ec87f768\u003c/code\u003e\u003c/a\u003e Fix a ReDoS vulnerability in URI template matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5\"\u003e\u003ccode\u003e0d7e9b2\u003c/code\u003e\u003c/a\u003e Fix links for 2.8.9 in CHANGELOG (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/573\"\u003e#573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8\"\u003e\u003ccode\u003ee209120\u003c/code\u003e\u003c/a\u003e Update version, gemspec, and CHANGELOG for 2.8.9 (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/572\"\u003e#572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28\"\u003e\u003ccode\u003e3875874\u003c/code\u003e\u003c/a\u003e Reduce gem size by excluding test files (\u003ca href=\"https://redirect.github.com/sporkmonger/addressable/issues/569\"\u003e#569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a\"\u003e\u003ccode\u003e3e57cc6\u003c/code\u003e\u003c/a\u003e CI: back to \u003ccode\u003ewindows-2022\u003c/code\u003e for MRI job\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.0.16 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.1.21] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.20] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.19] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.18] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.17] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.16] - 2025-06-04\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-47m2-26rw-j2jw\"\u003eCVE-2025-49007\u003c/a\u003e Fix ReDoS in multipart request.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ae8431120e66e92d1885ab8ec0a553d9cad5ec13\"\u003e\u003ccode\u003eae84311\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/87961c306df1894fb5efaa57d29179091b4bc194\"\u003e\u003ccode\u003e87961c3\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fd1c23dc762225e68b50d392142e6a6bf54bf9af\"\u003e\u003ccode\u003efd1c23d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c59d924f215e41ae8ce1bae1633c34f1ca64b182\"\u003e\u003ccode\u003ec59d924\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/176f468e0d575e2f4d7583ff95f30bb53360e3fe\"\u003e\u003ccode\u003e176f468\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/28569342665fee07f161f0974826eb85c1244533\"\u003e\u003ccode\u003e2856934\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/17ce7836be1523a7b453f3c06fe070ad7c954708\"\u003e\u003ccode\u003e17ce783\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/367a2a0ec6fbef605c9412dadfd5763b7867441f\"\u003e\u003ccode\u003e367a2a0\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a17cb99b3440a4db09fb920407adf5ead127704c\"\u003e\u003ccode\u003ea17cb99\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/59a0966a484f2903833fa3e4c81919d3c645738d\"\u003e\u003ccode\u003e59a0966\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.0.16...v3.1.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Lynquatiq/entitlements-github-plugin/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Lynquatiq/entitlements-github-plugin/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lynquatiq%2Fentitlements-github-plugin/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"~\u003e 1.0.4","new_version":"\u003e= 1.0.4, \u003c 1.2.0","update_type":null,"path":null,"pr_created_at":"2026-04-03T21:54:01.000Z","version_change":"~\u003e 1.0.4 → \u003e= 1.0.4, \u003c 1.2.0","issue":{"uuid":"4202340707","node_id":"PR_kwDOAAGm9s7P4RG0","number":15804,"state":"open","title":"Update uri requirement from ~\u003e 1.0.4 to \u003e= 1.0.4, \u003c 1.2.0","user":"dependabot[bot]","labels":["Type: Chore"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-03T21:54:01.000Z","updated_at":"2026-04-04T23:00:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Update","packages":[{"name":"uri","old_version":"~\u003e 1.0.4","new_version":"\u003e= 1.0.4, \u003c 1.2.0","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [uri](https://github.com/ruby/uri) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/chef/chef/pull/15804","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/chef%2Fchef/issues/15804","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15804/packages"}},{"old_version":"1.0.3","new_version":"1.1.1","update_type":"minor","path":null,"pr_created_at":"2026-04-02T18:52:05.000Z","version_change":"1.0.3 → 1.1.1","issue":{"uuid":"4196377004","node_id":"PR_kwDOPJd-3c7PpLmd","number":3,"state":"closed","title":"Bump the bundler group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-08T08:44:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-02T18:52:05.000Z","updated_at":"2026-04-08T08:44:19.000Z","time_to_close":481932,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":5,"packages":[{"name":"faraday","old_version":"2.12.1","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"ruby-lsp","old_version":"0.19.1","new_version":"0.26.9","repository_url":"https://github.com/Shopify/ruby-lsp"},{"name":"rack","old_version":"3.0.16","new_version":"3.1.21","repository_url":"https://github.com/rack/rack"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.3","new_version":"1.1.1","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [faraday](https://github.com/lostisland/faraday), [ruby-lsp](https://github.com/Shopify/ruby-lsp), [rack](https://github.com/rack/rack), [rexml](https://github.com/ruby/rexml) and [uri](https://github.com/ruby/uri) to permit the latest version.\nUpdates `faraday` from 2.12.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruby-lsp` from 0.19.1 to 0.26.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Shopify/ruby-lsp/releases\"\u003eruby-lsp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev0.26.9\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent workspace_dependencies failing if directory gets removed during execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3980\"\u003eShopify/ruby-lsp#3980\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix semantic token \u003ccode\u003edefaultLibrary\u003c/code\u003e modifier casing (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4005\"\u003eShopify/ruby-lsp#4005\u003c/a\u003e) by \u003ca href=\"https://github.com/a-lavis\"\u003e\u003ccode\u003e@​a-lavis\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix document links for source comments above sig blocks (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/4018\"\u003eShopify/ruby-lsp#4018\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.8\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix send_log_message ignoring type parameter (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3969\"\u003eShopify/ruby-lsp#3969\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly reset state after leaving a regex capture (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3970\"\u003eShopify/ruby-lsp#3970\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClean up cancelled requests after processing them (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3971\"\u003eShopify/ruby-lsp#3971\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply lower bound \u003ccode\u003eruby-lsp\u003c/code\u003e version constraint in composed bundle (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3985\"\u003eShopify/ruby-lsp#3985\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure the original CLI arguments are used when updating (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3986\"\u003eShopify/ruby-lsp#3986\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnsure bundle is re-composed when CLI arguments change (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3987\"\u003eShopify/ruby-lsp#3987\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eStart accepting --beta flag to install beta server version (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3976\"\u003eShopify/ruby-lsp#3976\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.7\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip disable line action for self-resolving cops (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3945\"\u003eShopify/ruby-lsp#3945\u003c/a\u003e) by \u003ca href=\"https://github.com/sucicfilip\"\u003e\u003ccode\u003e@​sucicfilip\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix test runner silent failure on dual-stack IPv4/IPv6 systems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3953\"\u003eShopify/ruby-lsp#3953\u003c/a\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Bundler::GemNotFound error introduced in 0.26.5 (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3961\"\u003eShopify/ruby-lsp#3961\u003c/a\u003e) by \u003ca href=\"https://github.com/jesse-shopify\"\u003e\u003ccode\u003e@​jesse-shopify\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix incompatible addon version activation when Bundler.setup fails after retry (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3963\"\u003eShopify/ruby-lsp#3963\u003c/a\u003e) by \u003ca href=\"https://github.com/KaanOzkan\"\u003e\u003ccode\u003e@​KaanOzkan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid failing if \u003ccode\u003eneeds_update\u003c/code\u003e file is deleted by concurrent process (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3964\"\u003eShopify/ruby-lsp#3964\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport IPv4 and IPv6 for LSP reporter connection (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3965\"\u003eShopify/ruby-lsp#3965\u003c/a\u003e) by \u003ca href=\"https://github.com/vinistock\"\u003e\u003ccode\u003e@​vinistock\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDecouple test reporter IO from test execution (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3962\"\u003eShopify/ruby-lsp#3962\u003c/a\u003e) by \u003ca href=\"https://github.com/alexcrocha\"\u003e\u003ccode\u003e@​alexcrocha\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.6\u003c/h1\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix infinite loop when collecting transitive excluded gems (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3913\"\u003eShopify/ruby-lsp#3913\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't include test files in the gem package (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3916\"\u003eShopify/ruby-lsp#3916\u003c/a\u003e) by \u003ca href=\"https://github.com/rafaelfranca\"\u003e\u003ccode\u003e@​rafaelfranca\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd rbs to composed bundle update commands (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3938\"\u003eShopify/ruby-lsp#3938\u003c/a\u003e) by \u003ca href=\"https://github.com/modille\"\u003e\u003ccode\u003e@​modille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtract GEMS_TO_UPDATE constant and fix missing prism in command path (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3939\"\u003eShopify/ruby-lsp#3939\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Other Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[DOC] Add security documentation (\u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/pull/3928\"\u003eShopify/ruby-lsp#3928\u003c/a\u003e) by \u003ca href=\"https://github.com/st0012\"\u003e\u003ccode\u003e@​st0012\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev0.26.5\u003c/h1\u003e\n\u003ch2\u003e✨ Enhancements\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/29ecc8d29dde87e6157a75bc2f0a3eb62db02ea3\"\u003e\u003ccode\u003e29ecc8d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/f6d9ee44200cb2c0bd3feeb75ff9b7547accd6ad\"\u003e\u003ccode\u003ef6d9ee4\u003c/code\u003e\u003c/a\u003e Bump version to v0.26.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/97f817d489a212faa6dd876bf129b300ea492fbc\"\u003e\u003ccode\u003e97f817d\u003c/code\u003e\u003c/a\u003e Remove --branch flag from server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/9e53e7e8366a13e44079f252ee8e5d5000803fe2\"\u003e\u003ccode\u003e9e53e7e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/eb746d3554f8666e980fa3cffc0d03d7aa062fdd\"\u003e\u003ccode\u003eeb746d3\u003c/code\u003e\u003c/a\u003e Bump extension version to v0.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8834520c7d4ebd067527bc9ba0db3aff586e5df8\"\u003e\u003ccode\u003e8834520\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4030\"\u003e#4030\u003c/a\u003e from Shopify/use-prism-parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/e4026eac5293387aa1e77a62253ae5dc5a9806b5\"\u003e\u003ccode\u003ee4026ea\u003c/code\u003e\u003c/a\u003e Use Prism parser for Sorbet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/81843e7a15f2b5428dbe73d87ef3a3ceccb6c411\"\u003e\u003ccode\u003e81843e7\u003c/code\u003e\u003c/a\u003e Bump Sorbet to 0.6.13055\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/b61a59498b70e864ac67c87bafbf72851ecb2ba7\"\u003e\u003ccode\u003eb61a594\u003c/code\u003e\u003c/a\u003e Remove rubyLsp.branch setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shopify/ruby-lsp/commit/8c1e9b6b3f69a45dd6853d43d3dfae158f9e555d\"\u003e\u003ccode\u003e8c1e9b6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Shopify/ruby-lsp/issues/4028\"\u003e#4028\u003c/a\u003e from Shopify/dependabot/npm_and_yarn/vscode/minor-an...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Shopify/ruby-lsp/compare/v0.19.1...v0.26.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.0.16 to 3.1.21\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.1.21] - 2026-04-01\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp\"\u003eCVE-2026-34763\u003c/a\u003e Root directory disclosure via unescaped regex interpolation in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v569-hp3g-36wr\"\u003eCVE-2026-34230\u003c/a\u003e Avoid O(n^2) algorithm in \u003ccode\u003eRack::Utils.select_best_encoding\u003c/code\u003e which could lead to denial of service.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qfgr-crr9-7r49\"\u003eCVE-2026-32762\u003c/a\u003e Forwarded header semicolon injection enables Host and Scheme spoofing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-vgpv-f759-9wx3\"\u003eCVE-2026-26961\u003c/a\u003e Raise error for multipart requests with multiple boundary parameters.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q4qf-9j86-f5mh\"\u003eCVE-2026-34786\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e \u003ccode\u003eheader_rules\u003c/code\u003e bypass via URL-encoded path mismatch.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-q2ww-5357-x388\"\u003eCVE-2026-34831\u003c/a\u003e \u003ccode\u003eContent-Length\u003c/code\u003e mismatch in \u003ccode\u003eRack::Files\u003c/code\u003e error responses.