{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":184644516,"defaultBranch":"main","name":"uncruft","ownerLogin":"Betterment","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2019-05-02T20:07:23.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/871554?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1716298813.0","currentOid":""},"activityList":{"items":[{"before":"3b80451180816964d343b0189112fb51739470f5","after":"35bc7cf0ede6bb5af029995a31ce9ecc51989815","ref":"refs/heads/dependabot/bundler/rails-7.0.8.1","pushedAt":"2024-05-21T13:40:46.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump rails from 7.0.8 to 7.0.8.1\n\nBumps [rails](https://github.com/rails/rails) from 7.0.8 to 7.0.8.1.\n- [Release notes](https://github.com/rails/rails/releases)\n- [Commits](https://github.com/rails/rails/compare/v7.0.8...v7.0.8.1)\n\n---\nupdated-dependencies:\n- dependency-name: rails\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump rails from 7.0.8 to 7.0.8.1"}},{"before":"9c134c67d2caf7225bbf008039f38660ca341367","after":"3b80451180816964d343b0189112fb51739470f5","ref":"refs/heads/dependabot/bundler/rails-7.0.8.1","pushedAt":"2024-05-21T13:40:14.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump rails from 7.0.8 to 7.0.8.1\n\nBumps [rails](https://github.com/rails/rails) from 7.0.8 to 7.0.8.1.\n- [Release notes](https://github.com/rails/rails/releases)\n- [Commits](https://github.com/rails/rails/compare/v7.0.8...v7.0.8.1)\n\n---\nupdated-dependencies:\n- dependency-name: rails\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump rails from 7.0.8 to 7.0.8.1"}},{"before":"3f565aef7e77594cae9fe34d7313edab0a2b264b","after":null,"ref":"refs/heads/dependabot/bundler/rack-2.2.9","pushedAt":"2024-05-21T13:40:13.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"samandmoore","name":"Sam Moore","path":"/samandmoore","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/407586?s=80&v=4"}},{"before":"224e657a214a1784337ffea94e74a86ea010f4af","after":"d43df5c6ede6f594e885c3779338d850ab32742b","ref":"refs/heads/main","pushedAt":"2024-05-21T13:40:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"samandmoore","name":"Sam Moore","path":"/samandmoore","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/407586?s=80&v=4"},"commit":{"message":"Bump rack from 2.2.8 to 2.2.9 (#24)\n\nBumps [rack](https://github.com/rack/rack) from 2.2.8 to 2.2.9.\r\n
\r\nRelease notes\r\n

Sourced from rack's\r\nreleases.

\r\n
\r\n

v2.2.8.1

\r\n

What's Changed

\r\n
    \r\n
  • Fixed ReDoS in Accept header parsing [CVE-2024-26146]
    • \r\n
  • Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
    • \r\n
  • Reject Range headers which are too large [CVE-2024-26141]
    • \r\n
\r\n

Full Changelog: https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1

\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • b1deebd\r\nBump patch version.
    • \r\n
  • f7d40f9\r\nMerge branch '2-2-sec' into 2-2-stable
    • \r\n
  • e830011\r\nbump version
    • \r\n
  • d9c163a\r\nAvoid 2nd degree polynomial regexp in MediaType
    • \r\n
  • 6245768\r\nReturn an empty array when ranges are too large
    • \r\n
  • e4c1177\r\nFixing ReDoS in header parsing
    • \r\n
  • fdb12cb\r\nbackport #2104 (#2121)
    • \r\n
  • 99057e6\r\nUpdate CHANGELOG for 2.2.8 (#2107)
    • \r\n
  • 3314622\r\nAdds missing 2.2.8 to CHANGELOG.md (#2106)
    • \r\n
  • See full diff in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack&package-manager=bundler&previous-version=2.2.8&new-version=2.2.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/Betterment/uncruft/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump rack from 2.2.8 to 2.2.9 (#24)"}},{"before":"dbdf29223413afc8d9ffdff328964b80ef5413dd","after":null,"ref":"refs/heads/dependabot/bundler/rexml-3.2.8","pushedAt":"2024-05-21T13:39:25.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"d54fa099d6d1683bd145336597b2e19d03c679b0","after":"224e657a214a1784337ffea94e74a86ea010f4af","ref":"refs/heads/main","pushedAt":"2024-05-21T13:39:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"samandmoore","name":"Sam Moore","path":"/samandmoore","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/407586?s=80&v=4"},"commit":{"message":"Bump rexml from 3.2.6 to 3.2.8 (#25)\n\nBumps [rexml](https://github.com/ruby/rexml) from 3.2.6 to 3.2.8.\r\n
\r\nRelease notes\r\n

Sourced from rexml's\r\nreleases.

