Bump the bundler group across 1 directory with 6 updates

[dependabot]

Bumps the bundler group with 4 updates in the / directory: activesupport, addressable, faraday and rexml.

Updates activesupport from 3.2.22.5 to 6.1.7.5

Release notes

Sourced from activesupport's releases.

6.1.7.5 Release

Active Support

• Use a temporary file for storing unencrypted files while editing

  [CVE-2023-38037]

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

... (truncated)

Commits

• 3a1b615 Preparing for 6.1.7.5 release
• c2af578 bumping version / changelog
• c85cc66 Use a temporary file for storing unencrypted files while editing
• 7d949d7 Preparing for 6.1.7.4 release
• f09dc7c Preparing for 6.1.7.3 release
• 7167e53 Prepare version 6.1.7.3
• 3cf23c3 Implement SafeBuffer#bytesplice
• 3e0c1a5 Version 6.1.7.2
• c443466 Version 6.1.7.1
• a7cda7e Avoid regex backtracking in Inflector.underscore
• Additional commits viewable in compare view

Updates addressable from 2.7.0 to 2.8.0

Changelog

Sourced from addressable's changelog.

Addressable 2.8.0

• fixes ReDoS vulnerability in Addressable::Template#match
• no longer replaces + with spaces in queries for non-http(s) schemes
• fixed encoding ipv6 literals
• the :compacted flag for normalized_query now dedupes parameters
• fix broken escape_component alias
• dropping support for Ruby 2.0 and 2.1
• adding Ruby 3.0 compatibility for development tasks
• drop support for rack-mount and remove Addressable::Template#generate
• performance improvements
• switch CI/CD to GitHub Actions

Commits

• 6469a23 Updating gemspec again
• 2433638 Merge branch 'main' of github.com:sporkmonger/addressable into main
• e9c76b8 Merge pull request #378 from ashmaroli/flat-map
• 56c5cf7 Update the gemspec
• c1fed1c Require a non-vulnerable rake
• 0d8a312 Adding note about ReDoS vulnerability
• 89c7613 Merge branch 'template-regexp' into main
• cf8884f Note about alias fix
• bb03f71 Merge pull request #371 from charleystran/add_missing_encode_component_doc_entry
• 6d1d809 Adding note about :compacted normalization
• Additional commits viewable in compare view

Updates commonmarker from 0.17.13 to 0.23.12

Release notes

Sourced from commonmarker's releases.

v0.23.12

Full Changelog: gjtorikian/commonmarker@v0.23.11...v0.23.12

v0.23.11

What's Changed

• [0.x] Fix memory leaks of string buffers by @​jhawthorn in gjtorikian/commonmarker#320

New Contributors

• @​jhawthorn made their first contribution in gjtorikian/commonmarker#320

Full Changelog: gjtorikian/commonmarker@v0.23.10...v0.23.11

v0.23.10

What's Changed

• Update to 0.29.0.gfm.13 by @​anticomputer in gjtorikian/commonmarker#247

Full Changelog: gjtorikian/commonmarker@v0.23.9...v0.23.10

v0.23.9

What's Changed

• Update to 0.29.0.gfm.11 by @​anticomputer in gjtorikian/commonmarker#236

Full Changelog: gjtorikian/commonmarker@v0.23.8...v0.23.9

v0.23.8

What's Changed

• Update cmark-upstream to 0.29.0.gfm.9 by @​smockle in gjtorikian/commonmarker#227

New Contributors

• @​smockle made their first contribution in gjtorikian/commonmarker#227

Full Changelog: gjtorikian/commonmarker@v0.23.7...v0.23.8

v0.23.7

What's Changed

• C API stable test by @​gjtorikian in gjtorikian/commonmarker#201
• Update to 29.0.gfm.7 by @​anticomputer in gjtorikian/commonmarker#224

Full Changelog: gjtorikian/commonmarker@v0.23.6...v0.23.7

v0.23.7.pre1

What's Changed

• C API stable test by @​gjtorikian in gjtorikian/commonmarker#201

Full Changelog: gjtorikian/commonmarker@v0.23.6...v0.23.7.pre1

... (truncated)

Changelog

Sourced from commonmarker's changelog.

[v2.6.3] - 23-01-2026

What's Changed

• Move ignore_setext to parse options by @​JunichiIto in gjtorikian/commonmarker#437

New Contributors

• @​JunichiIto made their first contribution in gjtorikian/commonmarker#437

Full Changelog: gjtorikian/commonmarker@v2.6.2...v2.6.3

[v2.6.2] - 19-01-2026

What's Changed

• Bump rb-sys from 0.9.123 to 0.9.124 by @​dependabot[bot] in gjtorikian/commonmarker#433
• Memory management improvements by @​gjtorikian in gjtorikian/commonmarker#435

Full Changelog: gjtorikian/commonmarker@v2.6.1...v2.6.2

[v2.6.1] - 06-01-2026

What's Changed

• Bump rb-sys from 0.9.117 to 0.9.118 by @​dependabot[bot] in gjtorikian/commonmarker#417
• Bump rb-sys from 0.9.118 to 0.9.119 by @​dependabot[bot] in gjtorikian/commonmarker#418
• Bump comrak from 0.48.0 to 0.49.0 by @​dependabot[bot] in gjtorikian/commonmarker#419
• Bump actions/cache from 4 to 5 by @​dependabot[bot] in gjtorikian/commonmarker#422
• Bump rb-sys from 0.9.119 to 0.9.123 by @​dependabot[bot] in gjtorikian/commonmarker#423
• Support Ruby 4.0 by @​gjtorikian in gjtorikian/commonmarker#426

Full Changelog: gjtorikian/commonmarker@v2.6.0...v2.6.1

[v2.6.0] - 03-12-2025

What's Changed

• Bump comrak from 0.44.0 to 0.46.0 by @​dependabot[bot] in gjtorikian/commonmarker#405
• Bump comrak from 0.46.0 to 0.47.0 by @​dependabot[bot] in gjtorikian/commonmarker#406
• Bump comrak from 0.47.0 to 0.48.0 by @​dependabot[bot] in gjtorikian/commonmarker#409
• Newline handling has been updated. See comrak's release notes for more deetails.
• Remove uses of magnus::Ruby::get* by @​kivikakk in gjtorikian/commonmarker#411
• Add features from comrak v0.48.0 by @​gjtorikian in gjtorikian/commonmarker#412
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in gjtorikian/commonmarker#413
• 💎 bump to 2.6.0 by @​gjtorikian in gjtorikian/commonmarker#415

Full Changelog: gjtorikian/commonmarker@v2.5.0...v2.6.0

[v2.5.0] - 14-10-2025

What's Changed

• Bump syntect from 5.2.0 to 5.3.0 by @​dependabot[bot] in gjtorikian/commonmarker#399
• Bump magnus from 0.8.1 to 0.8.2 by @​dependabot[bot] in gjtorikian/commonmarker#400
• Bump Comrak to 0.44.0, add inline_footnotes support. by @​kivikakk in gjtorikian/commonmarker#401
• 💎 2.5.0 by @​kivikakk in gjtorikian/commonmarker#402

Full Changelog: gjtorikian/commonmarker@v2.4.1...v2.5.0

[v2.4.1] - 29-09-2025

What's Changed

... (truncated)

Commits

• cd435f7 Support GCC15
• 1d6e5eb Use append_cflags instead of modifying CFLAGS directly
• 5d9976b Merge pull request #320 from jhawthorn/c-api-stable-memory-leaks
• b0df48c Bump version to 0.23.11
• 36b34b9 Fix memory leaks
• db8cd37 Merge pull request #247 from anticomputer/update-to-0.29.0.gfm.13
• e1e450c 💎 release 0.23.10
• 08b7c4b Update cmark-upstream to github/cmark-gfm@587a12bb5...
• d0e81e2 I've used this version of the update_submodules script for several releases, ...
• 42cfc90 Merge pull request #236 from anticomputer/update-to-0.29.0.gfm.10
• Additional commits viewable in compare view

Updates faraday from 1.4.1 to 2.14.1

Release notes

Sourced from faraday's releases.

v2.14.1

Security Note

This release contains a security fix, we recommend all users to upgrade as soon as possible. A Security Advisory with more details will be posted shortly.

What's Changed

• Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by @​Copilot in lostisland/faraday#1642
• Add RFC document for Options architecture refactoring plan by @​Copilot in lostisland/faraday#1644
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in lostisland/faraday#1655
• Explicit top-level namespace reference by @​c960657 in lostisland/faraday#1657

New Contributors

• @​Copilot made their first contribution in lostisland/faraday#1642

Full Changelog: lostisland/faraday@v2.14.0...v2.14.1

v2.14.0

What's Changed

New features ✨

• Use newer UnprocessableContent naming for 422 by @​tylerhunt in lostisland/faraday#1638

Fixes 🐞

• Convert strings to UTF-8 by @​c960657 in lostisland/faraday#1624
• Fix Response#to_hash when response not finished yet by @​yykamei in lostisland/faraday#1639

Misc/Docs 📄

• Lint: use filter_map by @​olleolleolle in lostisland/faraday#1637
• Bump actions/checkout from v4 to v5 by @​dependabot[bot] in lostisland/faraday#1636
• Fixes documentation by @​dharamgollapudi in lostisland/faraday#1635

New Contributors

• @​c960657 made their first contribution in lostisland/faraday#1624
• @​dharamgollapudi made their first contribution in lostisland/faraday#1635
• @​tylerhunt made their first contribution in lostisland/faraday#1638

Full Changelog: lostisland/faraday@v2.13.4...v2.14.0

v2.13.4

What's Changed

• Improve error handling logic and add missing test coverage by @​iMacTia in lostisland/faraday#1633

Full Changelog: lostisland/faraday@v2.13.3...v2.13.4

v2.13.3

What's Changed

• Fix type assumption in Faraday::Error by @​iMacTia in lostisland/faraday#1630

... (truncated)

Changelog

Sourced from faraday's changelog.

Faraday Changelog

The changelog has moved!

This file is not being updated anymore. Instead, please check the Releases page.

2.2.0 (2022-02-03)

• Reintroduce the possibility to register middleware with symbols, strings or procs in #1391

2.1.0 (2022-01-15)

• Fix test adapter thread safety by @​iMacTia in #1380
• Add default adapter options by @​hirasawayuki in #1382
• CI: Add Ruby 3.1 to matrix by @​petergoldstein in #1374
• docs: fix regex pattern in logger.md examples by @​hirasawayuki in #1378

2.0.1 (2022-01-05)

• Re-add faraday-net_http as default adapter by @​iMacTia in #1366
• Updated sample format in UPGRADING.md by @​vimutter in #1361
• docs: Make UPGRADING examples more copyable by @​olleolleolle in #1363

2.0.0 (2022-01-04)

The next major release is here, and it comes almost 2 years after the release of v1.0!

This release changes the way you use Faraday and embraces a new paradigm of Faraday as an ecosystem, rather than a library.

What does that mean? It means that Faraday is less of a bundled tool and more of a framework for the community to build on top of.

As a result, all adapters and some middleware have moved out and are now shipped as standalone gems 🙌!

But this doesn't mean that upgrading from Faraday 1.x to Faraday 2.0 should be hard, in fact we've listed everything you need to do in the UPGRADING.md doc.

Moreover, we've setup a new awesome-faraday repository that will showcase a curated list of adapters and middleware 😎.

This release was the result of the efforts of the core team and all the contributors, new and old, that have helped achieve this milestone 👏.

What's Changed

• Autoloading, dependency loading and middleware registry cleanup by @​iMacTia in #1301
• Move JSON middleware (request and response) from faraday_middleware by @​iMacTia in #1300
• Remove deprecated Faraday::Request#method by @​olleolleolle in #1303
• Remove deprecated Faraday::UploadIO by @​iMacTia in #1307
• [1.x] Deprecate Authorization helpers in Faraday::Connection by @​iMacTia in #1306
• Drop deprecated auth helpers from Connection and refactor auth middleware by @​iMacTia in #1308
• Add Faraday 1.x examples in authentication.md docs by @​iMacTia in #1320
• Fix passing a URL with embedded basic auth by @​iMacTia in #1324
• Register JSON middleware by @​mollerhoj in #1331

... (truncated)

Commits

• 16cbd38 Version bump to 2.14.1
• a6d3a3a Merge commit from fork
• b23f710 Explicit top-level namespace reference (#1657)
• 49ba4ac Bump actions/checkout from 5 to 6 (#1655)
• 51a49bc Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...
• 894f65c Add RFC document for Options architecture refactoring plan (#1644)
• 397e3de Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...
• d98c65c Update Faraday-specific AI agent guidelines
• 56c18ec Add AI agent guidelines specific to Faraday repository
• 3201a42 Version bump to 2.14.0
• Additional commits viewable in compare view

Updates nokogiri from 1.11.3 to 1.19.0

Release notes

Sourced from nokogiri's releases.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

• Introduce native gem support for Ruby 4.0. #3590
• End support for Ruby 3.1, for which upstream support ended 2025-03-26.
• End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).

11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem
eb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem
572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem
23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem
0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem
5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem
05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem
1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem
f482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem
1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem
e304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem

v1.18.10 / 2025-09-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.9. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.
• [CRuby] [Windows and MacOS] Vendored libiconv is updated to v1.18

7fb87235d729c74a2be635376d82b1d459230cc17c50300f8e4fcaabc6195344  nokogiri-1.18.10-aarch64-linux-gnu.gem
7e74e58314297cc8a8f1b533f7212d1999dbe2639a9ee6d97b483ea2acc18944  nokogiri-1.18.10-aarch64-linux-musl.gem
51f4f25ab5d5ba1012d6b16aad96b840a10b067b93f35af6a55a2c104a7ee322  nokogiri-1.18.10-arm-linux-gnu.gem
1c6ea754e51cecc85c30ee8ab1e6aa4ce6b6e134d01717e9290e79374a9e00aa  nokogiri-1.18.10-arm-linux-musl.gem
c2b0de30770f50b92c9323fa34a4e1cf5a0af322afcacd239cd66ee1c1b22c85  nokogiri-1.18.10-arm64-darwin.gem
cd431a09c45d84a2f870ba0b7e8f571199b3727d530f2b4888a73639f76510b5  nokogiri-1.18.10-java.gem
64f40d4a41af9f7f83a4e236ad0cf8cca621b97e31f727b1bebdae565a653104  nokogiri-1.18.10-x64-mingw-ucrt.gem
536e74bed6db2b5076769cab5e5f5af0cd1dccbbd75f1b3e1fa69d1f5c2d79e2  nokogiri-1.18.10-x86_64-darwin.gem
ff5ba26ba2dbce5c04b9ea200777fd225061d7a3930548806f31db907e500f72  nokogiri-1.18.10-x86_64-linux-gnu.gem
0651fccf8c2ebbc2475c8b1dfd7ccac3a0a6d09f8a41b72db8c21808cb483385  nokogiri-1.18.10-x86_64-linux-musl.gem
d5cc0731008aa3b3a87b361203ea3d19b2069628cb55e46ac7d84a0445e69cc1  nokogiri-1.18.10.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

• Introduce native gem support for Ruby 4.0. #3590
• End support for Ruby 3.1, for which upstream support ended 2025-03-26.
• End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).

v1.18.10 / 2025-09-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.9. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.
• [CRuby] [Windows and MacOS] Vendored libiconv is updated to v1.18

v1.18.9 / 2025-07-20

Security

• [CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See GHSA-353f-x4gh-cqq8 for more information.

v1.18.8 / 2025-04-21

Security

• [CRuby] Vendored libxml2 is updated to v2.13.8 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc for more information.

v1.18.7 / 2025-03-31

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.7, which is a bugfix release.

v1.18.6 / 2025-03-24

Fixed

• [JRuby] In HTML documents, Node#attribute now returns the correct attribute. This has been broken, and returning nil, since v1.17.0. (#3487) @​flavorjones

v1.18.5 / 2025-03-19

Fixed

... (truncated)

Commits

• d77bfb6 version bump to v1.19.0
• 1eb5c2c dev: convert scripts/test-gem-set to use mise
• 88a120f dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (#3592)
• f8c8f74 Skip the parser compression test for Windows system libs
• e91c0fc ci: temporarily pin to setup-ruby with windows ruby 4
• 1b08acc dep: update to minitest 6
• 404487d dep: require JRuby >= 10.0
• 19b22ea dep: add support for native Ruby 4.0 gem
• ec57d11 ci: bump versions in CI images
• f7b640f ci: avoid bundler collisions in downstream tests
• Additional commits viewable in compare view

Updates rexml from 3.2.5 to 3.4.2

Release notes

Sourced from rexml's releases.

REXML 3.4.2 - 2025-08-26

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Changelog

Sourced from rexml's changelog.