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx\"\u003eCVE-2026-34826\u003c/a\u003e Multipart byte range processing allows denial of service via excessive overlapping ranges.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-g2pf-xv49-m2h5\"\u003eCVE-2026-34835\u003c/a\u003e \u003ccode\u003eRack::Request\u003c/code\u003e accepts invalid Host characters, enabling host allowlist bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-qv7j-4883-hwh7\"\u003eCVE-2026-34830\u003c/a\u003e \u003ccode\u003eRack::Sendfile\u003c/code\u003e header-based \u003ccode\u003eX-Accel-Mapping\u003c/code\u003e regex injection enables unauthorized \u003ccode\u003eX-Accel-Redirect\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq\"\u003eCVE-2026-34785\u003c/a\u003e \u003ccode\u003eRack::Static\u003c/code\u003e prefix matching can expose unintended files under the static root.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-8vqr-qjwx-82mw\"\u003eCVE-2026-34829\u003c/a\u003e Multipart parsing without \u003ccode\u003eContent-Length\u003c/code\u003e header allows unbounded chunked file uploads.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x\"\u003eCVE-2026-34827\u003c/a\u003e Multipart header parsing allows denial of service via escape-heavy quoted parameters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.20] - 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.19] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.18] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.17] - 2025-10-07\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-wpv5-97wm-hp9c\"\u003eCVE-2025-61772\u003c/a\u003e Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw\"\u003eCVE-2025-61771\u003c/a\u003e Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-p543-xpfm-54cp\"\u003eCVE-2025-61770\u003c/a\u003e Unbounded multipart preamble buffering enables DoS (memory exhaustion)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.1.16] - 2025-06-04\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-47m2-26rw-j2jw\"\u003eCVE-2025-49007\u003c/a\u003e Fix ReDoS in multipart request.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ae8431120e66e92d1885ab8ec0a553d9cad5ec13\"\u003e\u003ccode\u003eae84311\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/87961c306df1894fb5efaa57d29179091b4bc194\"\u003e\u003ccode\u003e87961c3\u003c/code\u003e\u003c/a\u003e Fix typo in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fd1c23dc762225e68b50d392142e6a6bf54bf9af\"\u003e\u003ccode\u003efd1c23d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003elogger\u003c/code\u003e to gemfile.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/c59d924f215e41ae8ce1bae1633c34f1ca64b182\"\u003e\u003ccode\u003ec59d924\u003c/code\u003e\u003c/a\u003e Fix test expectation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/176f468e0d575e2f4d7583ff95f30bb53360e3fe\"\u003e\u003ccode\u003e176f468\u003c/code\u003e\u003c/a\u003e Add Ruby v4.0 to the test matrix.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/28569342665fee07f161f0974826eb85c1244533\"\u003e\u003ccode\u003e2856934\u003c/code\u003e\u003c/a\u003e Drop EOL Rubies from external tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/17ce7836be1523a7b453f3c06fe070ad7c954708\"\u003e\u003ccode\u003e17ce783\u003c/code\u003e\u003c/a\u003e Limit the number of quoted escapes during multipart parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/367a2a0ec6fbef605c9412dadfd5763b7867441f\"\u003e\u003ccode\u003e367a2a0\u003c/code\u003e\u003c/a\u003e Add Content-Length size check in Rack::Multipart::Parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a17cb99b3440a4db09fb920407adf5ead127704c\"\u003e\u003ccode\u003ea17cb99\u003c/code\u003e\u003c/a\u003e Fix root prefix bug in Rack::Static\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/59a0966a484f2903833fa3e4c81919d3c645738d\"\u003e\u003ccode\u003e59a0966\u003c/code\u003e\u003c/a\u003e Only do a simple substitution on the x-accel-mapping paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.0.16...v3.1.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Lynquatiq/entitlements-github-plugin/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Lynquatiq/entitlements-github-plugin/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lynquatiq%2Fentitlements-github-plugin/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"1.0.3","new_version":"1.0.4","update_type":"patch","path":null,"pr_created_at":"2026-04-01T09:32:27.000Z","version_change":"1.0.3 → 1.0.4","issue":{"uuid":"4185523178","node_id":"PR_kwDOOYsges7PMwSv","number":5,"state":"open","title":"chore(deps): bump uri from 1.0.3 to 1.0.4","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-01T09:32:27.000Z","updated_at":"2026-04-01T09:32:32.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"uri","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 1.0.3 to 1.0.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=1.0.3\u0026new-version=1.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/arthrod/explore/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/arthrod/explore/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthrod%2Fexplore/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"1.0.2","new_version":"1.0.4","update_type":"patch","path":null,"pr_created_at":"2026-03-31T17:22:13.000Z","version_change":"1.0.2 → 1.0.4","issue":{"uuid":"4180962941","node_id":"PR_kwDOHZEAys7PBAZm","number":56,"state":"closed","title":"Bump uri from 1.0.2 to 1.0.4","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-22T05:01:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-31T17:22:13.000Z","updated_at":"2026-05-22T05:01:40.000Z","time_to_close":4448365,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"1.0.2","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 1.0.2 to 1.0.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.1 to 2.10.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/136\"\u003eruby/uri#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump rubygems/release-gem from 612653d273a73bdae1df8453e090060bb4db5f31 to 9e85cb11501bebc2ae661c1500176316d3987059 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/137\"\u003eruby/uri#137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent a warning: URI::REGEXP is obsolete by \u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/138\"\u003eruby/uri#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevisit deprecated test  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/139\"\u003eruby/uri#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress deprecate warning of test class (retry) by \u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/140\"\u003eruby/uri#140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix README by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/142\"\u003eruby/uri#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump rubygems/release-gem from 1.1.0 to 1.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/143\"\u003eruby/uri#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.2 to 2.10.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/144\"\u003eruby/uri#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.3 to 2.10.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/145\"\u003eruby/uri#145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake documentation 100% by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/147\"\u003eruby/uri#147\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.4 to 2.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/153\"\u003eruby/uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove userinfo  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/154\"\u003eruby/uri#154\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/138\"\u003eruby/uri#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.0.3\"\u003ehttps://github.com/ruby/uri/compare/v1.0.2...v1.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/3213f4a0f80f10c8f36993dbb9eabe7f2c1b50fd\"\u003e\u003ccode\u003e3213f4a\u003c/code\u003e\u003c/a\u003e Bump up v1.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5a3fa52fc7629310254d4fffe9c4a6edf6fed848\"\u003e\u003ccode\u003e5a3fa52\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/154\"\u003e#154\u003c/a\u003e from ruby/remove-userinfo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5\"\u003e\u003ccode\u003e2789182\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495\"\u003e\u003ccode\u003e3675494\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f198601f68f9f7f70b7cf9ca0439e0453b83a456\"\u003e\u003ccode\u003ef198601\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/153\"\u003e#153\u003c/a\u003e from ruby/dependabot/github_actions/step-security/har...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c0594630f0219ffb48f1f2a9bd2621ecf055b39b\"\u003e\u003ccode\u003ec059463\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.10.4 to 2.11.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.","html_url":"https://github.com/dpep/rspec-twirp/pull/56","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpep%2Frspec-twirp/issues/56","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/56/packages"}},{"old_version":"1.0.3","new_version":"1.1.1","update_type":"minor","path":null,"pr_created_at":"2026-03-24T19:27:55.000Z","version_change":"1.0.3 → 1.1.1","issue":{"uuid":"4130174658","node_id":"PR_kwDOOTp4f87NHPm7","number":4,"state":"closed","title":"Bump the bundler group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-25T22:10:58.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-24T19:27:55.000Z","updated_at":"2026-03-25T22:11:00.000Z","time_to_close":96183,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":9,"packages":[{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.7","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"carrierwave","old_version":"1.3.4","new_version":"2.2.6","repository_url":"https://github.com/carrierwaveuploader/carrierwave"},{"name":"aws-sdk-s3","old_version":"1.183.0","new_version":"1.208.0","repository_url":"https://github.com/aws/aws-sdk-ruby"},{"name":"actionview","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activerecord","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activestorage","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"activesupport","old_version":"8.0.2","new_version":"8.0.4.1","repository_url":"https://github.com/rails/rails"},{"name":"uri","old_version":"1.0.3","new_version":"1.1.1","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [carrierwave](https://github.com/carrierwaveuploader/carrierwave), [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby), [actionview](https://github.com/rails/rails), [activerecord](https://github.com/rails/rails), [activestorage](https://github.com/rails/rails), [activesupport](https://github.com/rails/rails) and [uri](https://github.com/ruby/uri) to permit the latest version.\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.7 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8\"\u003ev2.13.8\u003c/a\u003e to address CVE-2025-32414 and CVE-2025-32415. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc\"\u003eGHSA-5w6v-399v-w3cc\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.7...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `carrierwave` from 1.3.4 to 2.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/releases\"\u003ecarrierwave's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/blob/v2.2.6/CHANGELOG.md\"\u003ecarrierwave's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.2.6 - 2024-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability remained (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e4317871\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw\"\u003eGHSA-vfmv-jfc5-pjjw\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.5 - 2023-11-29\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Content-Type allowlist bypass vulnerability, possibly leading to XSS (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e39b282d\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj\"\u003eGHSA-gxhx-g4fq-49hj\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.4 - 2023-06-10\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Ruby 2.7 keyword argument warning in uploader process (\u003ca href=\"https://github.com/SuperTux88\"\u003e\u003ccode\u003e@​SuperTux88\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2665\"\u003e#2665\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2636\"\u003e#2636\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2635\"\u003e#2635\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3 - 2022-11-21\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c74579d382ad124193e80cc5af71824a23de57e6\"\u003ec74579d\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2628\"\u003e#2628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workaround for the API change in ssrf_filter 1.1 (\u003ca href=\"https://github.com/BrianHawley\"\u003e\u003ccode\u003e@​BrianHawley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2629\"\u003e#2629\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2625\"\u003e#2625\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2 - 2021-05-28\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eno implicit conversion of CSV into String\u003c/code\u003e error when parsing a CSV object (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2562\"\u003e#2562\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2559\"\u003e#2559\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1 - 2021-03-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mimemagic with marcel due to licensing concern (\u003ca href=\"https://github.com/pjmartorell\"\u003e\u003ccode\u003e@​pjmartorell\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2551\"\u003e#2551\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2548\"\u003e#2548\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/42c620a1a19afa61e15e617faa7ce9cc89ec1863\"\u003e42c620a1\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2532\"\u003e#2532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0 - 2021-02-23\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003elibvips support through \u003ca href=\"https://github.com/janko/image_processing\"\u003eImageProcessing::Vips\u003c/a\u003e and \u003ca href=\"https://github.com/libvips/ruby-vips\"\u003eruby-vips\u003c/a\u003e (\u003ca