spohlenz
commented
1 month ago Your point about dependabot updates looking suspicious is a good one. I've created a new tag and release: https://github.com/spohlenz/tinymce-rails/releases/tag/v4.9.11.1
Closed doconnor-clintel closed 1 month ago
spohlenz
commented
1 month ago Your point about dependabot updates looking suspicious is a good one. I've created a new tag and release: https://github.com/spohlenz/tinymce-rails/releases/tag/v4.9.11.1
doconnor-clintel
commented
1 month ago Thanks!
Hi @spohlenz https://rubygems.org/gems/tinymce-rails/versions/4.9.11.1 was published on May 9th, but there's no tag, release notes or similar.
Looking at https://github.com/spohlenz/tinymce-rails/commits/tinymce-4/ there's actually a fairly substantial changes (Rails 6 -> 7)
https://github.com/spohlenz/tinymce-rails/compare/v4.9.11...tinymce-4
This looks a bit suspect in dependabot updates; like there's a supply chain attack or similar
Could you perhaps do a github release or create a specific tag?