profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/mverdicchio/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Michael Verdicchio mverdicchio The Citadel Charleston, SC http://www.michaelverdicchio.com

Ike-Clinton/coursePlanner 1

CSCI 420 project - A course planner in Ruby on Rails for faculty to use for planning students course schedules over 4 years.

saasbook/ruql-canvas 1

Canvas LMS API "renderer" for RuQL gem

mverdicchio/awesome-pr-demo 0

This is cool.

create barnchCitadelCS/guard-app

branch : dependabot/npm_and_yarn/ssri-6.0.2

created branch time in 7 hours

PR opened CitadelCS/guard-app

Bump ssri from 6.0.1 to 6.0.2

Bumps ssri from 6.0.1 to 6.0.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md">ssri's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/zkat/ssri/compare/v6.0.1...v6.0.2">6.0.2</a> (2021-04-07)</h2> <h3>Bug Fixes</h3> <ul> <li>backport regex change from 8.0.1 (<a href="https://github.com/zkat/ssri/commit/b30dfdb">b30dfdb</a>), closes <a href="https://github-redirect.dependabot.com/zkat/ssri/issues/19">#19</a></li> </ul> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/ssri/commit/b7c8c7c61db89aeb9fbf7596c0ef17071bc216ef"><code>b7c8c7c</code></a> chore(release): 6.0.2</li> <li><a href="https://github.com/npm/ssri/commit/b30dfdb00bb94ddc49a25a85a18fb27afafdfbb1"><code>b30dfdb</code></a> fix: backport regex change from 8.0.1</li> <li>See full diff in <a href="https://github.com/npm/ssri/compare/v6.0.1...v6.0.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~nlf">nlf</a>, a new releaser for ssri since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+6 -6

0 comment

1 changed file

pr created time in 7 hours

create barnchCitadelCS/guard-app

branch : dependabot/npm_and_yarn/y18n-3.2.2

created branch time in 19 days

PR opened CitadelCS/guard-app

Bump y18n from 3.2.1 to 3.2.2

Bumps y18n from 3.2.1 to 3.2.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/yargs/y18n/commits">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~oss-bot">oss-bot</a>, a new releaser for y18n since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 19 days

push eventsaasbook/courseware

Armando Fox

commit sha 990abbcba14f08fdeff366d0aacb7065df3d4030

smaller icon

view details

push time in 20 days

push eventsaasbook/courseware

Armando Fox

commit sha 97b2e04ac27257b764b339adf2938b8d4dd3c605

smaller cion

view details

push time in 20 days

push eventsaasbook/courseware

Armando Fox

commit sha 780d501fcdf43f912eccfba8567b66f30094d1e3

added icon for use in student facing CHIPS

view details

Armando Fox

commit sha 2f4cd1743b9b76c6aa813477103a4926161066e1

Merge branch 'master' of github.com:saasbook/courseware

view details

push time in 20 days

push eventkevin-wayne/algs4

Kevin Wayne

commit sha 6d836b2dca40a49df12504beb4dd6a3bb5f9dcb9

adds warnings to Javadoc regarding overflow and floating-point rounding errors

view details

push time in a month

delete branch CitadelCS/guard-app

delete branch : dependabot/npm_and_yarn/elliptic-6.5.3

delete time in a month

PR closed CitadelCS/guard-app

Bump elliptic from 6.5.2 to 6.5.3 dependencies javascript

Bumps elliptic from 6.5.2 to 6.5.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/8647803dc3d90506aa03021737f7b061ba959ae1"><code>8647803</code></a> 6.5.3</li> <li><a href="https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec"><code>856fe4d</code></a> signature: prevent malleability and overflows</li> <li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+6 -6

1 comment

1 changed file

dependabot[bot]

pr closed time in a month

pull request commentCitadelCS/guard-app

Bump elliptic from 6.5.2 to 6.5.3

Superseded by #22.

dependabot[bot]

comment created time in a month

PR opened CitadelCS/guard-app

Bump elliptic from 6.5.2 to 6.5.4

Bumps elliptic from 6.5.2 to 6.5.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/43ac7f230069bd1575e1e4a58394a512303ba803"><code>43ac7f2</code></a> 6.5.4</li> <li><a href="https://github.com/indutny/elliptic/commit/f4bc72be11b0a508fb790f445c43534307c9255b"><code>f4bc72b</code></a> package: bump deps</li> <li><a href="https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f"><code>441b742</code></a> ec: validate that a point before deriving keys</li> <li><a href="https://github.com/indutny/elliptic/commit/e71b2d9359c5fe9437fbf46f1f05096de447de57"><code>e71b2d9</code></a> lib: relint using eslint</li> <li><a href="https://github.com/indutny/elliptic/commit/8421a01aa3ff789c79f91eaf8845558a7be2b9fa"><code>8421a01</code></a> build(deps): bump elliptic from 6.4.1 to 6.5.3 (<a href="https://github-redirect.dependabot.com/indutny/elliptic/issues/231">#231</a>)</li> <li><a href="https://github.com/indutny/elliptic/commit/8647803dc3d90506aa03021737f7b061ba959ae1"><code>8647803</code></a> 6.5.3</li> <li><a href="https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec"><code>856fe4d</code></a> signature: prevent malleability and overflows</li> <li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+17 -17

0 comment

1 changed file

pr created time in a month

create barnchCitadelCS/guard-app

branch : dependabot/npm_and_yarn/elliptic-6.5.4

created branch time in a month

delete branch saasbook/courseware

delete branch : dependabot/bundler/vm-setup/rottenpotatoes/json-2.3.0

delete time in a month

delete branch saasbook/courseware

delete branch : dependabot/bundler/vm-setup/rottenpotatoes/sprockets-2.2.3

delete time in a month

delete branch saasbook/courseware

delete branch : dependabot/bundler/discussions/module4/todo_app/rack-2.2.3

delete time in a month

delete branch saasbook/courseware

delete branch : dependabot/bundler/vm-setup/rottenpotatoes/rails-3.2.17

delete time in a month

delete branch saasbook/courseware

delete branch : dependabot/bundler/vm-setup/rottenpotatoes/i18n-0.9.5

delete time in a month

delete branch saasbook/courseware

delete branch : dependabot/bundler/discussions/module4/todo_app/websocket-extensions-0.1.5

delete time in a month

pull request commentsaasbook/courseware

Bump json from 1.8.1 to 2.3.0 in /vm-setup/rottenpotatoes

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot]

comment created time in a month

pull request commentsaasbook/courseware

Bump rack from 2.2.2 to 2.2.3 in /discussions/module4/todo_app

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot]

comment created time in a month

pull request commentsaasbook/courseware

Bump websocket-extensions from 0.1.4 to 0.1.5 in /discussions/module4/todo_app

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot]