href=\"https://github.com/rhymes\"\u003e\u003ccode\u003e@​rhymes\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2500\"\u003e#2500\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/e84219787aa1c95a55cbc78ad062b7539d8e5813\"\u003ee8421978\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4ae8dc64ff0dcbcf66c6d79df90268d57438df55\"\u003e4ae8dc64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProvide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2491\"\u003e#2491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport for the latest version of RMagick (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/88f24451352bda128825f857cde473107d98fca7\"\u003e88f24451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e#(content_type|extension)_whitelist\u003c/code\u003e, \u003ccode\u003e#(content_type|extension)_blacklist\u003c/code\u003e are deprecated. Use \u003ccode\u003e#(content_type|extension)_allowlist\u003c/code\u003e and \u003ccode\u003e#(content_type|extension)_denylist\u003c/code\u003e instead (\u003ca href=\"https://github.com/grantbdev\"\u003e\u003ccode\u003e@​grantbdev\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2442\"\u003e#2442\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/4c3cac75f3a473e941045c23ebb781f61af67d79\"\u003e4c3cac75\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCalculate Fog expiration taking DST into account (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/f90e14ca91892d677ee6ed42321a21a2fe98f360\"\u003ef90e14ca\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2059\"\u003e#2059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet correct content type on copy of fog files (\u003ca href=\"https://github.com/ZuevEvgenii\"\u003e\u003ccode\u003e@​ZuevEvgenii\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2503\"\u003e#2503\u003c/a\u003e, \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/6682f7ac5dd480269448a614026a5f4524e61550\"\u003e6682f7ac\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fog-google support to pass acl_header for public read if fog is public (\u003ca href=\"https://github.com/yosiat\"\u003e\u003ccode\u003e@​yosiat\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2525\"\u003e#2525\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2426\"\u003e#2426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix various URL escape issues by escaping on URI parse error only (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/3faf7491e33bd10ae8b3e0010501fc96a76c21c3\"\u003e3faf7491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2457\"\u003e#2457\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2473\"\u003e#2473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix instance variables \u003ccode\u003e@versions_to_*\u003c/code\u003e not initialized warning (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/c10b82ed2f7b20cb58772281e3510dc70c410732\"\u003ec10b82ed\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2493\"\u003e#2493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSanitizedFile#move_to\u003c/code\u003e wrongly detects content_type based on the path before move (\u003ca href=\"https://github.com/mshibuya\"\u003e\u003ccode\u003e@​mshibuya\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/a42e1b4c504c6f69c4c4c7802ebd45523134c42e\"\u003ea42e1b4c\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2495\"\u003e#2495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix returning invalid content type on text files (\u003ca href=\"https://github.com/inkstak\"\u003e\u003ccode\u003e@​inkstak\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2474\"\u003e#2474\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2424\"\u003e#2424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip content type and extension filters where possible (\u003ca href=\"https://github.com/alexpooley\"\u003e\u003ccode\u003e@​alexpooley\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2464\"\u003e#2464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix file's \u003ccode\u003e#url\u003c/code\u003e being called twice, which might be costly for non-local files (\u003ca href=\"https://github.com/skyeagle\"\u003e\u003ccode\u003e@​skyeagle\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2519\"\u003e#2519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection failing with types which contain \u003ccode\u003e+\u003c/code\u003e symbol, such as \u003ccode\u003eimage/svg+xml\u003c/code\u003e (\u003ca href=\"https://github.com/sylvainbx\"\u003e\u003ccode\u003e@​sylvainbx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2489\"\u003e#2489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003e#cached?\u003c/code\u003e to return boolean instead of \u003ccode\u003e@cache_id\u003c/code\u003e value (\u003ca href=\"https://github.com/kmiyake\"\u003e\u003ccode\u003e@​kmiyake\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2510\"\u003e#2510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix mime type detection for MS Office files (\u003ca href=\"https://github.com/anthonypenner\"\u003e\u003ccode\u003e@​anthonypenner\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/pull/2447\"\u003e#2447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/eb6359e79fee43d1c480b0f50d9a585b3c3b1c1c\"\u003e\u003ccode\u003eeb6359e\u003c/code\u003e\u003c/a\u003e Version 2.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2\"\u003e\u003ccode\u003e4317871\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability remained\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/0fcff94cebce07b856531d6502b11466e8331409\"\u003e\u003ccode\u003e0fcff94\u003c/code\u003e\u003c/a\u003e Version 2.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5\"\u003e\u003ccode\u003e39b282d\u003c/code\u003e\u003c/a\u003e Fix Content-Type allowlist bypass vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f91bee6487d8e5d8bd2c1a88dd25269a2c1e4d0\"\u003e\u003ccode\u003e2f91bee\u003c/code\u003e\u003c/a\u003e Version 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/2f2d77a42e9f871ae342920581050cc6669e5c7c\"\u003e\u003ccode\u003e2f2d77a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/carrierwaveuploader/carrierwave/issues/2665\"\u003e#2665\u003c/a\u003e from SuperTux88/backport-kwargs-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/52237f4992c1dd39dca3bdbac7aa6b242947915d\"\u003e\u003ccode\u003e52237f4\u003c/code\u003e\u003c/a\u003e fix: ruby 2.7 kwarg warning in uploader process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/bdb0be021107a75faabdce4121e493ad3efdcea4\"\u003e\u003ccode\u003ebdb0be0\u003c/code\u003e\u003c/a\u003e File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/ed8c518c8ac0186cb25623895ca40706a65bb7cd\"\u003e\u003ccode\u003eed8c518\u003c/code\u003e\u003c/a\u003e Forward to 1.x changelog for older changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/commit/baf5df7d9acea95f46eaea456743241ef3d644f5\"\u003e\u003ccode\u003ebaf5df7\u003c/code\u003e\u003c/a\u003e Version 2.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/carrierwaveuploader/carrierwave/compare/v1.3.4...v2.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-sdk-s3` from 1.183.0 to 1.208.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md\"\u003eaws-sdk-s3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.208.0 (2025-12-16)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.207.0 (2025-12-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.206.0 (2025-12-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - New S3 Storage Class FSX_ONTAP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.205.0 (2025-11-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Enable / Disable ABAC on a general purpose bucket.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.204.0 (2025-11-19)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Adds support for blocking SSE-C writes to general purpose buckets.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.1 (2025-11-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIssue - Deprecated \u003ccode\u003e:checksum_mode\u003c/code\u003e parameter in \u003ccode\u003eFileDownloader#download\u003c/code\u003e. When set to \u0026quot;DISABLED\u0026quot;, a deprecation warning is issued and the parameter is ignored. Use \u003ccode\u003e:response_checksum_validation\u003c/code\u003e on the S3 client instead to control checksum validation behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.203.0 (2025-11-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Launch IPv6 dual-stack support for S3 Express\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.202.0 (2025-10-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.201.0 (2025-10-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature - Code Generated Changes, see \u003ccode\u003e./build_tools\u003c/code\u003e or \u003ccode\u003eaws-sdk-core\u003c/code\u003e's CHANGELOG.md for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIssue - Fix multipart upload to respect \u003ccode\u003erequest_checksum_calculation\u003c/code\u003e \u003ccode\u003ewhen_required\u003c/code\u003e mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.200.0 (2025-10-15)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aws/aws-sdk-ruby/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actionview` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactionview's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924\"\u003e\u003ccode\u003ec79a07d\u003c/code\u003e\u003c/a\u003e Skip blank attribute names in Action View tag helpers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2f3eb21bd6da9a4935314d4a0663c473c4d33700\"\u003e\u003ccode\u003e2f3eb21\u003c/code\u003e\u003c/a\u003e Sync CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/9ab450a023290ff50ed37c8561880a78dabbf19a\"\u003e\u003ccode\u003e9ab450a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55490\"\u003e#55490\u003c/a\u003e from Earlopain/bump-rubocop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/95bee6a4c8132b4caf53e073f7b01ce5cdeed4a6\"\u003e\u003ccode\u003e95bee6a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55738\"\u003e#55738\u003c/a\u003e from skipkayhil/hm-nkxzsnnrqqlyrotw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6409b24dd20ee4076ec3dbefba9edc3376bf13f1\"\u003e\u003ccode\u003e6409b24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55719\"\u003e#55719\u003c/a\u003e from skipkayhil/hm-fix-label-for-namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0160f42886e2ebeb7a0680f073b870326f14c12a\"\u003e\u003ccode\u003e0160f42\u003c/code\u003e\u003c/a\u003e Sync CHANGELOGs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activerecord` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactiverecord's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2f3eb21bd6da9a4935314d4a0663c473c4d33700\"\u003e\u003ccode\u003e2f3eb21\u003c/code\u003e\u003c/a\u003e Sync CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6981fd2fbeadc8bc7db6547604cf2df13cb18a40\"\u003e\u003ccode\u003e6981fd2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55969\"\u003e#55969\u003c/a\u003e from rails/fix-explain-tests-mysql-9.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/52347e0467445b350f482838da5bb503c155eb72\"\u003e\u003ccode\u003e52347e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55938\"\u003e#55938\u003c/a\u003e from aidanharan/truthy-condition-mssql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d2826215f9c9c1fe2f1c91e292171a042be1e9c5\"\u003e\u003ccode\u003ed282621\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55925\"\u003e#55925\u003c/a\u003e from flavorjones/flavorjones/shard-swap-prohibition...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/511dbf2665746e54240c07b93b0d0ddc184873f9\"\u003e\u003ccode\u003e511dbf2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55907\"\u003e#55907\u003c/a\u003e from ruyrocha/fix/sqlite3-data-loss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/bf9219d62aed746260e853cebe98503c8c27cdd5\"\u003e\u003ccode\u003ebf9219d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55918\"\u003e#55918\u003c/a\u003e from baarde/with-bound-sql-literals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/865bc776d039645bd4b7f2c826ab4e0aaadf51b6\"\u003e\u003ccode\u003e865bc77\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55332\"\u003e#55332\u003c/a\u003e from zzak/re-54882\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/dee79c4a74723ce8016b2e96e3d6d5723f673aa6\"\u003e\u003ccode\u003edee79c4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55778\"\u003e#55778\u003c/a\u003e from ianterrell/ianterrell/fix-autosave-changed-via...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activestorage` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivestorage's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf\"\u003e\u003ccode\u003e955284d\u003c/code\u003e\u003c/a\u003e Prevent glob injection in ActiveStorage DiskService#delete_prefixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348\"\u003e\u003ccode\u003ea290c8a\u003c/code\u003e\u003c/a\u003e Prevent path traversal in ActiveStorage DiskService\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e\"\u003e\u003ccode\u003e8fcb934\u003c/code\u003e\u003c/a\u003e Active Storage: Filter user supplied metadata in DirectUploadController\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/d7da4ef03f99035fba5add8828646f1e9173549c\"\u003e\u003ccode\u003ed7da4ef\u003c/code\u003e\u003c/a\u003e ActiveStorage::Streaming limit range requests to a single range\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5\"\u003e\u003ccode\u003e2cd933c\u003c/code\u003e\u003c/a\u003e Configurable maxmimum streaming chunk size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/82f2c96c394b0cf2c2208a7cbf8ebb4fa591ebd6\"\u003e\u003ccode\u003e82f2c96\u003c/code\u003e\u003c/a\u003e Disable GCS tests in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/529f933fc8b13114d308dd0752f76a9e293c8537\"\u003e\u003ccode\u003e529f933\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.3 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `activesupport` from 8.0.2 to 8.0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rails/rails/releases\"\u003eactivesupport's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.4.1\u003c/h2\u003e\n\u003ch2\u003eActive Support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReject scientific notation in NumberConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33176]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33170]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove performance of NumberToDelimitedConverter\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33169]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eJean Boussier\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Model\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Record\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction View\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSkip blank attribute names in tag helpers to avoid generating invalid HTML.