profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/greysteil/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Grey Baker greysteil @github London Helping secure the world's software @github. Previously @dependabot and @gocardless.

github/codeql 3325

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise

dependabot/dependabot-core 2125

🤖 The core logic behind Dependabot's update PR creation, and the public issue tracker for all things Dependabot

CocoaPods/Molinillo 363

A generic dependency resolution algorithm.

alexrabarts/iso_country_codes 156

A Ruby library that provides ISO 3166-1 country codes/names and ISO 4217 currencies

github/ossar-action 62

Run multiple open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner).

greysteil/active_model_serializers 1

ActiveModel::Serializer implementation and Rails hooks

bensheppard/squabble 0

Dispute settling API

greysteil/autoprefixer-rails 0

Autoprefixer for Ruby and Ruby on Rails

issue commentdependabot/dependabot-core

Path dependencies with .tar extension failed to parse

I wanted to understand, is there any specific reason for not handling .tar files?

I doubt it - looks like @feelepxyz made the original change, and was likely led by the npm docs, which mention .tgz. but not.tar. If npm can handle.tar` then I expect we should just add handling for it here.

(I'll leave anything more on this to @jurre, as I don't work on Dependabot anymore and he's likely to have a much more informed opinion!)

AlekhyaYalla

comment created time in 4 days

push eventgreysteil/test

Grey Baker

commit sha 288cf7d314047c96f662fb769bb7309374e687b1

Test 2

view details

push time in 14 days

issue commentdependabot/dependabot-core

Clojure support

Cc @asciimike @hmarr ☝️

greysteil

comment created time in 15 days

pull request commentdependabot/dependabot-core

Improved support `apply from` in gradle files

Hey @zbynek, I'm not the right person to ask! @asciimike / @hmarr are likely to have a better view.

zbynek

comment created time in 16 days

push eventgreysteil/test

Grey Baker

commit sha bdb81f8be82e5f4ce609f2e5df3d19ff1c25de22

Test 2

view details

push time in a month

push eventgreysteil/test

Grey Baker

commit sha 8f29d2e1ac1a26306ebe4a64eb40dce9ebb03746

Add

view details

push time in a month

push eventgreysteil/test

Grey Baker

commit sha 6c0ccc3447d1de9568f084570edd5e21cce7a055

Add PlanetScale

view details

push time in a month

push eventgreysteil/test

Grey Baker

commit sha 8a846a291fad4007c42903657b2cbac056e050b9

Artifactory

view details

push time in a month

push eventgreysteil/test

Grey Baker

commit sha aa69cd4149e31ca09126bcbfa4304c6ddc216244

Updated FullStory

view details

push time in a month

push eventgreysteil/test

Grey Baker

commit sha 43521bdc806757998ae446eb5bdc4ef67fbb04e2

FullStory

view details

push time in a month

push eventgreysteil/where-is-grey

dependabot[bot]

commit sha ddef00f67a420555e3829e56b83e191903491025

Bump webmock from 3.13.0 to 3.14.0 Bumps [webmock](https://github.com/bblimke/webmock) from 3.13.0 to 3.14.0. - [Release notes](https://github.com/bblimke/webmock/releases) - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](https://github.com/bblimke/webmock/compare/v3.13.0...v3.14.0) --- updated-dependencies: - dependency-name: webmock dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Grey Baker

commit sha bd6157208e32237f6b302a83e115aaadcd7cd358

Merge pull request #402 from greysteil/dependabot/bundler/webmock-3.14.0 Bump webmock from 3.13.0 to 3.14.0

view details

push time in a month

PR merged greysteil/where-is-grey

Bump webmock from 3.13.0 to 3.14.0 dependencies

Bumps webmock from 3.13.0 to 3.14.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bblimke/webmock/blob/master/CHANGELOG.md">webmock's changelog</a>.</em></p> <blockquote> <h1>3.14.0</h1> <ul> <li> <p>Bump Addressable from 2.3.6 to 2.8.0</p> <p>Thanks to <a href="https://github.com/EduardoGHdez">Eduardo Hernandez</a></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bblimke/webmock/commit/e2c4371243f33238299bfdd9f9a47d8c567af183"><code>e2c4371</code></a> Version 3.14.0</li> <li><a href="https://github.com/bblimke/webmock/commit/3a5c8a35b4485b35509c682ed43f099f0d9f278f"><code>3a5c8a3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/bblimke/webmock/issues/948">#948</a> from EduardoGHdez/eg/bump-addressable</li> <li><a href="https://github.com/bblimke/webmock/commit/e561860497720cda8de2ea08d15a806aabf4ce69"><code>e561860</code></a> Bump Addressable from 2.3.6 to 2.8.0</li> <li><a href="https://github.com/bblimke/webmock/commit/a3e1c2c6f1257634c05a38c6832fd0e4c0bae853"><code>a3e1c2c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/bblimke/webmock/issues/943">#943</a> from tricknotes/remove-travis-yml</li> <li><a href="https://github.com/bblimke/webmock/commit/f0293bfd240dbf6878ce705814123b45857d197f"><code>f0293bf</code></a> Remove .travis.yml</li> <li>See full diff in <a href="https://github.com/bblimke/webmock/compare/v3.13.0...v3.14.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+4 -4