\r\n
\r\n

REXML 3.2.8 - 2024-05-16

\r\n

Fixes

\r\n
    \r\n
  • Suppressed a warning
    • \r\n
\r\n

REXML 3.2.7 - 2024-05-16

\r\n

Improvements

\r\n
    \r\n
  • \r\n

    Improve parse performance by using StringScanner.

    \r\n
      \r\n
    • \r\n

      GH-106

      \r\n
      • \r\n
    • \r\n

      GH-107

      \r\n
      • \r\n
    • \r\n

      GH-108

      \r\n
      • \r\n
    • \r\n

      GH-109

      \r\n
      • \r\n
    • \r\n

      GH-112

      \r\n
      • \r\n
    • \r\n

      GH-113

      \r\n
      • \r\n
    • \r\n

      GH-114

      \r\n
      • \r\n
    • \r\n

      GH-115

      \r\n
      • \r\n
    • \r\n

      GH-116

      \r\n
      • \r\n
    • \r\n

      GH-117

      \r\n
      • \r\n
    • \r\n

      GH-118

      \r\n
      • \r\n
    • \r\n

      GH-119

      \r\n
      • \r\n
    • \r\n

      GH-121

      \r\n
      • \r\n
    • \r\n

      Patch by NAITOH Jun.

      \r\n
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Improved parse performance when an attribute has many\r\n<s.

    \r\n
      \r\n
    • GH-124
      • \r\n
    \r\n
    • \r\n
\r\n

Fixes

\r\n
    \r\n
  • \r\n

    XPath: Fixed a bug of normalize_space(array).

    \r\n
      \r\n
    • \r\n

      GH-110

      \r\n
      • \r\n
    • \r\n

      GH-111

      \r\n
      • \r\n
    • \r\n

      Patch by flatisland.

      \r\n
      • \r\n
    \r\n
    • \r\n
  • \r\n

    XPath: Fixed a bug that wrong position is used with nested path.

    \r\n
      \r\n
    • \r\n

      GH-110

      \r\n
      • \r\n
    • \r\n

      GH-122

      \r\n
      • \r\n
    • \r\n

      Reported by jcavalieri.

      \r\n
      • \r\n
    • \r\n

      Patch by NAITOH Jun.

      \r\n
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Fixed a bug that an exception message can't be generated for\r\ninvalid encoding XML.

    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from rexml's\r\nchangelog.

\r\n
\r\n

3.2.8 - 2024-05-16 {#version-3-2-8}

\r\n

Fixes

\r\n
    \r\n
  • Suppressed a warning
    • \r\n
\r\n

3.2.7 - 2024-05-16 {#version-3-2-7}

\r\n

Improvements

\r\n
    \r\n
  • \r\n

    Improve parse performance by using StringScanner.

    \r\n
      \r\n
    • \r\n

      GH-106

      \r\n
      • \r\n
    • \r\n

      GH-107

      \r\n
      • \r\n
    • \r\n

      GH-108

      \r\n
      • \r\n
    • \r\n

      GH-109

      \r\n
      • \r\n
    • \r\n

      GH-112

      \r\n
      • \r\n
    • \r\n

      GH-113

      \r\n
      • \r\n
    • \r\n

      GH-114

      \r\n
      • \r\n
    • \r\n

      GH-115

      \r\n
      • \r\n
    • \r\n

      GH-116

      \r\n
      • \r\n
    • \r\n

      GH-117

      \r\n
      • \r\n
    • \r\n

      GH-118

      \r\n
      • \r\n
    • \r\n

      GH-119

      \r\n
      • \r\n
    • \r\n

      GH-121

      \r\n
      • \r\n
    • \r\n

      Patch by NAITOH Jun.

      \r\n
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Improved parse performance when an attribute has many\r\n<s.