\u003c/p\u003e\n\u003cp\u003e[CVE-2026-33168]\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eMike Dalessio\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAction Pack\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eActive Job\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/a79efed95797b196575a98845dc989e3106a9acb\"\u003e\u003ccode\u003ea79efed\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ac7979b1183bd659779245eaf2850f666cb8aafe\"\u003e\u003ccode\u003eac7979b\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11\"\u003e\u003ccode\u003e29154f1\u003c/code\u003e\u003c/a\u003e Improve performance of NumberToDelimitedConverter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db\"\u003e\u003ccode\u003e6e8a811\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eSafeBuffer#%\u003c/code\u003e to preserve unsafe status\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856\"\u003e\u003ccode\u003eee2c59e\u003c/code\u003e\u003c/a\u003e NumberConverter: reject scientific notation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/5b6ad9db89b30b48753cced1fb261781a716fcb4\"\u003e\u003ccode\u003e5b6ad9d\u003c/code\u003e\u003c/a\u003e Lock some dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/624fe3cdb9ab774ff598af29f408425178da6677\"\u003e\u003ccode\u003e624fe3c\u003c/code\u003e\u003c/a\u003e Preparing for 8.0.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/0ddf2c97b27d25aa1e450545d59ff867df31253f\"\u003e\u003ccode\u003e0ddf2c9\u003c/code\u003e\u003c/a\u003e Delete test that now fails with new version of benchmark gem\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/3c7a8a8208221c3f01bc841a8f7015ea00e86427\"\u003e\u003ccode\u003e3c7a8a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55864\"\u003e#55864\u003c/a\u003e from RicardoTrindade/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rails/rails/commit/00e1dfa973ce121d767c299a02d05b028caf8b5c\"\u003e\u003ccode\u003e00e1dfa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/rails/rails/issues/55840\"\u003e#55840\u003c/a\u003e from zzak/asup-xml-mini-bigdecimal-float-precision\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rails/rails/compare/v8.0.2...v8.0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LelandParker/openproject/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/LelandParker/openproject/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/LelandParker%2Fopenproject/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"0.13.2","new_version":"0.13.3","update_type":"patch","path":null,"pr_created_at":"2026-03-24T01:57:18.000Z","version_change":"0.13.2 → 0.13.3","issue":{"uuid":"4124726057","node_id":"PR_kwDOOHIAw87M2-vi","number":8,"state":"closed","title":"Bump the bundler group across 16 directories with 5 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-24T02:01:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-24T01:57:18.000Z","updated_at":"2026-03-24T02:01:38.000Z","time_to_close":260,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":5,"packages":[{"name":"faraday","old_version":"2.12.2","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.3","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.11","new_version":"2.2.22","repository_url":"https://github.com/rack/rack"},{"name":"uri","old_version":"0.13.2","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"faraday","old_version":"2.12.2","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"rack","old_version":"3.1.8","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"}],"path":null,"ecosystem":"rubygems"},"body":"Updates the requirements on [faraday](https://github.com/lostisland/faraday), [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri) to permit the latest version.\nUpdates `faraday` from 2.12.2 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.2...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.3 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8\"\u003ev2.13.8\u003c/a\u003e to address CVE-2025-32414 and CVE-2025-32415. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc\"\u003eGHSA-5w6v-399v-w3cc\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.7 / 2025-03-31\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7\"\u003ev2.13.7\u003c/a\u003e, which is a bugfix release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.6 / 2025-03-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.3...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 2.2.11 to 2.2.22\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.11...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 0.13.2 to 0.13.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.11...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.11...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.11...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `faraday` from 2.12.2 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.2...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.8 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack...\n\n_Description has been truncated_","html_url":"https://github.com/vitolothomas1986/gitlabhq/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vitolothomas1986%2Fgitlabhq/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"1.0.3","new_version":"1.0.4","update_type":"patch","path":null,"pr_created_at":"2026-03-21T13:02:29.000Z","version_change":"1.0.3 → 1.0.4","issue":{"uuid":"4112451051","node_id":"PR_kwDOLNTHZs7MW0PG","number":16,"state":"closed","title":"Bump the bundler group across 17 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-21T13:15:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-21T13:02:29.000Z","updated_at":"2026-03-21T13:16:04.000Z","time_to_close":805,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":4,"packages":[{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"2.2.19","new_version":"2.2.22","repository_url":"https://github.com/rack/rack"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"3.1.17","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"uri","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"},{"name":"nokogiri","old_version":"1.18.9","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rack","old_version":"3.1.17","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"bcrypt","old_version":"3.1.20","new_version":"3.1.22","repository_url":"https://github.com/bcrypt-ruby/bcrypt-ruby"}],"path":null,"ecosystem":"rubygems"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps the bundler group with 3 updates in the /Ruby/baseball/asagao directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/exercises directory: [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_dojo_1/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_dojo_2/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_dojo_3/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_dojo_4/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_1/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_10/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_11/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_2/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_3/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_4/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 3 updates in the /Ruby/progate/rails5_study_5/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rack](https://github.com/rack/rack).\nBumps the bundler group with 4 updates in the /Ruby/progate/rails5_study_6/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri).\nBumps the bundler group with 4 updates in the /Ruby/progate/rails5_study_7/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri).\nBumps the bundler group with 4 updates in the /Ruby/progate/rails5_study_8/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri).\nBumps the bundler group with 4 updates in the /Ruby/progate/rails5_study_9/tweet_app directory: [bcrypt](https://github.com/bcrypt-ruby/bcrypt-ruby), [nokogiri](https://github.com/sparklemotion/nokogiri), [rack](https://github.com/rack/rack) and [uri](https://github.com/ruby/uri).\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 2.2.19 to 2.2.22\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.19...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.17 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.19...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark as ractor-safe by \u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd == gotcha that can be unintuitive at first by \u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConstant compare by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/282\"\u003ebcrypt-ruby/bcrypt-ruby#282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etry to modernize CI by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/287\"\u003ebcrypt-ruby/bcrypt-ruby#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry to deal with flaky tests by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/288\"\u003ebcrypt-ruby/bcrypt-ruby#288\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure trusted publishing by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/289\"\u003ebcrypt-ruby/bcrypt-ruby#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump version by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/290\"\u003ebcrypt-ruby/bcrypt-ruby#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mohamedhafez\"\u003e\u003ccode\u003e@​mohamedhafez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/280\"\u003ebcrypt-ruby/bcrypt-ruby#280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/federicoaldunate\"\u003e\u003ccode\u003e@​federicoaldunate\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/279\"\u003ebcrypt-ruby/bcrypt-ruby#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.21\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG\"\u003ebcrypt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.1.22 Mar 18 2026\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2026-33306] Fix integer overflow in Java extension\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.1.21 Dec 31 2025\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse constant time comparisons\u003c/li\u003e\n\u003cli\u003eMark as Ractor safe\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/831ce64cb0a9502130fa93a28bfd9527a5fa45c4\"\u003e\u003ccode\u003e831ce64\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/32e687ec5f62baad01a62e4634e41d97f8432a61\"\u003e\u003ccode\u003e32e687e\u003c/code\u003e\u003c/a\u003e bump version update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4\"\u003e\u003ccode\u003e5faa274\u003c/code\u003e\u003c/a\u003e Fix integer overflow in JRuby BCrypt rounds calculation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/aafc0332ac1aa0d774f2c864439596436f92d18d\"\u003e\u003ccode\u003eaafc033\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/294\"\u003e#294\u003c/a\u003e from bcrypt-ruby/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01f947a66ad8c5e20d8c89d9adbc7e3bd49afb70\"\u003e\u003ccode\u003e01f947a\u003c/code\u003e\u003c/a\u003e fix env url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/92ca1d67deeb8e64dbe779396c52b177e307bc43\"\u003e\u003ccode\u003e92ca1d6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/293\"\u003e#293\u003c/a\u003e from bcrypt-ruby/truffleruby-ci-alt-implementation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/4d1d95b8ec624d0cf8ed1099402a7edd2f308da2\"\u003e\u003ccode\u003e4d1d95b\u003c/code\u003e\u003c/a\u003e Add TruffleRuby in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/36a04a2278fae3b38100912ff489b86cd0984b8a\"\u003e\u003ccode\u003e36a04a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/291\"\u003e#291\u003c/a\u003e from tenderlove/fix-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/01cc68835f0bcdd7ef16de477471c112adb417da\"\u003e\u003ccode\u003e01cc688\u003c/code\u003e\u003c/a\u003e Move compilation after bundle install\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/commit/82e6c4c6cf81912768c68d721372e78330ff2c92\"\u003e\u003ccode\u003e82e6c4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/issues/290\"\u003e#290\u003c/a\u003e from tenderlove/bump\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.20...v3.1.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.9 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.9...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.1.17 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/0cc2e00b22dffc33955ef912569f01e515a406e1\"\u003e\u003ccode\u003e0cc2e00\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/a5725c031b2717758851f1eadd9b9dfe7555745a\"\u003e\u003ccode\u003ea5725c0\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/175e7d206b8ff2bce4d98d7ba429adf73c674bfb\"\u003e\u003ccode\u003e175e7d2\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/3472037aacef99319a62c9e9109b81efc5ba1294\"\u003e\u003ccode\u003e3472037\u003c/code\u003e\u003c/a\u003e Fix changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/851dc02672eca361a48e5a097818aa3cec1d3206\"\u003e\u003ccode\u003e851dc02\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/1e6aeda3d08a5cefd9cf3be4bbef304c2b75aa9c\"\u003e\u003ccode\u003e1e6aeda\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/6ef591522bb44f80654ad1a80654ba46cafdc7c1\"\u003e\u003ccode\u003e6ef5915\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881\"\u003e\u003ccode\u003e4e2c903\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85\"\u003e\u003ccode\u003efba2c8b\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed3d8340d1a7955332b51e74c1075ef3547c09dd\"\u003e\u003ccode\u003eed3d834\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rack/rack/compare/v2.2.19...v2.2.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bcrypt` from 3.1.20 to 3.1.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/releases\"\u003ebcrypt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove compilation after bundle install by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/291\"\u003ebcrypt-ruby/bcrypt-ruby#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd TruffleRuby in CI by \u003ca href=\"https://github.com/tjschuck\"\u003e\u003ccode\u003e@​tjschuck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/293\"\u003ebcrypt-ruby/bcrypt-ruby#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix env url by \u003ca href=\"https://github.com/tenderlove\"\u003e\u003ccode\u003e@​tenderlove\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/294\"\u003ebcrypt-ruby/bcrypt-ruby#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\"\u003ehttps://github.com/bcrypt-ruby/bcrypt-ruby/compare/v3.1.21...v3.1.