comment created time in a month

PR closed saasbook/courseware

Bump json from 1.8.1 to 2.3.0 in /vm-setup/rottenpotatoes dependencies

Bumps json from 1.8.1 to 2.3.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/flori/json/blob/master/CHANGES.md">json's changelog</a>.</em></p> <blockquote> <h2>2019-12-11 (2.3.0)</h2> <ul> <li>Fix default of <code>create_additions</code> to always be <code>false</code> for <code>JSON(user_input)</code> and <code>JSON.parse(user_input, nil)</code>. Note that <code>JSON.load</code> remains with default <code>true</code> and is meant for internal serialization of trusted data. [CVE-2020-10663]</li> <li>Fix passing args all #to_json in json/add/*.</li> <li>Fix encoding issues</li> <li>Fix issues of keyword vs positional parameter</li> <li>Fix JSON::Parser against bigdecimal updates</li> <li>Bug fixes to JRuby port</li> </ul> <h2>2019-02-21 (2.2.0)</h2> <ul> <li>Adds support for 2.6 BigDecimal and ruby standard library Set datetype.</li> </ul> <h2>2017-04-18 (2.1.0)</h2> <ul> <li>Allow passing of <code>decimal_class</code> option to specify a class as which to parse JSON float numbers.</li> </ul> <h2>2017-03-23 (2.0.4)</h2> <ul> <li>Raise exception for incomplete unicode surrogates/character escape sequences. This problem was reported by Daniel Gollahon (dgollahon).</li> <li>Fix arbitrary heap exposure problem. This problem was reported by Ahmad Sherif (ahmadsherif).</li> </ul> <h2>2017-01-12 (2.0.3)</h2> <ul> <li>Set <code>required_ruby_version</code> to 1.9</li> <li>Some small fixes</li> </ul> <h2>2016-07-26 (2.0.2)</h2> <ul> <li>Specify <code>required_ruby_version</code> for json_pure.</li> <li>Fix issue <a href="https://github-redirect.dependabot.com/flori/json/issues/295">#295</a> failure when parsing frozen strings.</li> </ul> <h2>2016-07-01 (2.0.1)</h2> <ul> <li>Fix problem when requiring json_pure and Parser constant was defined top level.</li> <li>Add <code>RB_GC_GUARD</code> to avoid possible GC problem via Pete Johns.</li> <li>Store <code>current_nesting</code> on stack by Aaron Patterson.</li> </ul> <h2>2015-09-11 (2.0.0)</h2> <ul> <li>Now complies to newest JSON RFC 7159.</li> <li>Implements compatibiliy to ruby 2.4 integer unification.</li> <li>Drops support for old rubies whose life has ended, that is rubies < 2.0. Also see <a href="https://www.ruby-lang.org/en/news/2014/07/01/eol-for-1-8-7-and-1-9-2/">https://www.ruby-lang.org/en/news/2014/07/01/eol-for-1-8-7-and-1-9-2/</a></li> <li>There were still some mentions of dual GPL licensing in the source, but JSON has just the Ruby license that itself includes an explicit dual-licensing clause that allows covered software to be distributed under the terms of the Simplified BSD License instead for all ruby versions >= 1.9.3. This is however a GPL compatible license according to the Free Software Foundation. I changed these mentions to be consistent with the Ruby license setting in the gemspec files which were already correct now.</li> </ul> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/flori/json/commit/92cf5c451a6ec0f3a00e291eb909e57cf38fbea4"><code>92cf5c4</code></a> v2.3.0</li> <li><a href="https://github.com/flori/json/commit/579ae85676f8a41c62ce9d2230db969ead9707bb"><code>579ae85</code></a> Add some more recent jruby</li> <li><a href="https://github.com/flori/json/commit/acabfebf14361090af1771ecc3c22b8dcb740421"><code>acabfeb</code></a> Make tests green on jruby</li> <li><a href="https://github.com/flori/json/commit/c194360ac2677fec94b05d9507e9e54871940335"><code>c194360</code></a> Update travis config</li> <li><a href="https://github.com/flori/json/commit/49317c1328fc08e6bd146164e7ef16c7cde84e0f"><code>49317c1</code></a> Ignore log files</li> <li><a href="https://github.com/flori/json/commit/d84439f522ec37119b115009d3779fed6e0fa842"><code>d84439f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/flori/json/issues/391">#391</a> from headius/prep_2.3.0</li> <li><a href="https://github.com/flori/json/commit/38f68d1e05174fa466dcabbc924d2098f0d8b824"><code>38f68d1</code></a> Bump versions for 2.3.0.</li> <li><a href="https://github.com/flori/json/commit/40524a99868ea6f29daf876c09ac539ab5b24f82"><code>40524a9</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/flori/json/issues/390">#390</a> from flori/relax-test-unit</li> <li><a href="https://github.com/flori/json/commit/87379e694a103e0db18c1c8f652b0112d8239ebf"><code>87379e6</code></a> relax test-unit version for old ruby</li> <li><a href="https://github.com/flori/json/commit/05de02f4e2813e87280a408596ccc912decb277c"><code>05de02f</code></a> Merge branch 'zenspider-zenspider/ruby-2.7'</li> <li>Additional commits viewable in <a href="https://github.com/flori/json/compare/v1.8.1...v2.3.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+19 -12

1 comment

1 changed file

dependabot[bot]

pr closed time in a month

pull request commentsaasbook/courseware

Bump i18n from 0.6.5 to 0.9.5 in /vm-setup/rottenpotatoes

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot]