    \r\n
      \r\n
    • GH-124
      • \r\n
    \r\n
    • \r\n
\r\n

Fixes

\r\n
    \r\n
  • \r\n

    XPath: Fixed a bug of normalize_space(array).

    \r\n
      \r\n
    • \r\n

      GH-110

      \r\n
      • \r\n
    • \r\n

      GH-111

      \r\n
      • \r\n
    • \r\n

      Patch by flatisland.

      \r\n
      • \r\n
    \r\n
    • \r\n
  • \r\n

    XPath: Fixed a bug that wrong position is used with nested path.

    \r\n
      \r\n
    • \r\n

      GH-110

      \r\n
      • \r\n
    • \r\n

      GH-122

      \r\n
      • \r\n
    • \r\n

      Reported by jcavalieri.

      \r\n
      • \r\n
    • \r\n

      Patch by NAITOH Jun.

      \r\n
      • \r\n
    \r\n
    • \r\n
  • \r\n

    Fixed a bug that an exception message can't be generated for

    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 1cf37ba\r\nAdd 3.2.8 entry
    • \r\n
  • b67081c\r\nRemove an unused variable (#128)
    • \r\n
  • 94e180e\r\nSuppress a warning
    • \r\n
  • d574ba5\r\nci: install only gems required for running tests (#129)
    • \r\n
  • 4670f8f\r\nAdd missing Thanks section
    • \r\n
  • 9ba35f9\r\nBump version
    • \r\n
  • 085def0\r\nAdd 3.2.7 entry
    • \r\n
  • 4325835\r\nRead quoted attributes in chunks (#126)
    • \r\n
  • e77365e\r\nExclude older than 2.6 on macos-14
    • \r\n
  • bf2c8ed\r\nMove development dependencies to Gemfile (#124)
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rexml&package-manager=bundler&previous-version=3.2.6&new-version=3.2.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/Betterment/uncruft/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump rexml from 3.2.6 to 3.2.8 (#25)"}},{"before":null,"after":"dbdf29223413afc8d9ffdff328964b80ef5413dd","ref":"refs/heads/dependabot/bundler/rexml-3.2.8","pushedAt":"2024-05-16T21:52:44.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump rexml from 3.2.6 to 3.2.8\n\nBumps [rexml](https://github.com/ruby/rexml) from 3.2.6 to 3.2.8.\n- [Release notes](https://github.com/ruby/rexml/releases)\n- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)\n- [Commits](https://github.com/ruby/rexml/compare/v3.2.6...v3.2.8)\n\n---\nupdated-dependencies:\n- dependency-name: rexml\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump rexml from 3.2.6 to 3.2.8"}},{"before":"3182f6a46d2094c12a7de72539378c9ff900c7d2","after":null,"ref":"refs/heads/dependabot/bundler/nokogiri-1.16.5","pushedAt":"2024-05-14T14:28:20.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"766c49947638e1061130920b02f915bc9f78f5a6","after":null,"ref":"refs/heads/dependabot/bundler/rack-2.2.8.1","pushedAt":"2024-05-14T13:59:02.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"3f565aef7e77594cae9fe34d7313edab0a2b264b","ref":"refs/heads/dependabot/bundler/rack-2.2.9","pushedAt":"2024-05-14T13:58:58.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump rack from 2.2.8 to 2.2.9\n\nBumps [rack](https://github.com/rack/rack) from 2.2.8 to 2.2.9.\n- [Release notes](https://github.com/rack/rack/releases)\n- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/rack/rack/compare/v2.2.8...v2.2.9)\n\n---\nupdated-dependencies:\n- dependency-name: rack\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump rack from 2.2.8 to 2.2.9"}},{"before":"d6363070b77435c38481599a5e0435852e67e383","after":"d54fa099d6d1683bd145336597b2e19d03c679b0","ref":"refs/heads/main","pushedAt":"2024-05-14T12:23:35.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"samandmoore","name":"Sam Moore","path":"/samandmoore","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/407586?s=80&v=4"},"commit":{"message":"Bump nokogiri from 1.16.2 to 1.16.5 (#23)","shortMessageHtmlLink":"Bump nokogiri from 1.16.2 to 1.16.5 (#23)"}},{"before":null,"after":"3182f6a46d2094c12a7de72539378c9ff900c7d2","ref":"refs/heads/dependabot/bundler/nokogiri-1.16.5","pushedAt":"2024-05-13T23:39:36.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump nokogiri from 1.16.2 to 1.16.5\n\nBumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2 to 1.16.5.\n- [Release notes](https://github.com/sparklemotion/nokogiri/releases)\n- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.2...v1.16.5)\n\n---\nupdated-dependencies:\n- dependency-name: nokogiri\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump nokogiri from 1.16.2 to 1.16.5"}},{"before":null,"after":"766c49947638e1061130920b02f915bc9f78f5a6","ref":"refs/heads/dependabot/bundler/rack-2.2.8.1","pushedAt":"2024-04-16T18:14:11.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"samandmoore","name":"Sam Moore","path":"/samandmoore","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/407586?s=80&v=4"},"commit":{"message":"Bump rack from 2.2.8 to 2.2.8.1\n\nBumps [rack](https://github.com/rack/rack) from 2.2.8 to 2.2.8.1.\n- [Release notes](https://github.com/rack/rack/releases)\n- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1)\n\n---\nupdated-dependencies:\n- dependency-name: rack\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump rack from 2.2.8 to 2.2.8.1"}},{"before":null,"after":"9c134c67d2caf7225bbf008039f38660ca341367","ref":"refs/heads/dependabot/bundler/rails-7.0.8.1","pushedAt":"2024-04-16T18:14:04.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"samandmoore","name":"Sam Moore","path":"/samandmoore","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/407586?s=80&v=4"},"commit":{"message":"Bump rails from 7.0.8 to 7.0.8.1\n\nBumps [rails](https://github.com/rails/rails) from 7.0.8 to 7.0.8.1.\n- [Release notes](https://github.com/rails/rails/releases)\n- [Commits](https://github.com/rails/rails/compare/v7.0.8...v7.0.8.1)\n\n---\nupdated-dependencies:\n- dependency-name: rails\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump rails from 7.0.8 to 7.0.8.1"}},{"before":"766c49947638e1061130920b02f915bc9f78f5a6","after":null,"ref":"refs/heads/dependabot/bundler/rack-2.2.8.1","pushedAt":"2024-04-16T09:03:51.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"9c134c67d2caf7225bbf008039f38660ca341367","after":null,"ref":"refs/heads/dependabot/bundler/rails-7.0.8.1","pushedAt":"2024-04-16T09:03:50.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"766c49947638e1061130920b02f915bc9f78f5a6","ref":"refs/heads/dependabot/bundler/rack-2.2.8.1","pushedAt":"2024-02-29T01:51:23.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump rack from 2.2.8 to 2.2.8.1\n\nBumps [rack](https://github.com/rack/rack) from 2.2.8 to 2.2.8.1.\n- [Release notes](https://github.com/rack/rack/releases)\n- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/rack/rack/compare/v2.2.8...v2.2.8.1)\n\n---\nupdated-dependencies:\n- dependency-name: rack\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump rack from 2.2.8 to 2.2.8.1"}},{"before":null,"after":"9c134c67d2caf7225bbf008039f38660ca341367","ref":"refs/heads/dependabot/bundler/rails-7.0.8.1","pushedAt":"2024-02-27T22:52:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump rails from 7.0.8 to 7.0.8.1\n\nBumps [rails](https://github.com/rails/rails) from 7.0.8 to 7.0.8.1.\n- [Release notes](https://github.com/rails/rails/releases)\n- [Commits](https://github.com/rails/rails/compare/v7.0.8...v7.0.8.1)\n\n---\nupdated-dependencies:\n- dependency-name: rails\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump rails from 7.0.8 to 7.0.8.1"}},{"before":"d92f56030b999bf7ecd51888573da89958825582","after":null,"ref":"refs/heads/dependabot/bundler/nokogiri-1.16.2","pushedAt":"2024-02-06T14:30:59.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"smudge","name":"Nathan Griffith","path":"/smudge","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/83998?s=80&v=4"}},{"before":"b8bc9a7c8ec46f19a830e5b10105339c5f0e6f68","after":"d6363070b77435c38481599a5e0435852e67e383","ref":"refs/heads/main","pushedAt":"2024-02-06T14:30:56.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"smudge","name":"Nathan Griffith","path":"/smudge","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/83998?s=80&v=4"},"commit":{"message":"Bump nokogiri from 1.15.5 to 1.16.2 (#20)\n\nBumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.15.5\r\nto 1.16.2.\r\n
\r\nRelease notes\r\n

Sourced from nokogiri's\r\nreleases.

