Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security - Dependabot patching, minamal minor version bumps. #13

Open
wants to merge 58 commits into
base: master
Choose a base branch
from
Open

Security - Dependabot patching, minamal minor version bumps. #13

wants to merge 58 commits into from

Commits on Dec 4, 2018

  1. Specify dependency versions directly in Gemfile & gemspec (#3) 

    * specify dependency versions in Gemfile, not Gemfile.lock

* loosen dependency versions for pry
    @lavaturtle
    lavaturtle authored Dec 4, 2018
    Configuration menu
    Copy the full SHA
    0f15dae View commit details
    Browse the repository at this point in the history

  2. Version bump to 0.1.1

    @lavaturtle
    lavaturtle committed Dec 4, 2018
    Configuration menu
    Copy the full SHA
    e67cdf0 View commit details
    Browse the repository at this point in the history

  3. Regenerate gemspec for version 0.1.1

    @lavaturtle
    lavaturtle committed Dec 4, 2018
    Configuration menu
    Copy the full SHA
    007bdae View commit details
    Browse the repository at this point in the history

  4. update vertebrae to 0.5.0 with basic auth change

    @lavaturtle
    lavaturtle committed Dec 4, 2018
    Configuration menu
    Copy the full SHA
    2628ff6 View commit details
    Browse the repository at this point in the history

  5. Version bump to 0.1.2

    @lavaturtle
    lavaturtle committed Dec 4, 2018
    Configuration menu
    Copy the full SHA
    0d11f29 View commit details
    Browse the repository at this point in the history

  6. Regenerate gemspec for version 0.1.2

    @lavaturtle
    lavaturtle committed Dec 4, 2018
    Configuration menu
    Copy the full SHA
    a4786a9 View commit details
    Browse the repository at this point in the history

Commits on May 2, 2019

  1. Upgraded ruby version to 2.5.3

    @anero
    anero committed May 2, 2019
    Configuration menu
    Copy the full SHA
    a91a5b3 View commit details
    Browse the repository at this point in the history

Commits on Apr 30, 2020

  1. loosen vertebrae requirement

    @woodhull
    woodhull committed Apr 30, 2020
    Configuration menu
    Copy the full SHA
    b644717 View commit details
    Browse the repository at this point in the history

Commits on May 6, 2020

  1. Add rubocop, fix travis config.

    @woodhull
    woodhull committed May 6, 2020
    Configuration menu
    Copy the full SHA
    d46c324 View commit details
    Browse the repository at this point in the history

  2. fix yml spacing.

    @woodhull
    woodhull committed May 6, 2020
    Configuration menu
    Copy the full SHA
    61d0e50 View commit details
    Browse the repository at this point in the history

  3. update ruby version.

    @woodhull
    woodhull committed May 6, 2020
    Configuration menu
    Copy the full SHA
    b715848 View commit details
    Browse the repository at this point in the history

  4. update juwelier, loosen bundler restrictions.

    @woodhull
    woodhull committed May 6, 2020
    Configuration menu
    Copy the full SHA
    82a0840 View commit details
    Browse the repository at this point in the history

Commits on Jul 13, 2020

  1. Bump rack from 2.0.3 to 2.2.3 

    Bumps [rack](https://github.com/rack/rack) from 2.0.3 to 2.2.3.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md)
- [Commits](rack/rack@2.0.3...2.2.3)

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Jul 13, 2020
    Configuration menu
    Copy the full SHA
    97d06f9 View commit details
    Browse the repository at this point in the history

  2. Bump nokogiri from 1.8.2 to 1.10.10 

    Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.8.2 to 1.10.10.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.8.2...v1.10.10)

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Jul 13, 2020
    Configuration menu
    Copy the full SHA
    5cc74e7 View commit details
    Browse the repository at this point in the history

Commits on Jul 20, 2020

  1. Add .circleci/config.yml

    James Hulme committed Jul 20, 2020
    Configuration menu
    Copy the full SHA
    c55f86e View commit details
    Browse the repository at this point in the history

  2. Merge pull request #5 from 38degrees/circleci-project-setup 

    Add .circleci/config.yml
    James Hulme authored Jul 20, 2020
    Configuration menu
    Copy the full SHA
    75ef04e View commit details
    Browse the repository at this point in the history

Commits on Jul 21, 2020

  1. Merge pull request #1 from 38degrees/dependabot/bundler/rack-2.2.3 

    Bump rack from 2.0.3 to 2.2.3
    James Hulme authored Jul 21, 2020
    Configuration menu
    Copy the full SHA
    ae5fbf9 View commit details
    Browse the repository at this point in the history

