Bump the bundler group across 1 directory with 5 updates #1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the bundler group with 4 updates in the / directory: sinatra, httparty, json and addressable.
Updates
sinatra
from 2.0.5 to 2.2.3Changelog
Sourced from sinatra's changelog.
... (truncated)
Commits
0bdb254
2.2.3 release43df742
Remove rdoc580b271
fix ReDoS9031a44
Pin haml to v50455c8e
Pin Puma to v51808bcd
escape filename in the Content-Disposition headeree12b18
Note potential breaking change in 2.2.0 release9c1ed08
Update CHANGELOG.mda2b8243
2.2.2 release6534799
Update mustermann to ~> 2.0Updates
httparty
from 0.16.3 to 0.21.0Changelog
Sourced from httparty's changelog.
... (truncated)
Commits
Updates
json
from 2.1.0 to 2.3.0Release notes
Sourced from json's releases.
Changelog
Sourced from json's changelog.
Commits
92cf5c4
v2.3.0579ae85
Add some more recent jrubyacabfeb
Make tests green on jrubyc194360
Update travis config49317c1
Ignore log filesd84439f
Merge pull request #391 from headius/prep_2.3.038f68d1
Bump versions for 2.3.0.40524a9
Merge pull request #390 from flori/relax-test-unit87379e6
relax test-unit version for old ruby05de02f
Merge branch 'zenspider-zenspider/ruby-2.7'Updates
addressable
from 2.6.0 to 2.8.0Changelog
Sourced from addressable's changelog.
Commits
6469a23
Updating gemspec again2433638
Merge branch 'main' of github.com:sporkmonger/addressable into maine9c76b8
Merge pull request #378 from ashmaroli/flat-map56c5cf7
Update the gemspecc1fed1c
Require a non-vulnerable rake0d8a312
Adding note about ReDoS vulnerability89c7613
Merge branch 'template-regexp' into maincf8884f
Note about alias fixbb03f71
Merge pull request #371 from charleystran/add_missing_encode_component_doc_entry6d1d809
Adding note about :compacted normalizationUpdates
rack
from 2.0.6 to 2.2.9Release notes
Sourced from rack's releases.
Changelog
Sourced from rack's changelog.
... (truncated)
Commits
b1deebd
Bump patch version.f7d40f9
Merge branch '2-2-sec' into 2-2-stablee830011
bump versiond9c163a
Avoid 2nd degree polynomial regexp in MediaType6245768
Return an empty array when ranges are too largee4c1177
Fixing ReDoS in header parsingfdb12cb
backport #2104 (#2121)99057e6
Update CHANGELOG for 2.2.8 (#2107)3314622
Adds missing 2.2.8 to CHANGELOG.md (#2106)f169ff7
Bump patch version.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.