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.21\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProvide a 'Changelog' link on rubygems.org/gems/bcrypt by \u003ca href=\"https://github.com/mark-young-atg\"\u003e\u003ccode\u003e@​mark-young-atg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/274\"\u003ebcrypt-ruby/bcrypt-ruby#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport ruby 3.3 and 3.4.0-preview1 by \u003ca href=\"https://github.com/m-nakamura145\"\u003e\u003ccode\u003e@​m-nakamura145\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/bcrypt-ruby/bcrypt-ruby/pull/276\"\u003ebcrypt-ruby/bcrypt-ruby#276\u003c/a...\n\n_Description has been truncated_","html_url":"https://github.com/tsk-brc/Learning/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsk-brc%2FLearning/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"}},{"old_version":"0.13.1","new_version":"0.13.3","update_type":"patch","path":null,"pr_created_at":"2026-03-18T21:51:45.000Z","version_change":"0.13.1 → 0.13.3","issue":{"uuid":"4097900762","node_id":"PR_kwDOAElTNs7LrSDJ","number":16,"state":"closed","title":"Bump uri from 0.13.1 to 0.13.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-18T22:14:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-18T21:51:45.000Z","updated_at":"2026-03-18T22:14:41.000Z","time_to_close":1370,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"0.13.1","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps [uri](https://github.com/ruby/uri) from 0.13.1 to 0.13.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove userinfo for v0.13.x by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/155\"\u003eruby/uri#155\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.2\"\u003ehttps://github.com/ruby/uri/compare/v0.13.1...v0.13.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cef02d63f5e0d7685631e0ed9324b2801784c871\"\u003e\u003ccode\u003ecef02d6\u003c/code\u003e\u003c/a\u003e Bump up v0.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/07fe169e21b09542473c41a80884bb7fe6ecb468\"\u003e\u003ccode\u003e07fe169\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/155\"\u003e#155\u003c/a\u003e from ruby/remove-userinfo-v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/75aeb4ae19f463e886b570cc0c4a0f8ea8eec069\"\u003e\u003ccode\u003e75aeb4a\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cc7d2c7f532eb3b2cc9b326b2b2cee3f72c9e937\"\u003e\u003ccode\u003ecc7d2c7\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.13.1\u0026new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/JanAhrens/JanAhrens.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/JanAhrens/JanAhrens.github.io/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/JanAhrens%2FJanAhrens.github.io/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"}},{"old_version":"1.0.3","new_version":"1.0.4","update_type":"patch","path":null,"pr_created_at":"2026-03-12T17:20:49.000Z","version_change":"1.0.3 → 1.0.4","issue":{"uuid":"4066123517","node_id":"PR_kwDOCpp2Ys7KHHto","number":628,"state":"open","title":"bundler(deps): bump uri from 1.0.3 to 1.0.4","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-12T17:20:49.000Z","updated_at":"2026-03-12T17:23:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"bundler(deps)","packages":[{"name":"uri","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 1.0.3 to 1.0.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=1.0.3\u0026new-version=1.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/azureossd/azureossd.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/azureossd/azureossd.github.io/pull/628","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/azureossd%2Fazureossd.github.io/issues/628","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/628/packages"}},{"old_version":"1.0.2","new_version":"1.1.1","update_type":"minor","path":null,"pr_created_at":"2026-03-10T11:52:54.000Z","version_change":"1.0.2 → 1.1.1","issue":{"uuid":"4051268770","node_id":"PR_kwDORjOOFs7JXCuA","number":2,"state":"closed","title":"Bump the bundler group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-10T12:11:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-10T11:52:54.000Z","updated_at":"2026-03-10T12:12:08.000Z","time_to_close":1141,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":4,"packages":[{"name":"faraday","old_version":"2.12.1","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"rack","old_version":"3.0.9.1","new_version":"3.1.20","repository_url":"https://github.com/rack/rack"},{"name":"rexml","old_version":"3.3.6","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.2","new_version":"1.1.1"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 3 updates in the / directory: [faraday](https://github.com/lostisland/faraday), [rack](https://github.com/rack/rack) and [rexml](https://github.com/ruby/rexml).\n\nUpdates `faraday` from 2.12.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rack` from 3.0.9.1 to 3.1.20\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\"\u003erack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep A Changelog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-whrj-4476-wvmp\"\u003eCVE-2026-25500\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh\"\u003eCVE-2026-22860\u003c/a\u003e Directory traversal via root prefix bypass in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSPEC Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefine \u003ccode\u003erack.response_finished\u003c/code\u003e callback arguments more strictly. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2365\"\u003e#2365\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Files#assign_headers\u003c/code\u003e to allow overriding how the configured file headers are set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2377\"\u003e#2377\u003c/a\u003e, \u003ca href=\"https://github.com/codergeek121\"\u003e\u003ccode\u003e@​codergeek121\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003erack.response_finished\u003c/code\u003e to \u003ccode\u003eRack::TempfileReaper\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2363\"\u003e#2363\u003c/a\u003e, \u003ca href=\"https://github.com/skipkayhil\"\u003e\u003ccode\u003e@​skipkayhil\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for streaming bodies when using \u003ccode\u003eRack::Events\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375\"\u003e#2375\u003c/a\u003e, \u003ca href=\"https://github.com/unflxw\"\u003e\u003ccode\u003e@​unflxw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003edeflaters\u003c/code\u003e option to \u003ccode\u003eRack::Deflater\u003c/code\u003e to enable custom compression algorithms like zstd. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2168\"\u003e#2168\u003c/a\u003e, \u003ca href=\"https://github.com/alexanderadam\"\u003e\u003ccode\u003e@​alexanderadam\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRack::Request#prefetch?\u003c/code\u003e for identifying requests with \u003ccode\u003eSec-Purpose: prefetch\u003c/code\u003e header set. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2405\"\u003e#2405\u003c/a\u003e, \u003ca href=\"https://github.com/glaszig\"\u003e\u003ccode\u003e@​glaszig\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003erack.request.trusted_proxy\u003c/code\u003e environment key to indicate whether the request is coming from a trusted proxy.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRaise before exceeding a part limit, not after. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2362\"\u003e#2362\u003c/a\u003e, \u003ca href=\"https://github.com/matthew-puku\"\u003e\u003ccode\u003e@​matthew-puku\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRack::Deflater now uses a fixed GZip mtime value. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2372\"\u003e#2372\u003c/a\u003e, \u003ca href=\"https://github.com/bensheldon\"\u003e\u003ccode\u003e@​bensheldon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMultipart parser drops support for RFC 2231 \u003ccode\u003efilename*\u003c/code\u003e parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2398\"\u003e#2398\u003c/a\u003e, \u003ca href=\"https://github.com/wtn\"\u003e\u003ccode\u003e@​wtn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe query parser now raises \u003ccode\u003eRack::QueryParser::IncompatibleEncodingError\u003c/code\u003e if we try to parse params that are not ASCII compatible. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2416\"\u003e#2416\u003c/a\u003e, \u003ca href=\"https://github.com/bquorning\"\u003e\u003ccode\u003e@​bquorning\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eRack::MockResponse#body\u003c/code\u003e when the body is a Proc. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2420\"\u003e#2420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/rack/rack/pull/2423\"\u003e#2423\u003c/a\u003e, \u003ca href=\"https://github.com/tavianator\"\u003e\u003ccode\u003e@​tavianator\u003c/code\u003e\u003c/a\u003e, [\u003ca href=\"https://github.com/ioquatix\"\u003e\u003ccode\u003e@​ioquatix\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.4] - 2025-11-03\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMultipart parser: limit MIME header size check to the unread buffer region to avoid false \u003ccode\u003emultipart mime part header too large\u003c/code\u003e errors when previously read data accumulates in the scan buffer. (\u003ca href=\"https://redirect.github.com/rack/rack/pull/2392\"\u003e#2392\u003c/a\u003e, \u003ca href=\"https://github.com/alpaca-tc\"\u003e\u003ccode\u003e@​alpaca-tc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/willnet\"\u003e\u003ccode\u003e@​willnet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krororo\"\u003e\u003ccode\u003e@​krororo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3] - 2025-10-10\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-r657-rxjc-j557\"\u003eCVE-2025-61780\u003c/a\u003e Improper handling of headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/advisories/GHSA-6xw4-3v39-52mm\"\u003eCVE-2025-61919\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/65044344e4780d80b409f9ba27df41b6307b5ff5\"\u003e\u003ccode\u003e6504434\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/48e90303ea09cdcf5091104c1ffc94a2f74e2c5b\"\u003e\u003ccode\u003e48e9030\u003c/code\u003e\u003c/a\u003e Prevent directory traversal via root prefix bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ed0f455074f9d6aade9793bd8a3dc4aeaecaacd6\"\u003e\u003ccode\u003eed0f455\u003c/code\u003e\u003c/a\u003e XSS injection via malicious filename in \u003ccode\u003eRack::Directory\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/b29df3156208326916cf60482eaec42574b65ff0\"\u003e\u003ccode\u003eb29df31\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/72719a8a7447186234379d9bff889273ec3cd35d\"\u003e\u003ccode\u003e72719a8\u003c/code\u003e\u003c/a\u003e Allow Multipart head to span read boundary. (\u003ca href=\"https://redirect.github.com/rack/rack/issues/2392\"\u003e#2392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/96cf07879a084e4488d705ed093395e86bb554f5\"\u003e\u003ccode\u003e96cf078\u003c/code\u003e\u003c/a\u003e Bump patch version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db\"\u003e\u003ccode\u003ecbd541e\u003c/code\u003e\u003c/a\u003e Unbounded read in \u003ccode\u003eRack::Request\u003c/code\u003e form parsing can lead to memory exhaustion.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a\"\u003e\u003ccode\u003e7e69f65\u003c/code\u003e\u003c/a\u003e Improper handling of proxy headers in \u003ccode\u003eRack::Sendfile\u003c/code\u003e may allow proxy bypass.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/db6bc0f64f24a3aa1aa83223da112e25333b049a\"\u003e\u003ccode\u003edb6bc0f\u003c/code\u003e\u003c/a\u003e Normalize adivsories links.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rack/rack/commit/ad81f80d4bc2db6e3ba15c5b1d3b23205f7c5810\"\u003e\u003ccode\u003ead81f80\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eErrno::EPIPE\u003c/code\u003e in multipart tests.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rack/rack/compare/v3.0.9.1...v3.1.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.6 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.6...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.2 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/orest2027/communityc223/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/orest2027/communityc223/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/orest2027%2Fcommunityc223/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"0.13.0","new_version":"0.13.3","update_type":"patch","path":"/github-sdks/ruby in the bundler group across 1 directory","pr_created_at":"2026-03-08T22:03:06.000Z","version_change":"0.13.0 → 0.13.3","issue":{"uuid":"4042279908","node_id":"PR_kwDORhO0587I54LJ","number":2,"state":"open","title":"Bump uri from 0.13.0 to 0.13.3 in /github-sdks/ruby in the bundler group across 1 directory","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-08T22:03:06.000Z","updated_at":"2026-03-08T22:03:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"0.13.0","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"}],"path":"/github-sdks/ruby in the bundler group across 1 directory","ecosystem":"rubygems"},"body":"Bumps the bundler group with 1 update in the /github-sdks/ruby directory: [uri](https://github.com/ruby/uri).\n\nUpdates `uri` from 0.13.0 to 0.13.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove userinfo for v0.13.x by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/155\"\u003eruby/uri#155\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.2\"\u003ehttps://github.com/ruby/uri/compare/v0.13.1...v0.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefine RFC2396_PARSER for Ruby 3.3 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/119\"\u003eruby/uri#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.0...v0.13.1\"\u003ehttps://github.com/ruby/uri/compare/v0.13.0...v0.13.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cef02d63f5e0d7685631e0ed9324b2801784c871\"\u003e\u003ccode\u003ecef02d6\u003c/code\u003e\u003c/a\u003e Bump up v0.