-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spike/security dependency updates #378
Conversation
Bumps [globalid](https://github.com/rails/globalid) from 0.4.2 to 1.0.1. - [Release notes](https://github.com/rails/globalid/releases) - [Commits](rails/globalid@v0.4.2...v1.0.1) --- updated-dependencies: - dependency-name: globalid dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.8. - [Release notes](https://github.com/minimistjs/minimist/releases) - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [rack](https://github.com/rack/rack) from 2.2.3 to 2.2.6.4. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@2.2.3...v2.2.6.4) --- updated-dependencies: - dependency-name: rack dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…1' into spike/security-dependency-updates
…-1.2.8' into spike/security-dependency-updates
… into spike/security-dependency-updates
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me.
Outside the scope of this PR, but noting that Ruby 2.6 reached end of life 1 year and 5 months ago. 😬
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I stand with @joescottdave's comment about EoL on Ruby 2.6; nevertheless, these changes all look good to me to close the dependabot PR's. Once this is in we need to re-evaluate the security alerts to see what else is left?
This PR is related to issue epimorphics/hmlr-linked-data#127 and addresses dependabot dependency updates for #360 , #362 , #366 and #367 . I've locked the
nokogiri
gem to version1.13.10
as well, because the next version after this drops support for Ruby 2.6