\r\n
\r\n

v1.16.2 / 2024-02-04

\r\n

Security

\r\n
    \r\n
  • [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See\r\nGHSA-xc9x-jj77-9p9j\r\nfor more information.
    • \r\n
\r\n

Dependencies

\r\n
    \r\n
  • [CRuby] Vendored libxml2 is updated to v2.12.5\r\nfrom v2.12.4. (@​flavorjones)
    • \r\n
\r\n
\r\n

sha256 checksums:

\r\n\r\n
69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d\r\nnokogiri-1.16.2-aarch64-linux.gem\r\n6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57\r\nnokogiri-1.16.2-arm-linux.gem\r\nc957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8\r\nnokogiri-1.16.2-arm64-darwin.gem\r\n122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310\r\nnokogiri-1.16.2-java.gem\r\n7344b5072ca69fc5bedb61cb01a3b765b93a27aae5a2a845c2ba7200e4345074\r\nnokogiri-1.16.2-x64-mingw-ucrt.gem\r\na2a5e184a424111a0d5b77947986484920ad708009c667f061e8d02035c562dd\r\nnokogiri-1.16.2-x64-mingw32.gem\r\n833efddeb51a6c2c9f6356295623c2b2e0d50050d468695c59bd929162953323\r\nnokogiri-1.16.2-x86-linux.gem\r\ne67fc0418dffaff9dc8b1dc65f0605282c3fee9488832d0223b620b4319e0b53\r\nnokogiri-1.16.2-x86-mingw32.gem\r\n5def799e5f139f21a79d7cf71172313a7b6fb0e4b2a31ab9bd5d4ad305994539\r\nnokogiri-1.16.2-x86_64-darwin.gem\r\n5b146240ac6ec6c40fd4367623e74442bca45a542bd3282b1d4d18b07b8e5dfe\r\nnokogiri-1.16.2-x86_64-linux.gem\r\n68922ee5cde27497d995c46f2821957bae961947644eed2822d173daf7567f9c\r\nnokogiri-1.16.2.gem\r\n
\r\n

v1.16.1 / 2024-02-03

\r\n

Dependencies

\r\n
    \r\n
  • [CRuby] Vendored libxml2 is updated to v2.12.4\r\nfrom v2.12.3. (@​flavorjones)
    • \r\n
\r\n

Fixed

\r\n
    \r\n
  • [CRuby] XML::Reader defaults the encoding to UTF-8 if\r\nit's not specified in either the document or as a method parameter.\r\nPreviously non-ASCII characters were serialized as NCRs in this case. #2891\r\n(@​flavorjones)
    • \r\n
  • [CRuby] Restored support for compilation by GCC versions earlier\r\nthan 4.6, which was broken in v1.15.0 (540e9aee). #3090\r\n(@​adfoster-r7)
    • \r\n
  • [CRuby] Patched upstream libxml2 to allow parsing HTML5 in the\r\ncontext of a namespaced node (e.g., foreign content like MathML).\r\n[#3112, #3116]\r\n(@​flavorjones)
    • \r\n
  • [CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when\r\nthe maximum tree depth limit is hit. [#3098, #3100]\r\n(@​stevecheckoway)
    • \r\n
\r\n
\r\n

sha256 checksums:

\r\n\r\n
a541f35e5b9798a0c97300f9ee18f4217da2a2945a6d5499e4123b9018f9cafc\r\nnokogiri-1.16.1-aarch64-linux.gem\r\n6b82affd195000ab2f9c36cc08744ec2d2fcf6d8da88d59a2db67e83211f7c69\r\nnokogiri-1.16.1-arm-linux.gem\r\n</tr></table> \r\n
\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from nokogiri's\r\nchangelog.