  2. Bump rake from 12.0.0 to 13.0.1 

    Bumps [rake](https://github.com/ruby/rake) from 12.0.0 to 13.0.1.
- [Release notes](https://github.com/ruby/rake/releases)
- [Changelog](https://github.com/ruby/rake/blob/master/History.rdoc)
- [Commits](ruby/rake@v12.0.0...v13.0.1)

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Jul 21, 2020
    Configuration menu
    Copy the full SHA
    a209a49 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #2 from 38degrees/dependabot/bundler/rake-13.0.1 

    Bump rake from 12.0.0 to 13.0.1
    James Hulme authored Jul 21, 2020
    Configuration menu
    Copy the full SHA
    eff2754 View commit details
    Browse the repository at this point in the history

  4. Merge pull request #3 from 38degrees/dependabot/bundler/nokogiri-1.10.10 

    Bump nokogiri from 1.8.2 to 1.10.10
    James Hulme authored Jul 21, 2020
    Configuration menu
    Copy the full SHA
    10b9d0c View commit details
    Browse the repository at this point in the history

Commits on Jul 23, 2020

  1. setup code owners

    James Hulme committed Jul 23, 2020
    Configuration menu
    Copy the full SHA
    7de0928 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #6 from 38degrees/codeowners 

    setup code owners
    James Hulme authored Jul 23, 2020
    Configuration menu
    Copy the full SHA
    52b1f9f View commit details
    Browse the repository at this point in the history

  3. Merge pull request #7 from 38degrees/master 

    Master
    James Hulme authored Jul 23, 2020
    Configuration menu
    Copy the full SHA
    e00ecc9 View commit details
    Browse the repository at this point in the history

Commits on Aug 5, 2020

  1. Use ruby 2.6.6

    James Hulme committed Aug 5, 2020
    Configuration menu
    Copy the full SHA
    c62ad5a View commit details
    Browse the repository at this point in the history

  2. Remove gemfile.lock

    James Hulme committed Aug 5, 2020
    Configuration menu
    Copy the full SHA
    35c2c32 View commit details
    Browse the repository at this point in the history

  3. Merge remote-tracking branch 'controlshift/main' into main

    James Hulme committed Aug 5, 2020
    Configuration menu
    Copy the full SHA
    e23ba54 View commit details
    Browse the repository at this point in the history

  4. Run specs and rubocop in CI

    James Hulme committed Aug 5, 2020
    Configuration menu
    Copy the full SHA
    f08c89d View commit details
    Browse the repository at this point in the history

Commits on Aug 6, 2020

  1. Fix rubocop issues

    James Hulme committed Aug 6, 2020
    Configuration menu
    Copy the full SHA
    9c37f33 View commit details
    Browse the repository at this point in the history

  2. Install rspec junit formatter 

    for ci specs
    James Hulme committed Aug 6, 2020
    Configuration menu
    Copy the full SHA
    7e6e860 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #8 from 38degrees/circleci/checks 

    Run specs and rubocop in CI
    James Hulme authored Aug 6, 2020
    Configuration menu
    Copy the full SHA
    3af159b View commit details
    Browse the repository at this point in the history

  4. Fix how gems are installed 

    Simplify the dependencies in the gemspec so there are not 3 copies of
all the dependencies.

Don't put dependencies in the Gemfile, just the gemspec

Commit the Gemfile.lock file
    James Hulme committed Aug 6, 2020
    Configuration menu
    Copy the full SHA
    8d9a898 View commit details
    Browse the repository at this point in the history

  5. Merge pull request #9 from 38degrees/chore/gemfile 

    Fix how gems are installed
    James Hulme authored Aug 6, 2020
    Configuration menu
    Copy the full SHA
    8df4cb1 View commit details
    Browse the repository at this point in the history

  6. Update Rdoc 

    It removes a dependency on a vulnerable version of json

Big jump, but rdoc still runs successfully
    James Hulme committed Aug 6, 2020
    Configuration menu
    Copy the full SHA
    ea28ac8 View commit details
    Browse the repository at this point in the history

  7. Merge pull request #10 from 38degrees/chore/update-deps 

    Update Rdoc
    James Hulme authored Aug 6, 2020
    Configuration menu
    Copy the full SHA
    e09fd75 View commit details
    Browse the repository at this point in the history

Commits on Jan 6, 2021

  1. Create codacy-analysis.yml

    James Hulme authored Jan 6, 2021
    Configuration menu
    Copy the full SHA
    94c4606 View commit details
    Browse the repository at this point in the history

