Release notes
*Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).*
> ## v1.2.3
> * Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376))
> * Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390)
> * Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376))
>
> Tooling / Documentation:
>
> * CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394)
> * Bump supported ruby versions and add 2.6
> * JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371))
> * Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387)
> * Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385)
>
> Since the GitHub release information for 1.2.2 is missing, I will also include it here:
>
> ### 1.2.2
>
> NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555 for details.
>
> * Fix CVE-2018-1000544 [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376) / [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)
> * Fix NoMethodError: undefined method `glob' [#363](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363)
> * Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set [#358](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358)
> * Fix `close` on StringIO-backed zip file [#353](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353)
> * Add `Zip.force_entry_names_encoding` option [#340](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340)
> * Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes [#332](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332), [#355](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355)
> * Save temporary files to temporary directory (rather than current directory) [#325](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325)
>
> Tooling / Documentation:
>
> * Turn off all terminal output in all tests [#361](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/361)
> * Several CI updates [#346](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/346), [#347](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/347), [#350](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/350), [#352](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/352)
> * Several README improvements [#345](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/345), [#326](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/326), [#321](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/321)
>
> ## v1.2.1
> - Add accessor to [@internal](https://github.com/internal)_file_attributes [#304](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/304)
> - Extended globbing [#303](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/303)
> - README updates [#283](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/283), [#289](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/289)
> - Cleanup after tests [#298](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/298), [#306](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/306)
> - Fix permissions on new zip files [#294](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/294), [#300](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/300)
> - Fix examples [#297](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/297)
> - Support cp932 encoding [#308](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/308)
> - Fix Directory traversal vulnerability [#315](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/315)
> - Allow open_buffer to work without a given block [#314](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/314)
>
> ## v1.2.0
> - Don't enable JRuby objectspace [#252](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/252)
> - Fixes an exception thrown when decoding some weird .zip files [#248](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/248)
> - Use duck typing with IO methods [#244](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/244)
> - Added error for empty (zero bit) zip file [#242](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/242)
> - Accept StringIO in Zip.open_buffer [#238](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/238)
> ... (truncated)
Changelog
*Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).*
> # 1.2.3
>
> - Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376))
> - Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390)
> - Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376))
>
> Tooling / Documentation:
>
> - CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394)
> - Bump supported ruby versions and add 2.6
> - JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371))
> - Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387)
> - Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385)
>
> # 1.2.2
>
> NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555 for details.
>
> - Fix CVE-2018-1000544 [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376) / [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)
> - Fix NoMethodError: undefined method `glob' [#363](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363)
> - Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set [#358](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358)
> - Fix `close` on StringIO-backed zip file [#353](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353)
> - Add `Zip.force_entry_names_encoding` option [#340](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340)
> - Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes [#332](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332), [#355](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355)
> - Save temporary files to temporary directory (rather than current directory) [#325](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325)
>
> Tooling / Documentation:
>
> - Turn off all terminal output in all tests [#361](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/361)
> - Several CI updates [#346](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/346), [#347](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/347), [#350](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/350), [#352](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/352)
> - Several README improvements [#345](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/345), [#326](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/326), [#321](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/321)
>
> # 1.2.1
>
> - Add accessor to [@internal](https://github.com/internal)_file_attributes [#304](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/304)
> - Extended globbing [#303](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/303)
> - README updates [#283](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/283), [#289](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/289)
> - Cleanup after tests [#298](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/298), [#306](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/306)
> - Fix permissions on new zip files [#294](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/294), [#300](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/300)
> - Fix examples [#297](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/297)
> - Support cp932 encoding [#308](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/308)
> - Fix Directory traversal vulnerability [#315](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/315)
> - Allow open_buffer to work without a given block [#314](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/314)
>
> # 1.2.0
>
> - Don't enable JRuby objectspace [#252](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/252)
> - Fixes an exception thrown when decoding some weird .zip files [#248](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/248)
> - Use duck typing with IO methods [#244](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/244)
> - Added error for empty (zero bit) zip file [#242](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/242)
> ... (truncated)
Commits
- See full diff in [compare view](https://github.com/rubyzip/rubyzip/commits/v1.2.3)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ryanb/railscasts/network/alerts).
Bumps rubyzip from 0.9.4 to 1.2.3.
Release notes
*Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).* > ## v1.2.3 > * Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > * Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390) > * Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > > Tooling / Documentation: > > * CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394) > * Bump supported ruby versions and add 2.6 > * JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)) > * Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387) > * Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385) > > Since the GitHub release information for 1.2.2 is missing, I will also include it here: > > ### 1.2.2 > > NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555 for details. > > * Fix CVE-2018-1000544 [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376) / [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371) > * Fix NoMethodError: undefined method `glob' [#363](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363) > * Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set [#358](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358) > * Fix `close` on StringIO-backed zip file [#353](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353) > * Add `Zip.force_entry_names_encoding` option [#340](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340) > * Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes [#332](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332), [#355](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355) > * Save temporary files to temporary directory (rather than current directory) [#325](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325) > > Tooling / Documentation: > > * Turn off all terminal output in all tests [#361](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/361) > * Several CI updates [#346](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/346), [#347](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/347), [#350](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/350), [#352](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/352) > * Several README improvements [#345](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/345), [#326](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/326), [#321](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/321) > > ## v1.2.1 > - Add accessor to [@internal](https://github.com/internal)_file_attributes [#304](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/304) > - Extended globbing [#303](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/303) > - README updates [#283](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/283), [#289](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/289) > - Cleanup after tests [#298](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/298), [#306](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/306) > - Fix permissions on new zip files [#294](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/294), [#300](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/300) > - Fix examples [#297](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/297) > - Support cp932 encoding [#308](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/308) > - Fix Directory traversal vulnerability [#315](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/315) > - Allow open_buffer to work without a given block [#314](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/314) > > ## v1.2.0 > - Don't enable JRuby objectspace [#252](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/252) > - Fixes an exception thrown when decoding some weird .zip files [#248](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/248) > - Use duck typing with IO methods [#244](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/244) > - Added error for empty (zero bit) zip file [#242](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/242) > - Accept StringIO in Zip.open_buffer [#238](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/238) > ... (truncated)Changelog
*Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).* > # 1.2.3 > > - Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > - Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390) > - Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > > Tooling / Documentation: > > - CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394) > - Bump supported ruby versions and add 2.6 > - JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)) > - Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387) > - Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385) > > # 1.2.2 > > NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555 for details. > > - Fix CVE-2018-1000544 [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376) / [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371) > - Fix NoMethodError: undefined method `glob' [#363](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363) > - Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set [#358](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358) > - Fix `close` on StringIO-backed zip file [#353](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353) > - Add `Zip.force_entry_names_encoding` option [#340](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340) > - Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes [#332](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332), [#355](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355) > - Save temporary files to temporary directory (rather than current directory) [#325](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325) > > Tooling / Documentation: > > - Turn off all terminal output in all tests [#361](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/361) > - Several CI updates [#346](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/346), [#347](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/347), [#350](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/350), [#352](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/352) > - Several README improvements [#345](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/345), [#326](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/326), [#321](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/321) > > # 1.2.1 > > - Add accessor to [@internal](https://github.com/internal)_file_attributes [#304](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/304) > - Extended globbing [#303](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/303) > - README updates [#283](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/283), [#289](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/289) > - Cleanup after tests [#298](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/298), [#306](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/306) > - Fix permissions on new zip files [#294](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/294), [#300](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/300) > - Fix examples [#297](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/297) > - Support cp932 encoding [#308](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/308) > - Fix Directory traversal vulnerability [#315](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/315) > - Allow open_buffer to work without a given block [#314](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/314) > > # 1.2.0 > > - Don't enable JRuby objectspace [#252](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/252) > - Fixes an exception thrown when decoding some weird .zip files [#248](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/248) > - Use duck typing with IO methods [#244](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/244) > - Added error for empty (zero bit) zip file [#242](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/242) > ... (truncated)Commits
- See full diff in [compare view](https://github.com/rubyzip/rubyzip/commits/v1.2.3)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ryanb/railscasts/network/alerts).