Skip to content

chore(deps): bump the bundler-minor group with 5 updates#893

Merged
doerfli merged 1 commit into
mainfrom
dependabot/bundler/bundler-minor-258b2f5b19
Jul 3, 2026
Merged

chore(deps): bump the bundler-minor group with 5 updates#893
doerfli merged 1 commit into
mainfrom
dependabot/bundler/bundler-minor-258b2f5b19

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the bundler-minor group with 5 updates:

Package From To
aws-sdk-s3 1.224.0 1.226.0
omniai 3.6.0 3.7.1
spring 4.6.0 4.7.0
solargraph 0.59.2 0.60.2
selenium-webdriver 4.44.0 4.45.0

Updates aws-sdk-s3 from 1.224.0 to 1.226.0

Changelog

Sourced from aws-sdk-s3's changelog.

1.226.0 (2026-06-16)

  • Feature - Added support for annotations. You can now attach up to 1000 annotations (up to 1 MB each) directly to objects and create, retrieve, list, and delete them using new annotation APIs. Also added support for configuring an annotation table in S3 Metadata.

  • Feature - Multipart copies now support tags_directive, annotations_directive, and metadata_directive options for controlling which source properties are copied to the destination.

  • Issue - Fix error when performing cross-region multipart copies with copy_source_region.

1.225.1 (2026-06-10)

  • Issue - Fix download_file single-request mode not writing to a temporary file when given a String/Pathname destination.

1.225.0 (2026-06-02)

  • Feature - Adding new BDD representation of endpoint ruleset
Commits

Updates omniai from 3.6.0 to 3.7.1

Release notes

Sourced from omniai's releases.

v3.7.1

What's Changed

Full Changelog: ksylvest/omniai@v3.7.0...v3.7.1

v3.7.0

What's Changed

New Contributors

Full Changelog: ksylvest/omniai@v3.6.0...v3.7.0

Commits
  • e7d64d8 Polish instrumentation per review: named predicate, cited contract, loud spec
  • 1f06de7 Sync Gemfile.lock to omniai 3.7.1 (and current rubocop-rspec)
  • a1128d7 Fix http 6 nil response when a logger is configured
  • a068138 Bump rubocop-rspec from 3.9.0 to 3.10.2
  • 5a6dfc3 Satisfy rubocop 1.87 cops
  • f70992c Bump rubocop from 1.84.2 to 1.87.0
  • 111e79c Support http 6: HTTP.persistent returns HTTP::Session
  • c2fcd89 Update http requirement from ~> 5 to >= 5, < 7
  • bd07924 Add normalized finish_reason value object to Chat::Response and Chat::Choice
  • dbc0fcd Document OpenAI-compatible gateway hosts
  • Additional commits viewable in compare view

Updates spring from 4.6.0 to 4.7.0

Release notes

Sourced from spring's releases.

4.7.0

What's Changed

Full Changelog: rails/spring@v4.6.0...v4.7.0

Commits

Updates solargraph from 0.59.2 to 0.60.2

Changelog

Sourced from solargraph's changelog.

0.60.2 - June 27, 2026

  • Extraneous debug output (#1214)
  • Pin rdoc to ~> 7.0 (#1216)

0.60.1 - June 20, 2026

  • Process macro directives from included and extended modules (#1210)
  • Flaky pathname issue (#1211)
  • Check object equality in Pin::Base#nearly? (#1213)

0.60.0 - June 15, 2026

  • Add YARD macro support for DSL methods (#1187)
  • YARD macros - More typecheck fixes (#1188)
  • Macro fixes (#1189)
  • Unused macro methods (#1191)
  • Transitive macros (#1203)
  • Allow CTRL-C interruption of profile command + macro debug logs (#1206)
  • Support for Inline RBS (#1173)
  • Make typechecker errors vim quickfix friendly (#1072)
  • Generate RBS (#812)
Commits

Updates selenium-webdriver from 4.44.0 to 4.45.0

Release notes

Sourced from selenium-webdriver's releases.

Selenium 4.45.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

... (truncated)

Changelog

Sourced from selenium-webdriver's changelog.

4.45.0 (2026-06-15)

  • Support CDP versions: v147, v148, v149
  • deprecate curb http client support (#17443)
  • move Ruby bindings to use typescript get attribute atom (#17524)
  • Move atoms to use the typescript versions (#17532)
  • deprecate Chromium Profile classes (#17557)
  • update bazel test tags (#17558)
  • separate concerns between Service, DriverFinder, and Options (#17564)
  • fix using environment variables to set drivers (#17571)
  • create more obvious test guard keywords as aliases (#17636)
Commits
  • cd6a3cd [build] Prepare for release of selenium-4.45.0 (#17680)
  • bb741bd [build] Automated Browser Version Update (#17658)
  • f53de51 [rb] run minimize test on linux now that #17644 fixed fluxbox startup
  • 3f37cce [rb] set window state before each window test instead of resetting driver
  • 2bfb990 [rb] skip Safari double_click action tests
  • 6008ae6 [rb] skip double_click action test on Safari
  • bf0edc8 [rb] create more obvious test guard keywords as aliases (#17636)
  • c474d76 [build] Automated Browser Version Update (#17609)
  • 13c5344 [rb] streamline tests on github actions runners (#17550)
  • 79af12b [rb] stabilize tests and remove driver-restart workaround in manager spec
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the bundler-minor group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.224.0` | `1.226.0` |
| [omniai](https://github.com/ksylvest/omniai) | `3.6.0` | `3.7.1` |
| [spring](https://github.com/rails/spring) | `4.6.0` | `4.7.0` |
| [solargraph](https://github.com/castwide/solargraph) | `0.59.2` | `0.60.2` |
| [selenium-webdriver](https://github.com/SeleniumHQ/selenium) | `4.44.0` | `4.45.0` |