  2. Bump nokogiri from 1.10.10 to 1.11.1 

    Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.10 to 1.11.1.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.10.10...v1.11.1)

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Jan 6, 2021
    Configuration menu
    Copy the full SHA
    4e04c28 View commit details
    Browse the repository at this point in the history

Commits on Jan 18, 2021

  1. Merge pull request #11 from 38degrees/dependabot/bundler/nokogiri-1.11.1 

    Bump nokogiri from 1.10.10 to 1.11.1
    @weatherpixie
    weatherpixie authored Jan 18, 2021
    Configuration menu
    Copy the full SHA
    4e6bdbf View commit details
    Browse the repository at this point in the history

Commits on Apr 30, 2021

  1. Bump rexml from 3.2.4 to 3.2.5 

    Bumps [rexml](https://github.com/ruby/rexml) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/ruby/rexml/releases)
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)
- [Commits](ruby/rexml@v3.2.4...v3.2.5)

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Apr 30, 2021
    Configuration menu
    Copy the full SHA
    e286362 View commit details
    Browse the repository at this point in the history

Commits on May 4, 2021

  1. Merge pull request #12 from 38degrees/dependabot/bundler/rexml-3.2.5 

    Bump rexml from 3.2.4 to 3.2.5
    @weatherpixie
    weatherpixie authored May 4, 2021
    Configuration menu
    Copy the full SHA
    8e2f402 View commit details
    Browse the repository at this point in the history

Commits on May 20, 2021

  1. Bump nokogiri from 1.11.1 to 1.11.5 

    Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.1 to 1.11.5.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.11.1...v1.11.5)

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored May 20, 2021
    Configuration menu
    Copy the full SHA
    2bcea18 View commit details
    Browse the repository at this point in the history

Commits on Jun 23, 2021

  1. Merge pull request #13 from 38degrees/dependabot/bundler/nokogiri-1.11.5 

    Bump nokogiri from 1.11.1 to 1.11.5
    @weatherpixie
    weatherpixie authored Jun 23, 2021
    Configuration menu
    Copy the full SHA
    8bb0166 View commit details
    Browse the repository at this point in the history

Commits on Jul 13, 2021

  1. Bump addressable from 2.7.0 to 2.8.0 

    Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/sporkmonger/addressable/releases)
- [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md)
- [Commits](sporkmonger/addressable@addressable-2.7.0...addressable-2.8.0)

---
updated-dependencies:
- dependency-name: addressable
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Jul 13, 2021
    Configuration menu
    Copy the full SHA
    df70fb5 View commit details
    Browse the repository at this point in the history

Commits on Jul 14, 2021

  1. Merge pull request #14 from 38degrees/dependabot/bundler/addressable-… 

    …2.8.0

Bump addressable from 2.7.0 to 2.8.0
    @weatherpixie
    weatherpixie authored Jul 14, 2021
    Configuration menu
    Copy the full SHA
    3c6b744 View commit details
    Browse the repository at this point in the history

Commits on Sep 2, 2021

  1. Bump rdoc from 6.2.1 to 6.3.1 

    Bumps [rdoc](https://github.com/ruby/rdoc) from 6.2.1 to 6.3.1.
- [Release notes](https://github.com/ruby/rdoc/releases)
- [Changelog](https://github.com/ruby/rdoc/blob/master/History.rdoc)
- [Commits](ruby/rdoc@v6.2.1...v6.3.1)

---
updated-dependencies:
- dependency-name: rdoc
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Sep 2, 2021
    Configuration menu
    Copy the full SHA
    ab222ba View commit details
    Browse the repository at this point in the history

Commits on Sep 20, 2021

  1. Merge pull request #15 from 38degrees/dependabot/bundler/rdoc-6.3.1 

    Bump rdoc from 6.2.1 to 6.3.1
    James Hulme authored Sep 20, 2021
    Configuration menu
    Copy the full SHA
    6ecb1ba View commit details
    Browse the repository at this point in the history

Commits on Sep 28, 2021

  1. Bump nokogiri from 1.11.5 to 1.12.5 

    Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.5 to 1.12.5.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.11.5...v1.12.5)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Sep 28, 2021
    Configuration menu
    Copy the full SHA
    69bddb3 View commit details
    Browse the repository at this point in the history