0 comment

2 changed files

dependabot[bot]

pr closed time in a month

push eventgreysteil/where-is-grey

dependabot[bot]

commit sha 7f97c85c3b0aa676587ec6101b5bce84fffca923

Bump puma from 5.3.2 to 5.4.0 Bumps [puma](https://github.com/puma/puma) from 5.3.2 to 5.4.0. - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/master/History.md) - [Commits](https://github.com/puma/puma/compare/v5.3.2...v5.4.0) --- updated-dependencies: - dependency-name: puma dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Grey Baker

commit sha 6da3d9aac12bd9b594430279fba7bd98df825af8

Merge pull request #401 from greysteil/dependabot/bundler/puma-5.4.0 Bump puma from 5.3.2 to 5.4.0

view details

push time in 2 months

PR merged greysteil/where-is-grey

Bump puma from 5.3.2 to 5.4.0 dependencies

Bumps puma from 5.3.2 to 5.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/puma/puma/releases">puma's releases</a>.</em></p> <blockquote> <h2>5.4.0 - Super Flight</h2> <p><img src="https://user-images.githubusercontent.com/845662/127510021-b43f197b-b715-4507-8136-954de2732323.jpg" alt="CasiopeaSuperFlightalbumcover" /></p> <ul> <li> <p>Features</p> <ul> <li>Better/expanded names for threadpool threads (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2657">#2657</a>)</li> <li>Allow pkg_config for OpenSSL (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2648">#2648</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/1412">#1412</a>)</li> <li>Add <code>rack_url_scheme</code> to Puma::DSL, allows setting of <code>rack.url_scheme</code> header (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2586">#2586</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2569">#2569</a>)</li> </ul> </li> <li> <p>Bugfixes</p> <ul> <li><code>Binder#parse</code> - allow for symlinked unix path, add create_activated_fds debug ENV (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2643">#2643</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2638">#2638</a>)</li> <li>Fix deprecation warning: minissl.c - Use Random.bytes if available (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2642">#2642</a>)</li> <li>Client certificates: set session id context while creating SSLContext (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2633">#2633</a>)</li> </ul> </li> <li> <p>Refactor</p> <ul> <li>Replace <code>IO.select</code> with <code>IO#wait_</code> when checking a single IO (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2666">#2666</a>)</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/puma/puma/blob/master/History.md">puma's changelog</a>.</em></p> <blockquote> <h2>5.4.0 / 2021-07-28</h2> <ul> <li> <p>Features</p> <ul> <li>Better/expanded names for threadpool threads (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2657">#2657</a>)</li> <li>Allow pkg_config for OpenSSL (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2648">#2648</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/1412">#1412</a>)</li> <li>Add <code>rack_url_scheme</code> to Puma::DSL, allows setting of <code>rack.url_scheme</code> header (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2586">#2586</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2569">#2569</a>)</li> </ul> </li> <li> <p>Bugfixes</p> <ul> <li><code>Binder#parse</code> - allow for symlinked unix path, add create_activated_fds debug ENV (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2643">#2643</a>, <a href="https://github-redirect.dependabot.com/puma/puma/issues/2638">#2638</a>)</li> <li>Fix deprecation warning: minissl.c - Use Random.bytes if available (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2642">#2642</a>)</li> <li>Client certificates: set session id context while creating SSLContext (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2633">#2633</a>)</li> </ul> </li> <li> <p>Refactor</p> <ul> <li>Replace <code>IO.select</code> with <code>IO#wait_</code> when checking a single IO (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2666">#2666</a>)</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/puma/puma/commit/f041b020aad2da0fa99d183c7e8a4147baeea28d"><code>f041b02</code></a> 5.4.0 (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2668">#2668</a>)</li> <li><a href="https://github.com/puma/puma/commit/6e4257fece8f822cb3cf7624e2146f7214e5b884"><code>6e4257f</code></a> Replace IO.select with IO#wait_* when checking a single IO (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2666">#2666</a>)</li> <li><a href="https://github.com/puma/puma/commit/bda19f8225a36f83bb2671fc4baef870df9f76b4"><code>bda19f8</code></a> Reference restart docs from deployment docs (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2664">#2664</a>)</li> <li><a href="https://github.com/puma/puma/commit/f5750ddbdf16e726ba55c65056cda5d4dd06ee9e"><code>f5750dd</code></a> <code>preload!</code> -> <code>preload_app!</code> in docs/deployment.md (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2663">#2663</a>)</li> <li><a href="https://github.com/puma/puma/commit/7d54416792bc6e2e1f1d185368bec39f846a8e5a"><code>7d54416</code></a> CONTRIBUTING: update section about changelog (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2660">#2660</a>)</li> <li><a href="https://github.com/puma/puma/commit/51105f05693987be18a762992ad1d8a4302ca373"><code>51105f0</code></a> Better names for thread pool threads (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2657">#2657</a>)</li> <li><a href="https://github.com/puma/puma/commit/1893628a8cbf9bef9a3b78731b4508e83fad9ef6"><code>1893628</code></a> Fix deadlock issue in thread pool (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2656">#2656</a>)</li> <li><a href="https://github.com/puma/puma/commit/8264d20caeb73d65564c5def9267fecfc9473c16"><code>8264d20</code></a> Binder#parse - allow for symlinked unix path, add create_activated_fds debug ...</li> <li><a href="https://github.com/puma/puma/commit/4ff7d75c6b7bb8d030657b5bd49e472d103c6bb4"><code>4ff7d75</code></a> extconf.rb - allow pkg_config for OpenSSL (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2648">#2648</a>)</li> <li><a href="https://github.com/puma/puma/commit/6a085e6cade3aa40c9174b3b3852325e43da5e35"><code>6a085e6</code></a> minissl.c - Use Random.bytes if available (<a href="https://github-redirect.dependabot.com/puma/puma/issues/2642">#2642</a>)</li> <li>Additional commits viewable in <a href="https://github.com/puma/puma/compare/v5.3.2...v5.4.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