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/07fe169e21b09542473c41a80884bb7fe6ecb468\"\u003e\u003ccode\u003e07fe169\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/155\"\u003e#155\u003c/a\u003e from ruby/remove-userinfo-v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/75aeb4ae19f463e886b570cc0c4a0f8ea8eec069\"\u003e\u003ccode\u003e75aeb4a\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cc7d2c7f532eb3b2cc9b326b2b2cee3f72c9e937\"\u003e\u003ccode\u003ecc7d2c7\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/56490e426e7c1d02d900a990f842f6f18c7a9f77\"\u003e\u003ccode\u003e56490e4\u003c/code\u003e\u003c/a\u003e Bump up 0.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/108c95ceb8f83c1e6da8d3ced7506b87841a948d\"\u003e\u003ccode\u003e108c95c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/119\"\u003e#119\u003c/a\u003e from ruby/define-rfc2396-parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.0...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.13.0\u0026new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/404CellPhoneRepair/Github-Examples/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/404CellPhoneRepair/Github-Examples/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/404CellPhoneRepair%2FGithub-Examples/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"1.0.3","new_version":"1.0.4","update_type":"patch","path":null,"pr_created_at":"2026-03-08T04:08:38.000Z","version_change":"1.0.3 → 1.0.4","issue":{"uuid":"4040408964","node_id":"PR_kwDOQxHn9c7I0KLH","number":5,"state":"open","title":"Bump uri from 1.0.3 to 1.0.4","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-08T04:08:38.000Z","updated_at":"2026-04-08T11:56:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 1.0.3 to 1.0.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/SkyMeilin/Gravatar-SDK-Android-Neu/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SkyMeilin%2FGravatar-SDK-Android-Neu/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"0.13.0","new_version":"0.13.3","update_type":"patch","path":null,"pr_created_at":"2026-02-28T11:11:25.000Z","version_change":"0.13.0 → 0.13.3","issue":{"uuid":"4004475868","node_id":"PR_kwDOAWa9Js7G_9hR","number":57,"state":"closed","title":"Bump uri from 0.13.0 to 0.13.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-28T11:25:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-28T11:11:25.000Z","updated_at":"2026-02-28T11:25:19.000Z","time_to_close":832,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"0.13.0","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 0.13.0 to 0.13.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove userinfo for v0.13.x by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/155\"\u003eruby/uri#155\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.1...v0.13.2\"\u003ehttps://github.com/ruby/uri/compare/v0.13.1...v0.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.13.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefine RFC2396_PARSER for Ruby 3.3 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/119\"\u003eruby/uri#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.0...v0.13.1\"\u003ehttps://github.com/ruby/uri/compare/v0.13.0...v0.13.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cef02d63f5e0d7685631e0ed9324b2801784c871\"\u003e\u003ccode\u003ecef02d6\u003c/code\u003e\u003c/a\u003e Bump up v0.13.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/07fe169e21b09542473c41a80884bb7fe6ecb468\"\u003e\u003ccode\u003e07fe169\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/155\"\u003e#155\u003c/a\u003e from ruby/remove-userinfo-v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/75aeb4ae19f463e886b570cc0c4a0f8ea8eec069\"\u003e\u003ccode\u003e75aeb4a\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/cc7d2c7f532eb3b2cc9b326b2b2cee3f72c9e937\"\u003e\u003ccode\u003ecc7d2c7\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/56490e426e7c1d02d900a990f842f6f18c7a9f77\"\u003e\u003ccode\u003e56490e4\u003c/code\u003e\u003c/a\u003e Bump up 0.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/108c95ceb8f83c1e6da8d3ced7506b87841a948d\"\u003e\u003ccode\u003e108c95c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/119\"\u003e#119\u003c/a\u003e from ruby/define-rfc2396-parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.0...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.13.0\u0026new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/JanGorman/jangorman.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/JanGorman/jangorman.github.io/pull/57","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/JanGorman%2Fjangorman.github.io/issues/57","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/57/packages"}},{"old_version":"1.0.2","new_version":"1.0.4","update_type":"patch","path":"the bundler group across 1 directory","pr_created_at":"2026-02-25T22:52:19.000Z","version_change":"1.0.2 → 1.0.4","issue":{"uuid":"3992253507","node_id":"PR_kwDORPpVyM7GX8Rc","number":2,"state":"closed","title":"Bump uri from 1.0.2 to 1.0.4 in the bundler group across 1 directory","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-25T22:52:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-25T22:52:19.000Z","updated_at":"2026-02-25T22:52:31.000Z","time_to_close":11,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"1.0.2","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":"the bundler group across 1 directory","ecosystem":"rubygems"},"body":"Bumps the bundler group with 1 update in the / directory: [uri](https://github.com/ruby/uri).\n\nUpdates `uri` from 1.0.2 to 1.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.1 to 2.10.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/136\"\u003eruby/uri#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump rubygems/release-gem from 612653d273a73bdae1df8453e090060bb4db5f31 to 9e85cb11501bebc2ae661c1500176316d3987059 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/137\"\u003eruby/uri#137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent a warning: URI::REGEXP is obsolete by \u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/138\"\u003eruby/uri#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevisit deprecated test  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/139\"\u003eruby/uri#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress deprecate warning of test class (retry) by \u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/140\"\u003eruby/uri#140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix README by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/142\"\u003eruby/uri#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump rubygems/release-gem from 1.1.0 to 1.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/143\"\u003eruby/uri#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.2 to 2.10.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/144\"\u003eruby/uri#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.3 to 2.10.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/145\"\u003eruby/uri#145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake documentation 100% by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/147\"\u003eruby/uri#147\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump step-security/harden-runner from 2.10.4 to 2.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/153\"\u003eruby/uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove userinfo  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/154\"\u003eruby/uri#154\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mame\"\u003e\u003ccode\u003e@​mame\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/138\"\u003eruby/uri#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.0.3\"\u003ehttps://github.com/ruby/uri/compare/v1.0.2...v1.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/3213f4a0f80f10c8f36993dbb9eabe7f2c1b50fd\"\u003e\u003ccode\u003e3213f4a\u003c/code\u003e\u003c/a\u003e Bump up v1.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5a3fa52fc7629310254d4fffe9c4a6edf6fed848\"\u003e\u003ccode\u003e5a3fa52\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/154\"\u003e#154\u003c/a\u003e from ruby/remove-userinfo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5\"\u003e\u003ccode\u003e2789182\u003c/code\u003e\u003c/a\u003e Fix merger of URI with authority component\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495\"\u003e\u003ccode\u003e3675494\u003c/code\u003e\u003c/a\u003e Truncate userinfo with URI#join, URI#merge and URI#+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f198601f68f9f7f70b7cf9ca0439e0453b83a456\"\u003e\u003ccode\u003ef198601\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/153\"\u003e#153\u003c/a\u003e from ruby/dependabot/github_actions/step-security/har...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c0594630f0219ffb48f1f2a9bd2621ecf055b39b\"\u003e\u003ccode\u003ec059463\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.10.4 to 2.11.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=1.0.2\u0026new-version=1.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rabiaafter60-jpg/community/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/rabiaafter60-jpg/community/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabiaafter60-jpg%2Fcommunity/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"1.0.2","new_version":"1.1.1","update_type":"minor","path":null,"pr_created_at":"2026-02-23T21:21:12.000Z","version_change":"1.0.2 → 1.1.1","issue":{"uuid":"3980220366","node_id":"PR_kwDOAFNc7s7FwLhV","number":37,"state":"closed","title":"Bump the bundler group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-24T11:55:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-23T21:21:12.000Z","updated_at":"2026-02-24T11:55:30.000Z","time_to_close":52456,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":4,"packages":[{"name":"faraday","old_version":"2.12.1","new_version":"2.14.1","repository_url":"https://github.com/lostisland/faraday"},{"name":"nokogiri","old_version":"1.16.7","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rexml","old_version":"3.3.9","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.2","new_version":"1.1.1"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 3 updates in the / directory: [faraday](https://github.com/lostisland/faraday), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rexml](https://github.com/ruby/rexml).\n\nUpdates `faraday` from 2.12.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lostisland/faraday/releases\"\u003efaraday's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eSecurity Note\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix, we recommend all users to upgrade as soon as possible.\nA Security Advisory with more details will be posted shortly.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RFC document for Options architecture refactoring plan by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1644\"\u003elostisland/faraday#1644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1655\"\u003elostisland/faraday#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicit top-level namespace reference by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1657\"\u003elostisland/faraday#1657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1642\"\u003elostisland/faraday#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse newer \u003ccode\u003eUnprocessableContent\u003c/code\u003e naming for 422 by \u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConvert strings to UTF-8 by \u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eResponse#to_hash\u003c/code\u003e when response not finished yet by \u003ca href=\"https://github.com/yykamei\"\u003e\u003ccode\u003e@​yykamei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1639\"\u003elostisland/faraday#1639\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc/Docs 📄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLint: use \u003ccode\u003efilter_map\u003c/code\u003e by \u003ca href=\"https://github.com/olleolleolle\"\u003e\u003ccode\u003e@​olleolleolle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1637\"\u003elostisland/faraday#1637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/checkout\u003c/code\u003e from v4 to v5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1636\"\u003elostisland/faraday#1636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes documentation by \u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/c960657\"\u003e\u003ccode\u003e@​c960657\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1624\"\u003elostisland/faraday#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dharamgollapudi\"\u003e\u003ccode\u003e@​dharamgollapudi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1635\"\u003elostisland/faraday#1635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tylerhunt\"\u003e\u003ccode\u003e@​tylerhunt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1638\"\u003elostisland/faraday#1638\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove error handling logic and add missing test coverage by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1633\"\u003elostisland/faraday#1633\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/lostisland/faraday/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix type assumption in \u003ccode\u003eFaraday::Error\u003c/code\u003e by \u003ca href=\"https://github.com/iMacTia\"\u003e\u003ccode\u003e@​iMacTia\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lostisland/faraday/pull/1630\"\u003elostisland/faraday#1630\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87\"\u003e\u003ccode\u003e16cbd38\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc\"\u003e\u003ccode\u003ea6d3a3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7\"\u003e\u003ccode\u003eb23f710\u003c/code\u003e\u003c/a\u003e Explicit top-level namespace reference (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8\"\u003e\u003ccode\u003e49ba4ac\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1655\"\u003e#1655\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7\"\u003e\u003ccode\u003e51a49bc\u003c/code\u003e\u003c/a\u003e Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340\"\u003e\u003ccode\u003e894f65c\u003c/code\u003e\u003c/a\u003e Add RFC document for Options architecture refactoring plan (\u003ca href=\"https://redirect.github.com/lostisland/faraday/issues/1644\"\u003e#1644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f\"\u003e\u003ccode\u003e397e3de\u003c/code\u003e\u003c/a\u003e Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3\"\u003e\u003ccode\u003ed98c65c\u003c/code\u003e\u003c/a\u003e Update Faraday-specific AI agent guidelines\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c\"\u003e\u003ccode\u003e56c18ec\u003c/code\u003e\u003c/a\u003e Add AI agent guidelines specific to Faraday repository\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a\"\u003e\u003ccode\u003e3201a42\u003c/code\u003e\u003c/a\u003e Version bump to 2.14.