Commits on Nov 18, 2021

  1. Merge pull request #16 from 38degrees/dependabot/bundler/nokogiri-1.12.5 

    Bump nokogiri from 1.11.5 to 1.12.5
    @weatherpixie
    weatherpixie authored Nov 18, 2021
    Configuration menu
    Copy the full SHA
    8d729a2 View commit details
    Browse the repository at this point in the history

Commits on Feb 26, 2022

  1. Bump nokogiri from 1.12.5 to 1.13.3 

    Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.5 to 1.13.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.12.5...v1.13.3)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Feb 26, 2022
    Configuration menu
    Copy the full SHA
    6054dc6 View commit details
    Browse the repository at this point in the history

Commits on Mar 23, 2022

  1. Merge pull request #17 from 38degrees/dependabot/bundler/nokogiri-1.13.3 

    Bump nokogiri from 1.12.5 to 1.13.3
    @weatherpixie
    weatherpixie authored Mar 23, 2022
    Configuration menu
    Copy the full SHA
    aa50269 View commit details
    Browse the repository at this point in the history

Commits on Apr 12, 2022

  1. Bump nokogiri from 1.13.3 to 1.13.4 

    Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.3 to 1.13.4.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/v1.13.4/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.3...v1.13.4)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Apr 12, 2022
    Configuration menu
    Copy the full SHA
    8f21933 View commit details
    Browse the repository at this point in the history

Commits on Apr 28, 2022

  1. Bump git from 1.7.0 to 1.11.0 

    Bumps [git](https://github.com/ruby-git/ruby-git) from 1.7.0 to 1.11.0.
- [Release notes](https://github.com/ruby-git/ruby-git/releases)
- [Changelog](https://github.com/ruby-git/ruby-git/blob/master/CHANGELOG.md)
- [Commits](ruby-git/ruby-git@v1.7.0...v1.11.0)

---
updated-dependencies:
- dependency-name: git
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Apr 28, 2022
    Configuration menu
    Copy the full SHA
    3e79ee4 View commit details
    Browse the repository at this point in the history

Commits on May 17, 2022

  1. Merge pull request #18 from 38degrees/dependabot/bundler/nokogiri-1.13.4 

    Bump nokogiri from 1.13.3 to 1.13.4
    James Hulme authored May 17, 2022
    Configuration menu
    Copy the full SHA
    570e65f View commit details
    Browse the repository at this point in the history

  2. Merge pull request #19 from 38degrees/dependabot/bundler/git-1.11.0 

    Bump git from 1.7.0 to 1.11.0
    James Hulme authored May 17, 2022
    Configuration menu
    Copy the full SHA
    846a561 View commit details
    Browse the repository at this point in the history

Commits on Oct 21, 2022

  1. Bump nokogiri from 1.13.4 to 1.13.9 

    Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.4 to 1.13.9.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.4...v1.13.9)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 21, 2022
    Configuration menu
    Copy the full SHA
    9704449 View commit details
    Browse the repository at this point in the history

Commits on Jan 9, 2023

  1. Bump git from 1.11.0 to 1.13.0 

    Bumps [git](https://github.com/ruby-git/ruby-git) from 1.11.0 to 1.13.0.
- [Release notes](https://github.com/ruby-git/ruby-git/releases)
- [Changelog](https://github.com/ruby-git/ruby-git/blob/master/CHANGELOG.md)
- [Commits](ruby-git/ruby-git@v1.11.0...v1.13.0)

---
updated-dependencies:
- dependency-name: git
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Jan 9, 2023
    Configuration menu
    Copy the full SHA
    8d6640f View commit details
    Browse the repository at this point in the history

Commits on Jan 17, 2023

  1. Merge pull request #23 from 38degrees/dependabot/bundler/git-1.13.0 

    Bump git from 1.11.0 to 1.13.0

This has high compatibility and is only a minor bump.
    @Tim-Langford
    Tim-Langford authored Jan 17, 2023
    Configuration menu
    Copy the full SHA
    927414d View commit details
    Browse the repository at this point in the history

  2. Merge pull request #22 from 38degrees/dependabot/bundler/nokogiri-1.13.9 

    Bump nokogiri from 1.13.4 to 1.13.9

This has high compatibility and is only a minor bump.
    @Tim-Langford
    Tim-Langford authored Jan 17, 2023
    Configuration menu
    Copy the full SHA
    2fe3a58 View commit details
    Browse the repository at this point in the history

  3. Updated minor versions to deal with dependendency patches.

    @Tim-Langford
    Tim-Langford committed Jan 17, 2023
    Configuration menu
    Copy the full SHA
    197369c View commit details
    Browse the repository at this point in the history