pull request commentgetsentry/sentry

feat(api): switch to prefixed strings for auth tokens and client secrets

Hey @manuzope, any update on when you and the team will be able to review this?

greysteil

comment created time in 2 months

pull request commentdependabot/dependabot-core

Make native-mt and agp version types for Maven and Gradle

It won't fix that, no, but it's not clear to me that it should - as far as I'm aware the Maven ecosystem uses this specification for version comparison, not SemVer 2.0, and I presume Gradle does the same for consistency. Dependabot would be doing the wrong thing in even more cases if it followed SemVer 2.0 for Maven/Gradle.

(FWIW, here's the [version comparison logic Dependabot uses for Gradle](https://github.com/dependabot/dependabot-core/blob/main/gradle/lib/dependabot/gradle/version.rb. We have different version comparison logic for each language because they're all different - here's python's and here's npm's (the easy one, as it's just SemVer - they wrote the SemVer spec).)

Are you using other tooling that sort 1.0 ahead of 1.0-20050927.133100? I don't use Maven or Gradle myself, so am happy to be corrected, but my hunch here is that in this case it's the package author who has made a mistake, releasing alphas / betas with versions that in fact treat them as full releases.

greysteil

comment created time in 2 months

push eventdependabot/dependabot-core

Grey Baker

commit sha 728eb8ee56fd8fcfc71270a522c75eef13845f71

Fix tests

view details

push time in 2 months

push eventdependabot/dependabot-core

Grey Baker

commit sha 294aad85bc778a61348c08a5811b82438170c6ce

Fix tests

view details

push time in 2 months

pull request commentdependabot/dependabot-core

Make native-mt and agp version types for Maven and Gradle

@hiqua FYI

greysteil

comment created time in 2 months

PR opened dependabot/dependabot-core

Make native-mt and agp version types for Maven and Gradle

Fixes https://github.com/dependabot/dependabot-core/issues/2547.

Version comparison in Dependabot uses the Maven specification when looking at Maven / Gradle versions. Whilst technically correct, this can cause problems where a popular dependency has chosen to append their own suffix onto their versions to distinguish between types. The problems are not unique to Dependabot.

The pragmatic solution is to add some special cases to our version fetching logic. We already treat jre, android and java as "types" when they appear in a version string - this PR extends that logic to do the same for native-mt and agp (short for "Android Gradle Plugin" and referenced here).