3.4.2 - 2025-08-26 {#version-3-4-2}

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Commits

• f36916f Add 3.4.2 entry (#284)
• 5859bde Added XML declaration check & Source#skip_spaces method (#282)
• 1d876e3 Bump actions/checkout from 4 to 5 (#283)
• c87bda8 Remove ostruct from dev deps (#281)
• c60ae02 Remove bundler from dev deps (#277)
• 9b084d7 Fix & Deprecate REXML::Text#text_indent (#275)
• 04a589a Fix a bug that XPath can't be used for no document element (#268)
• 66232ea Remove redundant return statements (#266)
• 63f3e97 Use Safe Navigation (&.) from Ruby 2.3 (#265)
• d427fc5 Avoid redundant calls for doctype (#264)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
rubygems/activesupport	6.1.7.5	🟢 5.8	Details Check Score Reason Code-Review 🟢 6 Found 11/17 approved changesets -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 7 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 39 existing vulnerabilities detected
rubygems/addressable	2.8.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Packaging 🟢 10 packaging workflow detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
rubygems/commonmarker	0.23.12	🟢 4.7	Details Check Score Reason Code-Review ⚠️ 1 Found 1/7 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/concurrent-ruby	1.3.6	🟢 5.2	Details Check Score Reason Code-Review 🟢 4 Found 11/25 approved changesets -- score normalized to 4 Maintained 🟢 10 17 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/faraday	2.14.1	🟢 5.6	Details Check Score Reason Maintained 🟢 10 4 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Code-Review 🟢 5 Found 13/26 approved changesets -- score normalized to 5 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 3 7 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/faraday-net_http	3.4.2	🟢 4	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 3 Found 8/26 approved changesets -- score normalized to 3 Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/github-pages	228	🟢 6.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/github-pages-health-check	1.17.9	Unknown	Unknown
rubygems/i18n	1.14.8	🟢 5.1	Details Check Score Reason Code-Review 🟢 6 Found 8/13 approved changesets -- score normalized to 6 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 7 8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/jekyll	3.9.3	🟢 6.4	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Code-Review 🟢 4 Found 14/30 approved changesets -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 8 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 7 SAST tool detected but not run on all commits
rubygems/jekyll-commonmark	1.4.0	Unknown	Unknown
rubygems/jekyll-commonmark-ghpages	0.4.0	Unknown	Unknown
rubygems/jekyll-seo-tag	2.8.0	🟢 4.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 4 Found 12/30 approved changesets -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/jekyll-theme-architect	0.2.0	Unknown	Unknown
rubygems/jekyll-theme-cayman	0.2.0	🟢 3.8	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 1/17 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/jekyll-theme-dinky	0.2.0	Unknown	Unknown
rubygems/jekyll-theme-hacker	0.2.0	🟢 3.9	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 1 Found 3/16 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/jekyll-theme-leap-day	0.2.0	Unknown	Unknown
rubygems/jekyll-theme-merlot	0.2.0	Unknown	Unknown
rubygems/jekyll-theme-midnight	0.2.0	Unknown	Unknown
rubygems/jekyll-theme-minimal	0.2.0	🟢 3.8	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 0 Found 2/21 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/jekyll-theme-modernist	0.2.0	Unknown	Unknown
rubygems/jekyll-theme-primer	0.6.0	Unknown	Unknown
rubygems/jekyll-theme-slate	0.2.0	Unknown	Unknown
rubygems/jekyll-theme-tactile	0.2.0	Unknown	Unknown
rubygems/jekyll-theme-time-machine	0.2.0	Unknown	Unknown
rubygems/json	2.18.1	Unknown	Unknown
rubygems/kramdown	2.3.2	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Maintained 🟢 7 4 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ -1 no dependencies found Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 9 security policy file detected
rubygems/liquid	4.0.4	🟢 7	Details Check Score Reason Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 15 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 9 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/logger	1.7.0	Unknown	Unknown
rubygems/mini_portile2	2.8.9	🟢 4.7	Details Check Score Reason Code-Review ⚠️ 2 Found 5/17 approved changesets -- score normalized to 2 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/minitest	6.0.1	Unknown	Unknown
rubygems/net-http	0.9.1	Unknown	Unknown
rubygems/nokogiri	1.19.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 3 Found 4/13 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 15 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts ⚠️ 1 binaries present in source code Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices 🟢 5 badge detected: Passing Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
rubygems/octokit	4.25.1	🟢 5.8	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 8 Found 13/15 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 7 SAST tool detected but not run on all commits
rubygems/prism	1.9.0	Unknown	Unknown
rubygems/public_suffix	4.0.7	🟢 5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 0/16 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/rexml	3.4.2	🟢 4.7	Details Check Score Reason Code-Review 🟢 8 Found 24/28 approved changesets -- score normalized to 8 Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/sawyer	0.9.3	🟢 3.6	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/uri	1.1.1	🟢 5	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 16 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Code-Review 🟢 4 Found 6/13 approved changesets -- score normalized to 4 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/zeitwerk	2.7.4	🟢 4.5	Details Check Score Reason Maintained 🟢 10 14 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Code-Review ⚠️ 1 Found 3/25 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• Gemfile.lock