\r\n
\r\n

v1.16.2 / 2024-02-04

\r\n

Security

\r\n
    \r\n
  • [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See\r\nGHSA-xc9x-jj77-9p9j\r\nfor more information.
    • \r\n
\r\n

Dependencies

\r\n
    \r\n
  • [CRuby] Vendored libxml2 is updated to v2.12.5\r\nfrom v2.12.4. (@​flavorjones)
    • \r\n
\r\n

v1.16.1 / 2024-02-03

\r\n

Dependencies

\r\n
    \r\n
  • [CRuby] Vendored libxml2 is updated to v2.12.4\r\nfrom v2.12.3. (@​flavorjones)
    • \r\n
\r\n

Fixed

\r\n
    \r\n
  • [CRuby] XML::Reader defaults the encoding to UTF-8 if\r\nit's not specified in either the document or as a method parameter.\r\nPreviously non-ASCII characters were serialized as NCRs in this case. #2891\r\n(@​flavorjones)
    • \r\n
  • [CRuby] Restored support for compilation by GCC versions earlier\r\nthan 4.6, which was broken in v1.15.0 (540e9aee). #3090\r\n(@​adfoster-r7)
    • \r\n
  • [CRuby] Patched upstream libxml2 to allow parsing HTML5 in the\r\ncontext of a namespaced node (e.g., foreign content like MathML).\r\n[#3112, #3116]\r\n(@​flavorjones)
    • \r\n
  • [CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when\r\nthe maximum tree depth limit is hit. [#3098, #3100]\r\n(@​stevecheckoway)
    • \r\n
\r\n

v1.16.0 / 2023-12-27

\r\n

Notable Changes

\r\n

Ruby

\r\n

This release introduces native gem support for Ruby 3.3.

\r\n

This release ends support for Ruby 2.7, for which upstream support\r\nended 2023-03-31.

\r\n

Pattern matching

\r\n

This version marks official support for the pattern matching\r\nAPI in XML::Attr, XML::Document,\r\nXML::DocumentFragment, XML::Namespace,\r\nXML::Node, and XML::NodeSet (and their\r\nsubclasses), originally introduced as an experimental feature in\r\nv1.14.0. (@​flavorjones)

\r\n

Documentation on what can be matched:

\r\n
    \r\n
  • XML::Attr#deconstruct_keys
    • \r\n
  • XML::Document#deconstruct_keys
    • \r\n
  • XML::Namespace#deconstruct_keys
    • \r\n
  • XML::Node#deconstruct_keys
    • \r\n
  • XML::DocumentFragment#deconstruct
    • \r\n
  • XML::NodeSet#deconstruct
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 673756f\r\nversion bump to v1.16.2
    • \r\n
  • 74ffd67\r\ndep: update libxml to 2.12.5 (branch v1.16.x) (#3122)
    • \r\n
  • 0d4018d\r\ndep: update libxml2 to v2.12.5
    • \r\n
  • f33a25f\r\ndep: remove patch from #3112\r\nwhich has been released upstream
    • \r\n
  • e994168\r\nversion bump to v1.16.1
    • \r\n
  • 77ea2f2\r\ndev: add files to manifest ignore list
    • \r\n
  • 756f27c\r\nbuild(deps): bump actions/{download,upload}-artifact from 3 to 4
    • \r\n
  • 464f8d4\r\n.gitignore: clangd-related files
    • \r\n
  • 2beeb96\r\ndoc: update CHANGELOG
    • \r\n
  • a26536d\r\nfix: apply upstream patch for in-context parsing (#3116)
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.15.5&new-version=1.16.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/Betterment/uncruft/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump nokogiri from 1.15.5 to 1.16.2 (#20)"}},{"before":null,"after":"d92f56030b999bf7ecd51888573da89958825582","ref":"refs/heads/dependabot/bundler/nokogiri-1.16.2","pushedAt":"2024-02-06T03:51:47.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump nokogiri from 1.15.5 to 1.16.2\n\nBumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.15.5 to 1.16.2.\n- [Release notes](https://github.com/sparklemotion/nokogiri/releases)\n- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.15.5...v1.16.2)\n\n---\nupdated-dependencies:\n- dependency-name: nokogiri\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump nokogiri from 1.15.5 to 1.16.2"}},{"before":"899aa5f706910c249dc6a826740b3dea06e506c6","after":null,"ref":"refs/heads/gemfile-platforms","pushedAt":"2024-01-02T22:52:12.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"smudge","name":"Nathan Griffith","path":"/smudge","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/83998?s=80&v=4"}},{"before":"678e083637701b4dc38086d92f39b75584aa97ef","after":"b8bc9a7c8ec46f19a830e5b10105339c5f0e6f68","ref":"refs/heads/main","pushedAt":"2024-01-02T22:52:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"smudge","name":"Nathan Griffith","path":"/smudge","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/83998?s=80&v=4"},"commit":{"message":"Add M1 chips to lockfile platforms (#19)\n\nWhen running build commands locally, I'm seeing a diff because I'm on an older Apple Silicon chip 😅","shortMessageHtmlLink":"Add M1 chips to lockfile platforms (#19)"}},{"before":null,"after":"899aa5f706910c249dc6a826740b3dea06e506c6","ref":"refs/heads/gemfile-platforms","pushedAt":"2024-01-02T22:45:46.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"smudge","name":"Nathan Griffith","path":"/smudge","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/83998?s=80&v=4"},"commit":{"message":"Add M1 chips to lockfile platforms","shortMessageHtmlLink":"Add M1 chips to lockfile platforms"}},{"before":"be12db00cd40692e2210bdf73b4948e7241d7e95","after":"678e083637701b4dc38086d92f39b75584aa97ef","ref":"refs/heads/main","pushedAt":"2024-01-02T22:43:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"smudge","name":"Nathan Griffith","path":"/smudge","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/83998?s=80&v=4"},"commit":{"message":"drop ruby <3.0 and rails <6.1 support (#18)\n\n**Summary of changes**:\r\n- Drops support for Rails < 6.1\r\n- Drops support for Ruby < 3.0\r\n- Commits Gemfile .lock files to repo\r\n- Bumps gem version to 0.4.0\r\n\r\n---------\r\n\r\nCo-authored-by: Harris Effron ","shortMessageHtmlLink":"drop ruby <3.0 and rails <6.1 support (#18)"}},{"before":"a837b43507cda036edceef54cb92d1e8d15d7500","after":"be12db00cd40692e2210bdf73b4948e7241d7e95","ref":"refs/heads/main","pushedAt":"2023-10-09T14:53:42.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"smudge","name":"Nathan Griffith","path":"/smudge","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/83998?s=80&v=4"},"commit":{"message":"Rails 7.1, Ruby 3.1, and Ruby 3.2 (#15)\n\nThis adds Rails 7.1, Ruby 3.1, and Ruby 3.2 to the build matrix.\r\n\r\nThe gem already works with these versions, but now they are formally\r\ntested. (As such, I bumped the gem by a patch version, to signify that\r\nthis is the first verified-compatible release.)","shortMessageHtmlLink":"Rails 7.1, Ruby 3.1, and Ruby 3.2 (#15)"}},{"before":"58a46f6d462206f2af33703f3f75bb8211c05572","after":null,"ref":"refs/heads/devin-vendored-bin-path","pushedAt":"2023-04-27T20:52:21.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"smudge","name":"Nathan Griffith","path":"/smudge","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/83998?s=80&v=4"}},{"before":"b7a83f04ab590ed5a69d879ca4fe91a2ac37b874","after":"a837b43507cda036edceef54cb92d1e8d15d7500","ref":"refs/heads/main","pushedAt":"2023-04-27T20:52:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"smudge","name":"Nathan Griffith","path":"/smudge","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/83998?s=80&v=4"},"commit":{"message":"Normalize vendored ruby bin paths (#14)","shortMessageHtmlLink":"Normalize vendored ruby bin paths (#14)"}},{"before":null,"after":"58a46f6d462206f2af33703f3f75bb8211c05572","ref":"refs/heads/devin-vendored-bin-path","pushedAt":"2023-04-27T20:31:56.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"devinburnette","name":"Devin Burnette","path":"/devinburnette","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13012689?s=80&v=4"},"commit":{"message":"normalize vendored ruby bin paths","shortMessageHtmlLink":"normalize vendored ruby bin paths"}},{"before":"d4c4e22fad2e647e7c8ec1419eef1a95022a2024","after":null,"ref":"refs/heads/devin-normalize-ruby-home","pushedAt":"2023-04-27T17:46:00.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"devinburnette","name":"Devin Burnette","path":"/devinburnette","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13012689?s=80&v=4"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAET-dpYgA","startCursor":null,"endCursor":null}},"title":"Activity · Betterment/uncruft"}