🚨 [security] Update github-pages 228 → 229 (major)

depfu[bot] commented 5 months ago

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ github-pages (228 → 229) · Repo

Release Notes

229

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

↗️ activesupport (indirect, 7.0.7 → 7.1.3) · Repo · Changelog

Security Advisories 🚨

🚨 Possible File Disclosure of Locally Encrypted Files

Release Notes

7.1.3 (from changelog)

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

7.0.8 (from changelog)

7.0.7.2 (from changelog)

7.0.7.1 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ addressable (indirect, 2.8.5 → 2.8.6) · Repo · Changelog

Release Notes

2.8.6 (from changelog)

Does any of this look wrong? Please let us know.

↗️ coffee-script-source (indirect, 1.11.1 → 1.12.2)

Sorry, we couldn't find anything useful about this release.

↗️ concurrent-ruby (indirect, 1.2.2 → 1.2.3) · Repo · Changelog

Release Notes

1.2.3

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ execjs (indirect, 2.8.1 → 2.9.1) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ faraday (indirect, 2.7.10 → 2.9.0) · Repo · Changelog

Release Notes

2.7.11

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ faraday-net_http (indirect, 3.0.2 → 3.1.0) · Repo · Changelog

Release Notes

3.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ffi (indirect, 1.15.5 → 1.16.3) · Repo · Changelog

Release Notes

1.16.3 (from changelog)

1.16.2 (from changelog)

1.16.1 (from changelog)

1.16.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ gemoji (indirect, 3.0.1 → 4.1.0) · Repo

Release Notes

4.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ github-pages-health-check (indirect, 1.17.9 → 1.18.2) · Repo

Release Notes

1.18.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll (indirect, 3.9.3 → 3.9.4) · Repo · Changelog

Release Notes

3.9.4

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-avatar (indirect, 0.7.0 → 0.8.0) · Repo · Changelog

Release Notes

0.8.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-coffeescript (indirect, 1.1.1 → 1.2.2) · Repo · Changelog

Release Notes

1.2.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-default-layout (indirect, 0.1.4 → 0.1.5) · Repo

Release Notes

0.1.5

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-feed (indirect, 0.15.1 → 0.17.0) · Repo · Changelog

Release Notes

0.16.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-github-metadata (indirect, 2.13.0 → 2.16.1) · Repo · Changelog

Release Notes

2.14.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-relative-links (indirect, 0.6.1 → 0.7.0) · Repo

Release Notes

0.7.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jemoji (indirect, 0.12.0 → 0.13.0) · Repo · Changelog

Release Notes

0.13.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ kramdown (indirect, 2.3.2 → 2.4.0) · Repo · Changelog

↗️ mini_portile2 (indirect, 2.8.4 → 2.8.5) · Repo · Changelog

Release Notes

2.8.5

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ minitest (indirect, 5.19.0 → 5.22.2) · Repo · Changelog

Release Notes

5.22.2 (from changelog)

5.22.1 (from changelog)

5.22.0 (from changelog)

5.21.2 (from changelog)

5.21.1 (from changelog)

5.21.0 (from changelog)

5.20.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.15.4 → 1.16.2) · Repo · Changelog

Security Advisories 🚨

🚨 Improper Handling of Unexpected Data Type in Nokogiri

Release Notes

1.15.5

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ public_suffix (indirect, 4.0.7 → 5.0.4) · Repo · Changelog

Release Notes

5.0.4 (from changelog)

5.0.3 (from changelog)

5.0.1 (from changelog)

5.0.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ racc (indirect, 1.7.1 → 1.7.3) · Repo · Changelog

Release Notes

1.7.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rouge (indirect, 3.26.0 → 3.30.0) · Repo · Changelog

Release Notes

3.27.0 (from changelog)

3.26.1 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ typhoeus (indirect, 1.4.0 → 1.4.1) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ unf_ext (indirect, 0.0.8.2 → 0.0.9.1) · Repo · Changelog

Release Notes

0.0.9.1 (from changelog)

0.0.9 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🆕 base64 (added, 0.2.0)

🆕 bigdecimal (added, 3.1.6)

🆕 connection_pool (added, 2.4.1)

🆕 drb (added, 2.2.0)

🆕 mutex_m (added, 0.2.0)

🆕 net-http (added, 0.4.1)

🆕 uri (added, 0.13.0)

Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

semanticdiff-com[bot] commented 5 months ago

Review changes with SemanticDiff.

performance-testing-bot[bot] commented 5 months ago

Unable to locate .performanceTestingBot config file

pull-request-quantifier-deprecated[bot] commented 5 months ago

This PR has 108 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

Quantification details

``` Label : Medium Size : +61 -47 Percentile : 41.6% Total files changed: 1 Change summary by file extension: .lock : +61 -47 ``` > Change counts above are quantified counts, based on the [PullRequestQuantifier customizations](https://github.com/microsoft/PullRequestQuantifier/blob/main/docs/prquantifier-yaml.md).

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a balance between between PR complexity and PR review overhead. PRs within the optimal size (typical small, or medium sized PRs) mean: - Fast and predictable releases to production: - Optimal size changes are more likely to be reviewed faster with fewer iterations. - Similarity in low PR complexity drives similar review times. - Review quality is likely higher as complexity is lower: - Bugs are more likely to be detected. - Code inconsistencies are more likely to be detected. - Knowledge sharing is improved within the participants: - Small portions can be assimilated better. - Better engineering practices are exercised: - Solving big problems by dividing them in well contained, smaller problems. - Exercising separation of concerns within the code changes. #### What can I do to optimize my changes - Use the PullRequestQuantifier to quantify your PR accurately - Create a context profile for your repo using the [context generator](https://github.com/microsoft/PullRequestQuantifier/releases) - Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the `Excluded` section from your `prquantifier.yaml` context profile. - Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your `prquantifier.yaml` context profile. - Only use the labels that matter to you, [see context specification](./docs/prquantifier-yaml.md) to customize your `prquantifier.yaml` context profile. - Change your engineering behaviors - For PRs that fall outside of the desired spectrum, review the details and check if: - Your PR could be split in smaller, self-contained PRs instead - Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR). #### How to interpret the change counts in git diff output - One line was added: `+1 -0` - One line was deleted: `+0 -1` - One line was modified: `+1 -1` (git diff doesn't know about modified, it will interpret that line like one addition plus one deletion) - Change percentiles: Change characteristics (addition, deletion, modification) of this PR in relation to all other PRs within the repository.

Was this comment helpful? :thumbsup: :ok_hand: :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.

squash-labs[bot] commented 5 months ago

Manage this branch in Squash

Test this branch here: https://depfuupdategithub-pages-229-vz1ec.squash.io

vizipi[bot] commented 5 months ago

Pull request analysis by VIZIPI

Below you will find who is the most qualified team member to review your code. This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below ) Feedback always welcome

Reviewers with knowledge related to these changes

Match %	Person	Commit Count	Common Files
100.00%	GitHub Teacher	4	1
100.00%	reedhhw	2	1

Potential missing files from this Pull request

No commonly committed files found with a 40% threashold

Committed file ranks

(click to expand)

99.13%[Gemfile.lock]

reedhhw / github-slideshow