comment created time in a month

PR closed saasbook/courseware

Bump rack from 2.2.2 to 2.2.3 in /discussions/module4/todo_app dependencies

Bumps rack from 2.2.2 to 2.2.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rack/rack/blob/master/CHANGELOG.md">rack's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference <a href="https://keepachangelog.com/en/1.0.0/">Keep A Changelog</a>.</p> <h2>[3.0.0] - Unreleased</h2> <h3>Changed</h3> <ul> <li>BREAKING CHANGE: Require <code>status</code> to be an Integer. (<a href="https://github-redirect.dependabot.com/rack/rack/pull/1662">#1662</a>, <a href="https://github.com/olleolleolle">@olleolleolle</a>)</li> <li>Relax validations around <code>Rack::Request#host</code> and <code>Rack::Request#hostname</code>. (<a href="https://github-redirect.dependabot.com/rack/rack/issues/1606">#1606</a>, <a href="https://github.com/pvande">@pvande</a>)</li> <li>Removed antiquated handlers: FCGI, LSWS, SCGI, Thin. (<a href="https://github-redirect.dependabot.com/rack/rack/pull/1658">#1658</a>, <a href="https://github.com/ioquatix">@ioquatix</a>)</li> <li>Removed options from <code>Rack::Builder.parse_file</code> and <code>Rack::Builder.load_file</code>. (<a href="https://github-redirect.dependabot.com/rack/rack/pull/1663">#1663</a>, <a href="https://github.com/ioquatix">@ioquatix</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix using Rack::Session::Cookie with coder: Rack::Session::Cookie::Base64::{JSON,Zip}. (<a href="https://github-redirect.dependabot.com/rack/rack/issues/1666">#1666</a>, <a href="https://github.com/jeremyevans">@jeremyevans</a>)</li> <li>Avoid NoMethodError when accessing Rack::Session::Cookie without requiring delegate first. (<a href="https://github-redirect.dependabot.com/rack/rack/issues/1610">#1610</a>, <a href="https://github.com/onigra">@onigra</a>)</li> <li>Handle cookies with values that end in '=' (<a href="https://github-redirect.dependabot.com/rack/rack/pull/1645">#1645</a>, <a href="https://github.com/lukaso">@lukaso</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rack/rack/commit/1741c580d71cfca8e541e96cc372305c8892ee74"><code>1741c58</code></a> bump version</li> <li><a href="https://github.com/rack/rack/commit/5ccca4722668083732ea2d35c56565fcc25312f8"><code>5ccca47</code></a> When parsing cookies, only decode the values</li> <li>See full diff in <a href="https://github.com/rack/rack/compare/v2.2.2...2.2.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

pull request commentsaasbook/courseware

Bump sprockets from 2.2.2 to 2.2.3 in /vm-setup/rottenpotatoes

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot]

comment created time in a month

PR closed saasbook/courseware

Bump websocket-extensions from 0.1.4 to 0.1.5 in /discussions/module4/todo_app dependencies

Bumps websocket-extensions from 0.1.4 to 0.1.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/faye/websocket-extensions-ruby/blob/master/CHANGELOG.md">websocket-extensions's changelog</a>.</em></p> <blockquote> <h3>0.1.5 / 2020-06-02</h3> <ul> <li>Remove a ReDoS vulnerability in the header parser (CVE-2020-7663)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/faye/websocket-extensions-ruby/commit/8108e77333026634eda1a6a32f32da3a7a1da8c4"><code>8108e77</code></a> Bump version to 0.1.5</li> <li><a href="https://github.com/faye/websocket-extensions-ruby/commit/c36eb3e010dce9eabc7415dbe05cafaa0ae83cd4"><code>c36eb3e</code></a> Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser</li> <li><a href="https://github.com/faye/websocket-extensions-ruby/commit/8174a4a0f95b8f35ea42595d9d4d88debf492521"><code>8174a4a</code></a> Test on JRuby 9.{0,1,2} rather than "head"</li> <li><a href="https://github.com/faye/websocket-extensions-ruby/commit/96059802a6649ad3ca63625ffc5b5dbcd9ea91d9"><code>9605980</code></a> Update Ruby versions 2.4 to 2.7 on Travis</li> <li><a href="https://github.com/faye/websocket-extensions-ruby/commit/bd6d0acc01fa985f014d37183f0c7854b86b60f9"><code>bd6d0ac</code></a> Mention license change in the changelog</li> <li><a href="https://github.com/faye/websocket-extensions-ruby/commit/a8c847876b2242d562e6186b6fd90dd073b9fcd2"><code>a8c8478</code></a> Formatting change: {...} should have spaces inside the braces</li> <li>See full diff in <a href="https://github.com/faye/websocket-extensions-ruby/compare/0.1.4...0.1.5">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

pull request commentsaasbook/courseware

Bump rails from 3.2.15 to 3.2.17 in /vm-setup/rottenpotatoes

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot]

comment created time in a month

PR closed saasbook/courseware

Bump i18n from 0.6.5 to 0.9.5 in /vm-setup/rottenpotatoes dependencies

Bumps i18n from 0.6.5 to 0.9.5. <details> <summary>Release notes</summary>

Sourced from i18n's releases.

v0.9.5

  • #404 reported a regression in 0.9.3, which wasn't fixed by 0.9.4. #408 fixes this issue.

