kobaltz
commented
1 year ago Thanks for letting me know. I noticed that the TravisCI wasn't running the specs and got distracted with getting GitHub Actions put in place so that the tests would still be running. I've created this tag, but wasn't able to select back to the actual commit to get it in sync through the UI so I went ahead and bumped the version again with the changes from the Github Actions effort. Thanks again!
https://rubygems.org/gems/clamby/versions/1.6.9 and https://github.com/kobaltz/clamby/commit/52b6ff47d12f30470ab0a8b05fa96308f130f3aa are out, but there's no tag/release/etc.
As a result, Dependabot can't show the changes
Impact: this looks slightly like a dodgy release by a malicious actor who has potentially compromised your rubygems account. As clamby is used for AV scanning, it's a plausible target. The reality is it's a non issue, but it seems alarming at first glance!