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lostisland/faraday/compare/v2.12.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.16.7 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\r\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\r\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\r\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\r\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\r\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\r\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\r\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\r\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\r\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\r\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\r\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\r\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\r\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\r\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\r\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\r\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\r\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\r\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\r\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\r\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.8 / 2025-04-21\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8\"\u003ev2.13.8\u003c/a\u003e to address CVE-2025-32414 and CVE-2025-32415. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc\"\u003eGHSA-5w6v-399v-w3cc\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.7 / 2025-03-31\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7\"\u003ev2.13.7\u003c/a\u003e, which is a bugfix release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.6 / 2025-03-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.16.7...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.3.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.2 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRe-allow consecutive, leading and trailing dots in EMAIL_REGEXP by \u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/osyoyu\"\u003e\u003ccode\u003e@​osyoyu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/189\"\u003eruby/uri#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/ruby/uri/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use the latest version of setup-ruby and bump up to Ruby 3.4 by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/158\"\u003eruby/uri#158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the mention to removed \u003ccode\u003eURI.escape/URI::Escape\u003c/code\u003e by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse a fully qualified name in warning messages by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/150\"\u003eruby/uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eRactor#value\u003c/code\u003e by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/163\"\u003eruby/uri#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unnecessary workaround  by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/164\"\u003eruby/uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape reserved characters in scheme name by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/148\"\u003eruby/uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[DOC] State that uri library is needed to call Kernel#URI by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/167\"\u003eruby/uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrefer dedicated assertion methods by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/169\"\u003eruby/uri#169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the message for unexpected argument by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/171\"\u003eruby/uri#171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake URI::regexp schemes case sensitive (\u003ca href=\"https://redirect.github.com/ruby/uri/issues/38\"\u003e#38\u003c/a\u003e) by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/170\"\u003eruby/uri#170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe local part should not contain leading or trailing dots in the EMAIL_REGEXP by \u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMore checks in \u003ccode\u003eEMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/172\"\u003eruby/uri#172\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not allow empty host names, as they are not allowed by RFC 3986 by \u003ca href=\"https://github.com/jeremyevans\"\u003e\u003ccode\u003e@​jeremyevans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/116\"\u003eruby/uri#116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance of \u003ccode\u003eURI::MailTo::EMAIL_REGEXP\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/173\"\u003eruby/uri#173\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerformance test stability by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/174\"\u003eruby/uri#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate documents that used \u003ccode\u003eURI::Parser\u003c/code\u003e by \u003ca href=\"https://github.com/nobu\"\u003e\u003ccode\u003e@​nobu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/175\"\u003eruby/uri#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a workflow to sync commits to ruby/ruby by \u003ca href=\"https://github.com/k0kubun\"\u003e\u003ccode\u003e@​k0kubun\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/183\"\u003eruby/uri#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eirb\u003c/code\u003e to the Gemfile to fix the warning by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/182\"\u003eruby/uri#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by \u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch a parsing behavior completely when switching a parser by \u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/161\"\u003eruby/uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimprove error message by \u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse generic version number to VERSION by \u003ca href=\"https://github.com/hsbt\"\u003e\u003ccode\u003e@​hsbt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/187\"\u003eruby/uri#187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/y-yagi\"\u003e\u003ccode\u003e@​y-yagi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/146\"\u003eruby/uri#146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nlevchuk\"\u003e\u003ccode\u003e@​nlevchuk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/124\"\u003eruby/uri#124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vivshaw\"\u003e\u003ccode\u003e@​vivshaw\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/166\"\u003eruby/uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/soda92\"\u003e\u003ccode\u003e@​soda92\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ruby/uri/pull/130\"\u003eruby/uri#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.4...v1.1.0\"\u003ehttps://github.com/ruby/uri/compare/v1.0.4...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f1b05c89ab38667e7564896f994d4d6cfbc67149\"\u003e\u003ccode\u003ef1b05c8\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/8557e8d470ad7b969ba11d210e33b9570919661d\"\u003e\u003ccode\u003e8557e8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/189\"\u003e#189\u003c/a\u003e from osyoyu/restore-whatwg-email-regexp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c551d7020bba3cf452e696d55c451ae951d0f24b\"\u003e\u003ccode\u003ec551d70\u003c/code\u003e\u003c/a\u003e Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/c41903b3e4df8ba2ceba16a80d3156a97a81e038\"\u003e\u003ccode\u003ec41903b\u003c/code\u003e\u003c/a\u003e v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/b433f3499202b2abc27c5211554195243d083f88\"\u003e\u003ccode\u003eb433f34\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/187\"\u003e#187\u003c/a\u003e from ruby/switch-version-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/1fc4f0496a2d44f4af317d8f786a50e9f6918656\"\u003e\u003ccode\u003e1fc4f04\u003c/code\u003e\u003c/a\u003e Use generic version number to VERSION and generate VERSION_CODE from that\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e8306800d9b58f37f3847e8d598599cb1ef36f3c\"\u003e\u003ccode\u003ee830680\u003c/code\u003e\u003c/a\u003e Exclude dependabot updates from release note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/70d245fa46786b9aa4970c4b815cfe8b1b823bf6\"\u003e\u003ccode\u003e70d245f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/130\"\u003e#130\u003c/a\u003e from soda92/improve-error-message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d629c8c1541330e4fc50879fbafc0701728e447f\"\u003e\u003ccode\u003ed629c8c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/161\"\u003e#161\u003c/a\u003e from y-yagi/fix_changing_parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/fec6733919edb140bbdc429ed4b0492776ebc4a2\"\u003e\u003ccode\u003efec6733\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ruby/uri/issues/166\"\u003e#166\u003c/a\u003e from vivshaw/vivshaw/correct-obsolete-parse\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.2...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aheusingfeld/aheusingfeld.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/aheusingfeld/aheusingfeld.github.io/pull/37","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aheusingfeld%2Faheusingfeld.github.io/issues/37","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/37/packages"}},{"old_version":"1.0.3","new_version":"1.0.4","update_type":"patch","path":null,"pr_created_at":"2026-02-20T00:05:14.000Z","version_change":"1.0.3 → 1.0.4","issue":{"uuid":"3965772917","node_id":"PR_kwDOMHsMr87FBcqQ","number":6,"state":"closed","title":"Bump the bundler group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-22T03:39:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-20T00:05:14.000Z","updated_at":"2026-02-22T03:39:56.000Z","time_to_close":185681,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"bundler","update_count":4,"packages":[{"name":"httparty","old_version":"0.23.1","new_version":"0.24.0","repository_url":"https://github.com/jnunemaker/httparty"},{"name":"nokogiri","old_version":"1.18.8","new_version":"1.19.1","repository_url":"https://github.com/sparklemotion/nokogiri"},{"name":"rexml","old_version":"3.4.1","new_version":"3.4.2","repository_url":"https://github.com/ruby/rexml"},{"name":"uri","old_version":"1.0.3","new_version":"1.0.4","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps the bundler group with 4 updates in the / directory: [httparty](https://github.com/jnunemaker/httparty), [nokogiri](https://github.com/sparklemotion/nokogiri), [rexml](https://github.com/ruby/rexml) and [uri](https://github.com/ruby/uri).\n\nUpdates `httparty` from 0.23.1 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jnunemaker/httparty/releases\"\u003ehttparty's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.24.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eForce binary encoding throughout by \u003ca href=\"https://github.com/jnunemaker\"\u003e\u003ccode\u003e@​jnunemaker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/823\"\u003ejnunemaker/httparty#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eset Content-Type for Hash body in requests by \u003ca href=\"https://github.com/jnunemaker\"\u003e\u003ccode\u003e@​jnunemaker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/828\"\u003ejnunemaker/httparty#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: stream multipart file uploads to reduce memory usage by \u003ca href=\"https://github.com/jnunemaker\"\u003e\u003ccode\u003e@​jnunemaker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/829\"\u003ejnunemaker/httparty#829\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent SSRF via absolute URL bypassing base_uri by \u003ca href=\"https://github.com/jnunemaker\"\u003e\u003ccode\u003e@​jnunemaker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/830\"\u003ejnunemaker/httparty#830\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jnunemaker/httparty/compare/v0.23.2...v0.24.0\"\u003ehttps://github.com/jnunemaker/httparty/compare/v0.23.2...v0.24.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.23.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd changelog_uri metadata to gemspec by \u003ca href=\"https://github.com/baraidrissa\"\u003e\u003ccode\u003e@​baraidrissa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/817\"\u003ejnunemaker/httparty#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix multipart with files in binary mode and fields including non-ASCII characters by \u003ca href=\"https://github.com/rdimartino\"\u003e\u003ccode\u003e@​rdimartino\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/822\"\u003ejnunemaker/httparty#822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baraidrissa\"\u003e\u003ccode\u003e@​baraidrissa\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/817\"\u003ejnunemaker/httparty#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rdimartino\"\u003e\u003ccode\u003e@​rdimartino\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/pull/822\"\u003ejnunemaker/httparty#822\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jnunemaker/httparty/compare/v0.23.1...v0.23.2\"\u003ehttps://github.com/jnunemaker/httparty/compare/v0.23.1...v0.23.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/55ec76e8d1df7903eab3f7c2367991400d3cf65e\"\u003e\u003ccode\u003e55ec76e\u003c/code\u003e\u003c/a\u003e Release 0.