Note: the native-mt type is a particular pain, as it includes a token separator character (the -). I've added extra special casing to deal with that, and a test for it.

+86 -17

0 comment

6 changed files

pr created time in 2 months

push eventdependabot/dependabot-core

Grey Baker

commit sha accd3199c76d48436f45c5ff8a08d9c57863adb6

Add Android Gradle Plugin (agp) as a suffix type, too

view details

push time in 2 months

create barnchdependabot/dependabot-core

branch : make-native-mt-a-type

created branch time in 2 months

push eventgreysteil/where-is-grey

dependabot[bot]

commit sha e83a253c1a38741d8081396345c695438e619657

Bump fog-local from 0.6.0 to 0.7.0 Bumps [fog-local](https://github.com/fog/fog-local) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/fog/fog-local/releases) - [Commits](https://github.com/fog/fog-local/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: fog-local dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Grey Baker

commit sha 554244a8aaa6156eeede4467d57f27c9fc92aa1c

Merge pull request #400 from greysteil/dependabot/bundler/fog-local-0.7.0 Bump fog-local from 0.6.0 to 0.7.0

view details

push time in 2 months

PR merged greysteil/where-is-grey

Bump fog-local from 0.6.0 to 0.7.0 dependencies

Bumps fog-local from 0.6.0 to 0.7.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fog/fog-local/commit/10ded1324ce62a77ad676301bf7521c0f5ae901a"><code>10ded13</code></a> v0.7.0</li> <li><a href="https://github.com/fog/fog-local/commit/bf609ca9ad618dc2bf2e14013e9bb06a322e153d"><code>bf609ca</code></a> drop travis in favor of github actions</li> <li><a href="https://github.com/fog/fog-local/commit/8832480bd0400df6208c0aa5a1ae1cc1c640bf45"><code>8832480</code></a> add localized URI escape</li> <li><a href="https://github.com/fog/fog-local/commit/b25d1c105abb2b2398ed69e1d2b1234ba1ab3a93"><code>b25d1c1</code></a> fix succeeds helper for ruby 3 compatibility</li> <li><a href="https://github.com/fog/fog-local/commit/ef2e3714c86c157ae6d17335eb532176f02658c0"><code>ef2e371</code></a> relax bundler dependency</li> <li><a href="https://github.com/fog/fog-local/commit/5a2b34c5b01018dc3350ed52509f71199da03e2f"><code>5a2b34c</code></a> add github config and actions</li> <li><a href="https://github.com/fog/fog-local/commit/10766941f251ce78d23ea66cbab0f5ffa244856b"><code>1076694</code></a> update rake dependency</li> <li>See full diff in <a href="https://github.com/fog/fog-local/compare/v0.6.0...v0.7.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+6 -6

0 comment

2 changed files

dependabot[bot]

pr closed time in 2 months

delete branch greysteil/boto3

delete branch : add-project-urls

delete time in 2 months

push eventgreysteil/test

Grey Baker

commit sha 69087f2f8b4d1b7326aaaf9d4911bf5fbe6b24ad

Add checkout.com

view details

push time in 2 months

push eventgreysteil/where-is-grey

dependabot[bot]

commit sha d624ebba72a5b0b5b63ee257aca6ddd07f2db9c8

Bump addressable from 2.7.0 to 2.8.0 Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0. - [Release notes](https://github.com/sporkmonger/addressable/releases) - [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md) - [Commits](https://github.com/sporkmonger/addressable/compare/addressable-2.7.0...addressable-2.8.0) --- updated-dependencies: - dependency-name: addressable dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Grey Baker

commit sha b2ca1253f7556b9ead03647430e44b866fe62441

Merge pull request #399 from greysteil/dependabot/bundler/addressable-2.8.0 Bump addressable from 2.7.0 to 2.8.0