Thanks @​wjordan!

v0.9.4

  • Fixed a regression with chained backends introduced in v0.9.3 (#402) - #405 - bug report / #407 - PR to fix
  • Optimize Backend::Simple#available_locales - reports are that this is now 4x faster than previously - #406

v0.9.3

(For those wondering where v0.9.2 went: I got busy after I pushed the commit for the release, so there was no gem release that day. I am not busy today, so here is v0.9.3 in its stead. This changelog contains changes from v0.9.1 -> v0.9.3)

  • I18n no longer stores translations for unavailable locales. #391.
  • Added the ability to interpolate with arrays #395.
  • Documentation for lambda has been corrected. #396
  • I18n will use oj -- a faster JSON library -- but only if it is available. #398
  • Fixed an issue with translate and default: [false] as an option. #399
  • Fixed an issue with translate with nil and empty keys. #400
  • Fix issue with disabled subtrees and pluralization for KeyValue backend #402

Thank you to @​stereobooster, @​fatkodima and @​lulalala for the patches that went towards this release. We appreciate your efforts!

v0.9.1

  • Reverted Hash#slice behaviour introduced with #250 - See #390.
  • Fixed a regression caused by #387, where translations may have returned a not-helpful error message - See #389

v0.9.0

  • Made Backend::Memoize threadsafe. See #51 and #352.
  • Added a middleware I18n::Middleware that should be used to ensure that i18n config is reset correctly between requests. See #381 and #382.

v0.8.6

Fixed a small regression introduced in v0.8.5 when using fallbacks - See #378

v0.8.5

  • Improved error message for MissingPluralizationKey error - See #371
  • Fixed a thread issue when calling translate when fallbacks were enabled - See #369

v0.8.4

Reverted #236 - "Don't allow nil to be submitted as a key to I18n.translate" - See #370

v0.8.3

I18n::Gettext#plural_keys will now return a hash from Gettext if no arguments are provided - svenfuchs/i18n#122 Fixed a bug where passing false to translate would not translate that value - svenfuchs/i18n#367

v0.8.2

Do not allow nil to be passed to translate - svenfuchs/i18n#236 </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

  • 416859a Bump to 0.9.5
  • 5c28de8 Lock Rake to 12.2.x versions
  • 29fe565 Merge pull request #408 from wjordan/enforce_available_locales_false_fix
  • 596a71d store translations for unavailable locales if enforce_available_locales is false
  • 888abcb Bump to 0.9.4
  • ba8b206 Merge pull request #407 from fatkodima/fix-key-value-subtrees
  • 9ddc9f5 Merge pull request #406 from jhawthorn/optimize_available_locales
  • 77c26aa Fix Chained backend with KeyValue
  • 7eb3576 Optimize Backend::Simple#available_locales
  • 7c6ccf4 Bump to 0.9.3
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+9 -1

1 comment

1 changed file

dependabot[bot]

pr closed time in a month

PR closed saasbook/courseware

Bump jquery-rails from 3.0.4 to 3.1.3 in /vm-setup/rottenpotatoes

Bumps jquery-rails from 3.0.4 to 3.1.3. <details> <summary>Changelog</summary>

Sourced from jquery-rails's changelog.

3.1.3 (16 June 2015)

  • Fix CSP bypass vulnerability. CVE-2015-1840

3.1.2 (1 September 2014)

  • Updated to jquery-ujs 1.0.1

3.1.1 (23 June 2014)

  • Updated to jQuery 1.11.1
  • Updated to jquery-ujs 1.0.0

3.1.0 (29 January 2014)

  • Updated to jQuery 1.11.0
  • Updated to latest jquery-ujs
  • Added development rake task for updating jQuery </details> <details> <summary>Commits</summary>
  • ee1ed3c Release 3.1.3
  • 92f2a9d Upgrade jquery-ujs to do proper checks for cross domain requests
  • 135ba0f Release 3.1.2
  • 1eabddd Update to latest jquery-ujs.
  • d3bc214 Merge branch 'master' into 3-1-stable
  • 4bc300a Merge pull request #164 from mattmenefee/patch-1
  • 0374462 Update Changelog.md to correct release year
  • a3e9a29 Merge pull request #163 from dy-dx/update-readme
  • 614d06a updated readme with jQuery version 1.11.1
  • 7d0cf26 Release 3.1.1
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+20 -13

0 comment

1 changed file

dependabot[bot]

pr closed time in a month