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/ddfbc8ddfca03d4f4026b01763ee906071ca558b\"\u003e\u003ccode\u003eddfbc8d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/issues/830\"\u003e#830\u003c/a\u003e from jnunemaker/fix-ssrf-base-uri-bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240\"\u003e\u003ccode\u003e0529bcd\u003c/code\u003e\u003c/a\u003e fix: prevent SSRF via absolute URL bypassing base_uri (GHSA-hm5p-x4rq-38w4)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/05f38fd35d8088b9770513c2eaecce671f0940ec\"\u003e\u003ccode\u003e05f38fd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/issues/829\"\u003e#829\u003c/a\u003e from jnunemaker/memory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/8901c238c00d0aca8920271314c4c5d7dd2701fb\"\u003e\u003ccode\u003e8901c23\u003c/code\u003e\u003c/a\u003e feat: stream multipart file uploads to reduce memory usage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/091bd6aa909e38822b72f8ce2383385cf8eeb302\"\u003e\u003ccode\u003e091bd6a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/issues/828\"\u003e#828\u003c/a\u003e from jnunemaker/issue-826\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/59c0ac5f3d906fb6be2133c1b89d75329755af8f\"\u003e\u003ccode\u003e59c0ac5\u003c/code\u003e\u003c/a\u003e feat: set Content-Type for Hash body in requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/5c8b45e6297d181d99a56f5297dade3e358cc6f9\"\u003e\u003ccode\u003e5c8b45e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jnunemaker/httparty/issues/823\"\u003e#823\u003c/a\u003e from jnunemaker/mixed-encodings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/6419cb307dd435572963e4ab40cd96b41389efcf\"\u003e\u003ccode\u003e6419cb3\u003c/code\u003e\u003c/a\u003e Force binary encoding throughout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnunemaker/httparty/commit/c74571f7925c8e142d02c2b7d6ebeedf923b1dd1\"\u003e\u003ccode\u003ec74571f\u003c/code\u003e\u003c/a\u003e Release 0.23.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jnunemaker/httparty/compare/v0.23.1...v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nokogiri` from 1.18.8 to 1.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/releases\"\u003enokogiri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003ecfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem\n1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem\n0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem\n3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem\ndfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem\n1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem\n110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem\n7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem\n1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem\n4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem\n598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre\u003e\u003ccode\u003e11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem\neb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem\n572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem\n23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem\n0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem\n5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem\n05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem\n1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem\nf482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem\n1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem\ne304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\"\u003enokogiri's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.1 / 2026-02-16\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Address unchecked return value from \u003ccode\u003exmlC14NExecute\u003c/code\u003e which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532\"\u003eGHSA-wx95-c6cv-8532\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.19.0 / 2025-12-28\u003c/h2\u003e\n\u003ch4\u003eRuby\u003c/h4\u003e\n\u003cp\u003eThis release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce native gem support for Ruby 4.0. \u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3590\"\u003e#3590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnd support for Ruby 3.1, for which \u003ca href=\"https://www.ruby-lang.org/en/downloads/branches/\"\u003eupstream support ended 2025-03-26\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnd support for JRuby 9.4 (which targets Ruby 3.1 compatibility).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.10 / 2025-09-15\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Vendored libxml2 is updated to \u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9\"\u003ev2.13.9\u003c/a\u003e. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.\u003c/li\u003e\n\u003cli\u003e[CRuby] [Windows and MacOS] Vendored libiconv is updated to \u003ca href=\"https://savannah.gnu.org/news/?id=10703\"\u003ev1.18\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.18.9 / 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See \u003ca href=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8\"\u003eGHSA-353f-x4gh-cqq8\u003c/a\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd\"\u003e\u003ccode\u003ed913045\u003c/code\u003e\u003c/a\u003e version bump to v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb\"\u003e\u003ccode\u003eb81cb98\u003c/code\u003e\u003c/a\u003e doc: update CHANGELOG for upcoming v1.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3\"\u003e\u003ccode\u003e8e66809\u003c/code\u003e\u003c/a\u003e C14n raise on failure (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3600\"\u003e#3600\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a\"\u003e\u003ccode\u003e5b77f3d\u003c/code\u003e\u003c/a\u003e Raise RuntimeError when canonicalization fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9\"\u003e\u003ccode\u003eedc5595\u003c/code\u003e\u003c/a\u003e Thank sponsors in the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2\"\u003e\u003ccode\u003ed4dc245\u003c/code\u003e\u003c/a\u003e dep: update rdoc to v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8\"\u003e\u003ccode\u003ed77bfb6\u003c/code\u003e\u003c/a\u003e version bump to v1.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd\"\u003e\u003ccode\u003e1eb5c2c\u003c/code\u003e\u003c/a\u003e dev: convert scripts/test-gem-set to use mise\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d\"\u003e\u003ccode\u003e88a120f\u003c/code\u003e\u003c/a\u003e dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (\u003ca href=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3592\"\u003e#3592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e\"\u003e\u003ccode\u003ef8c8f74\u003c/code\u003e\u003c/a\u003e Skip the parser compression test for Windows system libs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sparklemotion/nokogiri/compare/v1.18.8...v1.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rexml` from 3.4.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/releases\"\u003erexml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eREXML 3.4.2 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/rexml/blob/master/NEWS.md\"\u003erexml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.4.2 - 2025-08-26 {#version-3-4-2}\u003c/h2\u003e\n\u003ch3\u003eImprovement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImproved performance.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/244\"\u003eGH-244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/245\"\u003eGH-245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/246\"\u003eGH-246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/249\"\u003eGH-249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/256\"\u003eGH-256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRaise appropriate exception when failing to match start tag in DOCTYPE\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/247\"\u003eGH-247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate accepting array as an element in XPath.match, first and each\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/252\"\u003eGH-252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by tomoya ishida\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't call needless encoding_updated\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/259\"\u003eGH-259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by Sutou Kouhei\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReuse XPath::match\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/263\"\u003eGH-263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache redundant calls for doctype\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003eGH-264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse Safe Navigation (\u0026amp;.) from Ruby 2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003eGH-265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemove redundant return statements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003eGH-266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by pboling\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded XML declaration check \u0026amp; Source#skip_spaces method\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003eGH-282\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by NAITOH Jun\u003c/li\u003e\n\u003cli\u003eReported by Sofi Aberegg\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix docs typo\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/248\"\u003eGH-248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch by James Coleman\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe\"\u003e\u003ccode\u003ef36916f\u003c/code\u003e\u003c/a\u003e Add 3.4.2 entry (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23\"\u003e\u003ccode\u003e5859bde\u003c/code\u003e\u003c/a\u003e Added XML declaration check \u0026amp; \u003ccode\u003eSource#skip_spaces\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023\"\u003e\u003ccode\u003e1d876e3\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4 to 5 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/283\"\u003e#283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35\"\u003e\u003ccode\u003ec87bda8\u003c/code\u003e\u003c/a\u003e Remove ostruct from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482\"\u003e\u003ccode\u003ec60ae02\u003c/code\u003e\u003c/a\u003e Remove bundler from dev deps (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/277\"\u003e#277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a\"\u003e\u003ccode\u003e9b084d7\u003c/code\u003e\u003c/a\u003e Fix \u0026amp; Deprecate REXML::Text#text_indent (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/275\"\u003e#275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa\"\u003e\u003ccode\u003e04a589a\u003c/code\u003e\u003c/a\u003e Fix a bug that XPath can't be used for no document element (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93\"\u003e\u003ccode\u003e66232ea\u003c/code\u003e\u003c/a\u003e Remove redundant return statements (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b\"\u003e\u003ccode\u003e63f3e97\u003c/code\u003e\u003c/a\u003e Use Safe Navigation (\u0026amp;.) from Ruby 2.3 (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702\"\u003e\u003ccode\u003ed427fc5\u003c/code\u003e\u003c/a\u003e Avoid redundant calls for doctype (\u003ca href=\"https://redirect.github.com/ruby/rexml/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ruby/rexml/compare/v3.4.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uri` from 1.0.3 to 1.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.4\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ehttps://github.com/ruby/uri/compare/v1.0.3...v1.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/e5074739c3f28e03a26f6a1daa2a051fdbc3e774\"\u003e\u003ccode\u003ee507473\u003c/code\u003e\u003c/a\u003e Bump up to v1.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d3116ca66a3b1c97dc7577f9d2d6e353f391cd6a\"\u003e\u003ccode\u003ed3116ca\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-4' into HEAD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/6c6449e15ffae7027bfe83134f0419f682e0b1ad\"\u003e\u003ccode\u003e6c6449e\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/5cec76b9e8777764344fd4aee140e309ad207b68\"\u003e\u003ccode\u003e5cec76b\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v1.0.3...v1.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/garywei944/acad.garywei.dev/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/garywei944/acad.garywei.dev/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/garywei944%2Facad.garywei.dev/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"0.13.2","new_version":"0.13.3","update_type":"patch","path":null,"pr_created_at":"2026-02-17T17:45:44.000Z","version_change":"0.13.2 → 0.13.3","issue":{"uuid":"3953949273","node_id":"PR_kwDONJHnns7Ea5Iq","number":17,"state":"closed","title":"Bump uri from 0.13.2 to 0.13.3","user":"dependabot[bot]","labels":["dependencies","ruby"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-17T18:05:21.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-17T17:45:44.000Z","updated_at":"2026-02-17T18:05:30.000Z","time_to_close":1177,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"uri","old_version":"0.13.2","new_version":"0.13.3","repository_url":"https://github.com/ruby/uri"}],"path":null,"ecosystem":"rubygems"},"body":"Bumps [uri](https://github.com/ruby/uri) from 0.13.2 to 0.13.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ruby/uri/releases\"\u003euri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003ch3\u003eSecurity fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/\"\u003eCVE-2025-61594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ehttps://github.com/ruby/uri/compare/v0.13.2...v0.13.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/f39018d26848aaa64f22e912599e0dfbcae504ff\"\u003e\u003ccode\u003ef39018d\u003c/code\u003e\u003c/a\u003e Bump up to v0.13.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/20157e3e29b125ff41f1d9662e2e3b1d066f5902\"\u003e\u003ccode\u003e20157e3\u003c/code\u003e\u003c/a\u003e Merge branch 'CVE-2025-61594-3-3' into v0-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/4be7781187707ffe8217a968b97b0f956462b4bb\"\u003e\u003ccode\u003e4be7781\u003c/code\u003e\u003c/a\u003e Add authority accessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ruby/uri/commit/d58589cae1b3c5fa2432b95fa28ed12793077935\"\u003e\u003ccode\u003ed58589c\u003c/code\u003e\u003c/a\u003e Clear user info totally at setting any of authority info\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ruby/uri/compare/v0.13.2...v0.13.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uri\u0026package-manager=bundler\u0026previous-version=0.13.2\u0026new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gmoraleda/swift-migration/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/gmoraleda/swift-migration/pull/17","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gmoraleda%2Fswift-migration/issues/17","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/17/packages"}}]}