view details

push time in 2 months

PR merged greysteil/where-is-grey

Bump addressable from 2.7.0 to 2.8.0 dependencies

Bumps addressable from 2.7.0 to 2.8.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md">addressable's changelog</a>.</em></p> <blockquote> <h1>Addressable 2.8.0</h1> <ul> <li>fixes ReDoS vulnerability in Addressable::Template#match</li> <li>no longer replaces <code>+</code> with spaces in queries for non-http(s) schemes</li> <li>fixed encoding ipv6 literals</li> <li>the <code>:compacted</code> flag for <code>normalized_query</code> now dedupes parameters</li> <li>fix broken <code>escape_component</code> alias</li> <li>dropping support for Ruby 2.0 and 2.1</li> <li>adding Ruby 3.0 compatibility for development tasks</li> <li>drop support for <code>rack-mount</code> and remove Addressable::Template#generate</li> <li>performance improvements</li> <li>switch CI/CD to GitHub Actions</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sporkmonger/addressable/commit/6469a232c0f1892809ff66737370c765d574e16c"><code>6469a23</code></a> Updating gemspec again</li> <li><a href="https://github.com/sporkmonger/addressable/commit/24336385de0261571b3adaad0431459edb420c79"><code>2433638</code></a> Merge branch 'main' of github.com:sporkmonger/addressable into main</li> <li><a href="https://github.com/sporkmonger/addressable/commit/e9c76b889789c75d7073c17b0ab557635d3f6704"><code>e9c76b8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sporkmonger/addressable/issues/378">#378</a> from ashmaroli/flat-map</li> <li><a href="https://github.com/sporkmonger/addressable/commit/56c5cf7ece9223ff4240e07078cc26d3adbbbd30"><code>56c5cf7</code></a> Update the gemspec</li> <li><a href="https://github.com/sporkmonger/addressable/commit/c1fed1ca0a44c448e74d761fd44ed94869199807"><code>c1fed1c</code></a> Require a non-vulnerable rake</li> <li><a href="https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc"><code>0d8a312</code></a> Adding note about ReDoS vulnerability</li> <li><a href="https://github.com/sporkmonger/addressable/commit/89c76130ce255c601f642a018cb5fb5a80e679a7"><code>89c7613</code></a> Merge branch 'template-regexp' into main</li> <li><a href="https://github.com/sporkmonger/addressable/commit/cf8884f815c96b646c796f707bf768cf6eb65543"><code>cf8884f</code></a> Note about alias fix</li> <li><a href="https://github.com/sporkmonger/addressable/commit/bb03f7112e8e478240a0f96e1cc7428159b41586"><code>bb03f71</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sporkmonger/addressable/issues/371">#371</a> from charleystran/add_missing_encode_component_doc_entry</li> <li><a href="https://github.com/sporkmonger/addressable/commit/6d1d8094a66cbf932ecf69db6850bc9edaf86de0"><code>6d1d809</code></a> Adding note about :compacted normalization</li> <li>Additional commits viewable in <a href="https://github.com/sporkmonger/addressable/compare/addressable-2.7.0...addressable-2.8.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

push eventgreysteil/where-is-grey

dependabot[bot]

commit sha 37819fb65b6deaf9ed5a017821fb7ee6540fe469

Bump rake from 13.0.5 to 13.0.6 Bumps [rake](https://github.com/ruby/rake) from 13.0.5 to 13.0.6. - [Release notes](https://github.com/ruby/rake/releases) - [Changelog](https://github.com/ruby/rake/blob/master/History.rdoc) - [Commits](https://github.com/ruby/rake/compare/v13.0.5...v13.0.6) --- updated-dependencies: - dependency-name: rake dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Grey Baker

commit sha d21435fbb0e57b4839c2ba7c42eacde93b931171

Merge pull request #398 from greysteil/dependabot/bundler/rake-13.0.6 Bump rake from 13.0.5 to 13.0.6

view details

push time in 2 months

PR merged greysteil/where-is-grey

Bump rake from 13.0.5 to 13.0.6 dependencies

Bumps rake from 13.0.5 to 13.0.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ruby/rake/blob/master/History.rdoc">rake's changelog</a>.</em></p> <blockquote> <p>=== 13.0.6</p> <ul> <li>Additional fix for <a href="https://github-redirect.dependabot.com/ruby/rake/issues/389">#389</a> Pull request <a href="https://github-redirect.dependabot.com/ruby/rake/issues/390">#390</a> by hsbt</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ruby/rake/commit/5c60da8644a9e4f655e819252e3b6ca77f42b7af"><code>5c60da8</code></a> Bump up Rake-13.0.6</li> <li><a href="https://github.com/ruby/rake/commit/73d4099cc9f5f49d0dd5859850cc0582596ca4a2"><code>73d4099</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ruby/rake/issues/390">#390</a> from ruby/fix-388-again</li> <li><a href="https://github.com/ruby/rake/commit/63aacb6c87c9e423102ddd7f7a09292000f911a7"><code>63aacb6</code></a> Added Rake namespace explicitly</li> <li>See full diff in <a href="https://github.com/ruby/rake/compare/v13.0.5...v13.0.6">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months