Updates `aws-sdk-s3` from 1.224.0 to 1.226.0
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Updates `omniai` from 3.6.0 to 3.7.1
- [Release notes](https://github.com/ksylvest/omniai/releases)
- [Commits](ksylvest/omniai@v3.6.0...v3.7.1)

Updates `spring` from 4.6.0 to 4.7.0
- [Release notes](https://github.com/rails/spring/releases)
- [Changelog](https://github.com/rails/spring/blob/main/CHANGELOG.md)
- [Commits](rails/spring@v4.6.0...v4.7.0)

Updates `solargraph` from 0.59.2 to 0.60.2
- [Changelog](https://github.com/castwide/solargraph/blob/master/CHANGELOG.md)
- [Commits](castwide/solargraph@v0.59.2...v0.60.2)

Updates `selenium-webdriver` from 4.44.0 to 4.45.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](SeleniumHQ/selenium@selenium-4.44.0...selenium-4.45.0)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-version: 1.226.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bundler-minor
- dependency-name: omniai
  dependency-version: 3.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bundler-minor
- dependency-name: spring
  dependency-version: 4.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bundler-minor
- dependency-name: solargraph
  dependency-version: 0.60.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bundler-minor
- dependency-name: selenium-webdriver
  dependency-version: 4.45.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bundler-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 4 package(s) with unknown licenses.
  • ⚠️ 2 packages with OpenSSF Scorecard issues.
See the Details below.

License Issues

Gemfile.lock

PackageVersionLicenseIssue Type
aws-partitions1.1263.0NullUnknown License
sorbet-runtime0.6.13321NullUnknown License
llhttp0.6.2NullUnknown License
rbs4.0.3NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
rubygems/aws-partitions 1.1263.0 🟢 6.7
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 10SAST tool is run on all commits
Pinned-Dependencies🟢 10all dependencies are pinned
rubygems/aws-sdk-core 3.252.0 🟢 6.7
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 10SAST tool is run on all commits
Pinned-Dependencies🟢 10all dependencies are pinned
rubygems/aws-sdk-s3 1.226.0 🟢 6.7
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 10SAST tool is run on all commits
Pinned-Dependencies🟢 10all dependencies are pinned
rubygems/commander 5.0.0 ⚠️ 2.8
Details
CheckScoreReason
Dangerous-Workflow⚠️ -1no workflows found
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions⚠️ -1No tokens found
Code-Review🟢 5Found 10/19 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/highline 3.0.1 🟢 4.2
Details
CheckScoreReason
Code-Review🟢 4Found 2/5 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1015 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
License🟢 9license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/http 6.0.3 🟢 5.3
Details
CheckScoreReason
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 1Found 3/29 approved changesets -- score normalized to 1
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 2badge detected: InProgress
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
License🟢 10license file detected
Packaging🟢 10packaging workflow detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/http-cookie 1.1.6 UnknownUnknown
rubygems/llhttp 0.6.2 UnknownUnknown
rubygems/omniai 3.7.1 UnknownUnknown
rubygems/parlour 9.1.2 UnknownUnknown
rubygems/rake 13.4.2 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 5Found 2/4 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/rbs 4.0.3 🟢 4.4
Details
CheckScoreReason
Code-Review🟢 3Found 3/9 approved changesets -- score normalized to 3
Maintained🟢 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/rubocop 1.88.0 🟢 5.7
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 13/20 approved changesets -- score normalized to 6
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/rubyzip 3.4.1 🟢 4.2
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 0/18 approved changesets -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/selenium-webdriver 4.45.0 ⚠️ 2.9
Details
CheckScoreReason
Code-Review🟢 5Found 16/30 approved changesets -- score normalized to 5
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts⚠️ 0binaries present in source code
Security-Policy🟢 9security policy file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 5SAST tool is not run on all commits -- score normalized to 5
rubygems/solargraph 0.60.2 🟢 5
Details
CheckScoreReason
Code-Review⚠️ 1Found 3/23 approved changesets -- score normalized to 1
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/sorbet-runtime 0.6.13321 🟢 6.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST🟢 9SAST tool detected but not run on all commits
rubygems/sord 7.1.0 UnknownUnknown
rubygems/spring 4.7.0 🟢 4.6
Details
CheckScoreReason
Maintained🟢 1024 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 5Found 9/18 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/zeitwerk 2.8.2 🟢 3.8
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ 0Found 1/29 approved changesets -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • Gemfile.lock

@doerfli
doerfli merged commit abadf17 into main Jul 3, 2026
7 checks passed
@doerfli
doerfli deleted the dependabot/bundler/bundler-minor-258b2f5b19 branch July 3, 2026 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant