{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":524204103,"defaultBranch":"main","name":"rspec-viewcomponent","ownerLogin":"ViewComponent","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-08-12T19:34:08.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/93401166?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1680618969.0","currentOid":""},"activityList":{"items":[{"before":"878522dc71daf828cb2161886aa785884d55e57a","after":null,"ref":"refs/heads/dependabot/bundler/rails-html-sanitizer-1.5.0","pushedAt":"2023-04-04T14:36:09.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"cfd238273cd36ea4e646ae0d3e02492486864499","after":"83fafc91b6d861180605e567b1cc0fe1cf309935","ref":"refs/heads/main","pushedAt":"2023-04-04T14:36:00.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"boardfish","name":"Simon Fish","path":"/boardfish","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/20680337?s=80&v=4"},"commit":{"message":"Bump rails-html-sanitizer from 1.4.3 to 1.5.0 (#11)\n\nBumps\r\n[rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer)\r\nfrom 1.4.3 to 1.5.0.\r\n<details>\r\n<summary>Release notes</summary>\r\n<p><em>Sourced from <a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/releases\">rails-html-sanitizer's\r\nreleases</a>.</em></p>\r\n<blockquote>\r\n<h2>1.5.0 / 2023-01-20</h2>\r\n<ul>\r\n<li>\r\n<p><code>SafeListSanitizer</code>, <code>PermitScrubber</code>, and\r\n<code>TargetScrubber</code> now all support pruning of unsafe tags.</p>\r\n<p>By default, unsafe tags are still stripped, but this behavior can be\r\nchanged to prune the element\r\nand its children from the document by passing <code>prune: true</code>\r\nto any of these classes' constructors.</p>\r\n<p><em><a\r\nhref=\"https://github.com/seyerian\"><code>@​seyerian</code></a></em></p>\r\n</li>\r\n</ul>\r\n<h2>1.4.4 / 2022-12-13</h2>\r\n<ul>\r\n<li>\r\n<p>Address inefficient regular expression complexity with certain\r\nconfigurations of Rails::Html::Sanitizer.</p>\r\n<p>Fixes CVE-2022-23517. See <a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w\">GHSA-5x79-w82f-gw8w</a>\r\nfor more information.</p>\r\n<p><em>Mike Dalessio</em></p>\r\n</li>\r\n<li>\r\n<p>Address improper sanitization of data URIs.</p>\r\n<p>Fixes CVE-2022-23518 and <a\r\nhref=\"https://redirect.github.com/rails/rails-html-sanitizer/issues/135\">#135</a>.\r\nSee <a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m\">GHSA-mcvf-2q2m-x72m</a>\r\nfor more information.</p>\r\n<p><em>Mike Dalessio</em></p>\r\n</li>\r\n<li>\r\n<p>Address possible XSS vulnerability with certain configurations of\r\nRails::Html::Sanitizer.</p>\r\n<p>Fixes CVE-2022-23520. See <a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8\">GHSA-rrfc-7g8p-99q8</a>\r\nfor more information.</p>\r\n<p><em>Mike Dalessio</em></p>\r\n</li>\r\n<li>\r\n<p>Address possible XSS vulnerability with certain configurations of\r\nRails::Html::Sanitizer.</p>\r\n<p>Fixes CVE-2022-23519. See <a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h\">GHSA-9h9g-93gc-623h</a>\r\nfor more information.</p>\r\n<p><em>Mike Dalessio</em></p>\r\n</li>\r\n</ul>\r\n</blockquote>\r\n</details>\r\n<details>\r\n<summary>Changelog</summary>\r\n<p><em>Sourced from <a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/blob/main/CHANGELOG.md\">rails-html-sanitizer's\r\nchangelog</a>.</em></p>\r\n<blockquote>\r\n<h2>1.5.0 / 2023-01-20</h2>\r\n<ul>\r\n<li>\r\n<p><code>SafeListSanitizer</code>, <code>PermitScrubber</code>, and\r\n<code>TargetScrubber</code> now all support pruning of unsafe tags.</p>\r\n<p>By default, unsafe tags are still stripped, but this behavior can be\r\nchanged to prune the element\r\nand its children from the document by passing <code>prune: true</code>\r\nto any of these classes' constructors.</p>\r\n<p><em>seyerian</em></p>\r\n</li>\r\n</ul>\r\n<h2>1.4.4 / 2022-12-13</h2>\r\n<ul>\r\n<li>\r\n<p>Address inefficient regular expression complexity with certain\r\nconfigurations of Rails::Html::Sanitizer.</p>\r\n<p>Fixes CVE-2022-23517. See\r\n<a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w\">GHSA-5x79-w82f-gw8w</a>\r\nfor more information.</p>\r\n<p><em>Mike Dalessio</em></p>\r\n</li>\r\n<li>\r\n<p>Address improper sanitization of data URIs.</p>\r\n<p>Fixes CVE-2022-23518 and <a\r\nhref=\"https://redirect.github.com/rails/rails-html-sanitizer/issues/135\">#135</a>.\r\nSee\r\n<a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m\">GHSA-mcvf-2q2m-x72m</a>\r\nfor more information.</p>\r\n<p><em>Mike Dalessio</em></p>\r\n</li>\r\n<li>\r\n<p>Address possible XSS vulnerability with certain configurations of\r\nRails::Html::Sanitizer.</p>\r\n<p>Fixes CVE-2022-23520. See\r\n<a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8\">GHSA-rrfc-7g8p-99q8</a>\r\nfor more information.</p>\r\n<p><em>Mike Dalessio</em></p>\r\n</li>\r\n<li>\r\n<p>Address possible XSS vulnerability with certain configurations of\r\nRails::Html::Sanitizer.</p>\r\n<p>Fixes CVE-2022-23519. See\r\n<a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h\">GHSA-9h9g-93gc-623h</a>\r\nfor more information.</p>\r\n<p><em>Mike Dalessio</em></p>\r\n</li>\r\n</ul>\r\n</blockquote>\r\n</details>\r\n<details>\r\n<summary>Commits</summary>\r\n<ul>\r\n<li><a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/commit/a337ec8a348b15a5ae52c5698cbf38dbc50bf34d\"><code>a337ec8</code></a>\r\nversion bump to v1.5.0</li>\r\n<li><a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/commit/459f1cdf32adbd6e17d65505e416d168fab212bc\"><code>459f1cd</code></a>\r\nMerge pull request <a\r\nhref=\"https://redirect.github.com/rails/rails-html-sanitizer/issues/149\">#149</a>\r\nfrom kyoshidajp/update-checkout-v3</li>\r\n<li><a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/commit/23ac131774ea28aea192576d83d88d9efda64f5d\"><code>23ac131</code></a>\r\nBump actions/checkout from 2 to 3</li>\r\n<li><a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/commit/79bc10bc0cb07624c43a66899f16385b7dab4f76\"><code>79bc10b</code></a>\r\nMerge pull request <a\r\nhref=\"https://redirect.github.com/rails/rails-html-sanitizer/issues/147\">#147</a>\r\nfrom rails/flavorjones-port-1.4.4-changes</li>\r\n<li><a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/commit/9ef5975c969949750806cd684ce719ad6d6a08cf\"><code>9ef5975</code></a>\r\ndev: set version to 1.5.0.dev</li>\r\n<li><a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/commit/e31343f01c6e2a08c8f35bfd531792a3c1786c92\"><code>e31343f</code></a>\r\ndoc: changelog entry for 1.4.4</li>\r\n<li><a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/commit/e8cbe25634fc7455b80a5f8569b82e5c93dd580c\"><code>e8cbe25</code></a>\r\ndep: bump dependency on loofah</li>\r\n<li><a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b\"><code>373fc62</code></a>\r\nfix: escape CDATA nodes using Loofah's escaping methods</li>\r\n<li><a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/commit/68ccf7e1dbaa425cc4a8651d5f583e754ef5061c\"><code>68ccf7e</code></a>\r\nrevert 45a5c10</li>\r\n<li><a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/commit/bb6dfcbaaf9c5c8c4f77555557693c08d4d4ab48\"><code>bb6dfcb</code></a>\r\nfix: use Loofah's scrub_uri_attribute method</li>\r\n<li>Additional commits viewable in <a\r\nhref=\"https://github.com/rails/rails-html-sanitizer/compare/v1.4.3...v1.5.0\">compare\r\nview</a></li>\r\n</ul>\r\n</details>\r\n<br />\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rails-html-sanitizer&package-manager=bundler&previous-version=1.4.3&new-version=1.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n<details>\r\n<summary>Dependabot commands and options</summary>\r\n<br />\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/ViewComponent/rspec-viewcomponent/network/alerts).\r\n\r\n</details>\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump rails-html-sanitizer from 1.4.3 to 1.5.0 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1653881704\" data-permission-text=\"Title is private\" data-url=\"https://github.com/ViewComponent/rspec-viewcomponent/issues/11\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/ViewComponent/rspec-viewcomponent/pull/11/hovercard\" href=\"https://github.com/ViewComponent/rspec-viewcomponent/pull/11\">#11</a>)"}},{"before":"4c3b4cbd319f349c22a9fc7425ee4042aa1b67ef","after":null,"ref":"refs/heads/dependabot/bundler/loofah-2.20.0","pushedAt":"2023-04-04T14:35:58.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"a7bbe3a526992534e41514a5c1be18b9b2b18280","after":"cfd238273cd36ea4e646ae0d3e02492486864499","ref":"refs/heads/main","pushedAt":"2023-04-04T14:35:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"boardfish","name":"Simon Fish","path":"/boardfish","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/20680337?s=80&v=4"},"commit":{"message":"Bump loofah from 2.18.0 to 2.20.0 (#10)\n\nBumps [loofah](https://github.com/flavorjones/loofah) from 2.18.0 to\r\n2.20.0.\r\n<details>\r\n<summary>Release notes</summary>\r\n<p><em>Sourced from <a\r\nhref=\"https://github.com/flavorjones/loofah/releases\">loofah's\r\nreleases</a>.</em></p>\r\n<blockquote>\r\n<h2>2.20.0 / 2023-04-01</h2>\r\n<h3>Features</h3>\r\n<ul>\r\n<li>Allow SVG attributes <code>color-profile</code>,\r\n<code>cursor</code>, <code>filter</code>, <code>marker</code>, and\r\n<code>mask</code>. [<a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/246\">#246</a>]</li>\r\n<li>Allow SVG elements <code>altGlyph</code>, <code>cursor</code>,\r\n<code>feImage</code>, <code>pattern</code>, and <code>tref</code>. [<a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/246\">#246</a>]</li>\r\n<li>Allow protocols <code>fax</code> and <code>modem</code>. [<a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/255\">#255</a>]\r\n(Thanks, <a\r\nhref=\"https://github.com/cjba7\"><code>@​cjba7</code></a>!)</li>\r\n</ul>\r\n<h2>2.19.1 / 2022-12-13</h2>\r\n<h3>Security</h3>\r\n<ul>\r\n<li>Address CVE-2022-23514, inefficient regular expression complexity.\r\nSee <a\r\nhref=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh\">GHSA-486f-hjj9-9vhh</a>\r\nfor more information.</li>\r\n<li>Address CVE-2022-23515, improper neutralization of data URIs. See <a\r\nhref=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx\">GHSA-228g-948r-83gx</a>\r\nfor more information.</li>\r\n<li>Address CVE-2022-23516, uncontrolled recursion. See <a\r\nhref=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm\">GHSA-3x8r-x6xp-q4vm</a>\r\nfor more information.</li>\r\n</ul>\r\n<h2>2.19.0 / 2022-09-14</h2>\r\n<h3>Features</h3>\r\n<ul>\r\n<li>Allow SVG 1.0 color keyword names in CSS attributes. These colors\r\nare part of the <a\r\nhref=\"https://www.w3.org/TR/css-color-3/#svg-color\">CSS Color Module\r\nLevel 3</a> recommendation released 2022-01-18. [<a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/243\">#243</a>]</li>\r\n</ul>\r\n</blockquote>\r\n</details>\r\n<details>\r\n<summary>Changelog</summary>\r\n<p><em>Sourced from <a\r\nhref=\"https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md\">loofah's\r\nchangelog</a>.</em></p>\r\n<blockquote>\r\n<h2>2.20.0 / 2023-04-01</h2>\r\n<h3>Features</h3>\r\n<ul>\r\n<li>Allow SVG attributes <code>color-profile</code>,\r\n<code>cursor</code>, <code>filter</code>, <code>marker</code>, and\r\n<code>mask</code>. [<a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/246\">#246</a>]</li>\r\n<li>Allow SVG elements <code>altGlyph</code>, <code>cursor</code>,\r\n<code>feImage</code>, <code>pattern</code>, and <code>tref</code>. [<a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/246\">#246</a>]</li>\r\n<li>Allow protocols <code>fax</code> and <code>modem</code>. [<a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/255\">#255</a>]\r\n(Thanks, <a\r\nhref=\"https://github.com/cjba7\"><code>@​cjba7</code></a>!)</li>\r\n</ul>\r\n<h2>2.19.1 / 2022-12-13</h2>\r\n<h3>Security</h3>\r\n<ul>\r\n<li>Address CVE-2022-23514, inefficient regular expression complexity.\r\nSee <a\r\nhref=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh\">GHSA-486f-hjj9-9vhh</a>\r\nfor more information.</li>\r\n<li>Address CVE-2022-23515, improper neutralization of data URIs. See <a\r\nhref=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx\">GHSA-228g-948r-83gx</a>\r\nfor more information.</li>\r\n<li>Address CVE-2022-23516, uncontrolled recursion. See <a\r\nhref=\"https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm\">GHSA-3x8r-x6xp-q4vm</a>\r\nfor more information.</li>\r\n</ul>\r\n<h2>2.19.0 / 2022-09-14</h2>\r\n<h3>Features</h3>\r\n<ul>\r\n<li>Allow SVG 1.0 color keyword names in CSS attributes. These colors\r\nare part of the <a\r\nhref=\"https://www.w3.org/TR/css-color-3/#svg-color\">CSS Color Module\r\nLevel 3</a> recommendation released 2022-01-18. [<a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/243\">#243</a>]</li>\r\n</ul>\r\n</blockquote>\r\n</details>\r\n<details>\r\n<summary>Commits</summary>\r\n<ul>\r\n<li><a\r\nhref=\"https://github.com/flavorjones/loofah/commit/3d80a4eb2745e466c4f7958cb838ce3806ecbff7\"><code>3d80a4e</code></a>\r\nversion bump to v2.20.0</li>\r\n<li><a\r\nhref=\"https://github.com/flavorjones/loofah/commit/c8211c1e90830fc863e8d1d04206ed49a104e6ee\"><code>c8211c1</code></a>\r\nMerge pull request <a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/260\">#260</a>\r\nfrom flavorjones/flavorjones-more-flexible-testing</li>\r\n<li><a\r\nhref=\"https://github.com/flavorjones/loofah/commit/24dbde5d343af9d107149385a3029435836f5204\"><code>24dbde5</code></a>\r\ntest: make the generated tests more flexible</li>\r\n<li><a\r\nhref=\"https://github.com/flavorjones/loofah/commit/69447605c6671448965bd05da3784956c64024e5\"><code>6944760</code></a>\r\nMerge pull request <a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/259\">#259</a>\r\nfrom orien/ruby3.2</li>\r\n<li><a\r\nhref=\"https://github.com/flavorjones/loofah/commit/f5ab30b1bbf28bc9dd907353d29e38eed8558b24\"><code>f5ab30b</code></a>\r\nCI: add Ruby 3.2 to the test matrix</li>\r\n<li><a\r\nhref=\"https://github.com/flavorjones/loofah/commit/f8df8521c6d9bff53fe2222e0f3616df07d97fb1\"><code>f8df852</code></a>\r\nMerge pull request <a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/257\">#257</a>\r\nfrom kyoshidajp/update-checkout-v3</li>\r\n<li><a\r\nhref=\"https://github.com/flavorjones/loofah/commit/254a1c95cd6a8d9110fb65ab0262223a66b6d1db\"><code>254a1c9</code></a>\r\nBump actions/checkout from 2 to 3</li>\r\n<li><a\r\nhref=\"https://github.com/flavorjones/loofah/commit/01305b6c39e0b5658690fe8aa0ab8a62bff3c50c\"><code>01305b6</code></a>\r\nMerge pull request <a\r\nhref=\"https://redirect.github.com/flavorjones/loofah/issues/255\">#255</a>\r\nfrom cjba7/cjba7-add-fax-to-acceptable-protocols</li>\r\n<li><a\r\nhref=\"https://github.com/flavorjones/loofah/commit/b0e6f7c158d85d3d1352983f9e0ad8654967054c\"><code>b0e6f7c</code></a>\r\ndoc: update CHANGELOG</li>\r\n<li><a\r\nhref=\"https://github.com/flavorjones/loofah/commit/ed2c917177689ce0f2fd23cbf157125365075651\"><code>ed2c917</code></a>\r\nAdded &quot;fax&quot; and &quot;modem&quot; to acceptable protocols\r\nbased on rfc2806.</li>\r\n<li>Additional commits viewable in <a\r\nhref=\"https://github.com/flavorjones/loofah/compare/v2.18.0...v2.20.0\">compare\r\nview</a></li>\r\n</ul>\r\n</details>\r\n<br />\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=loofah&package-manager=bundler&previous-version=2.18.0&new-version=2.20.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n<details>\r\n<summary>Dependabot commands and options</summary>\r\n<br />\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/ViewComponent/rspec-viewcomponent/network/alerts).\r\n\r\n</details>\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump loofah from 2.18.0 to 2.20.0 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1653881615\" data-permission-text=\"Title is private\" data-url=\"https://github.com/ViewComponent/rspec-viewcomponent/issues/10\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/ViewComponent/rspec-viewcomponent/pull/10/hovercard\" href=\"https://github.com/ViewComponent/rspec-viewcomponent/pull/10\">#10</a>)"}},{"before":null,"after":"878522dc71daf828cb2161886aa785884d55e57a","ref":"refs/heads/dependabot/bundler/rails-html-sanitizer-1.5.0","pushedAt":"2023-04-04T13:21:22.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump rails-html-sanitizer from 1.4.3 to 1.5.0\n\nBumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.4.3 to 1.5.0.\n- [Release notes](https://github.com/rails/rails-html-sanitizer/releases)\n- [Changelog](https://github.com/rails/rails-html-sanitizer/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.4.3...v1.5.0)\n\n---\nupdated-dependencies:\n- dependency-name: rails-html-sanitizer\n  dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Bump rails-html-sanitizer from 1.4.3 to 1.5.0"}},{"before":null,"after":"4c3b4cbd319f349c22a9fc7425ee4042aa1b67ef","ref":"refs/heads/dependabot/bundler/loofah-2.20.0","pushedAt":"2023-04-04T13:21:19.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump loofah from 2.18.0 to 2.20.0\n\nBumps [loofah](https://github.com/flavorjones/loofah) from 2.18.0 to 2.20.0.\n- [Release notes](https://github.com/flavorjones/loofah/releases)\n- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/flavorjones/loofah/compare/v2.18.0...v2.20.0)\n\n---\nupdated-dependencies:\n- dependency-name: loofah\n  dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Bump loofah from 2.18.0 to 2.20.0"}},{"before":"8bc8d3ad4d88f7668e27e9e654cee600d25675c6","after":null,"ref":"refs/heads/dependabot/bundler/rack-2.2.6.4","pushedAt":"2023-04-04T13:20:31.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"46559046c01bb21de111441be98b5fba2289e6f2","after":"a7bbe3a526992534e41514a5c1be18b9b2b18280","ref":"refs/heads/main","pushedAt":"2023-04-04T13:20:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"boardfish","name":"Simon Fish","path":"/boardfish","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/20680337?s=80&v=4"},"commit":{"message":"Bump rack from 2.2.4 to 2.2.6.4 (#9)\n\nBumps [rack](https://github.com/rack/rack) from 2.2.4 to 2.2.6.4.\r\n<details>\r\n<summary>Changelog</summary>\r\n<p><em>Sourced from <a\r\nhref=\"https://github.com/rack/rack/blob/main/CHANGELOG.md\">rack's\r\nchangelog</a>.</em></p>\r\n<blockquote>\r\n<h1>Changelog</h1>\r\n<p>All notable changes to this project will be documented in this file.\r\nFor info on how to format all future additions to this file please\r\nreference <a href=\"https://keepachangelog.com/en/1.0.0/\">Keep A\r\nChangelog</a>.</p>\r\n<h2>Unreleased</h2>\r\n<h3>SPEC Changes</h3>\r\n<ul>\r\n<li><code>rack.input</code> is now optional. (<a\r\nhref=\"https://redirect.github.com/rack/rack/pull/1997\">#1997</a>, [<a\r\nhref=\"https://github.com/ioquatix\"><code>@​ioquatix</code></a>])</li>\r\n</ul>\r\n<h3>Changed</h3>\r\n<ul>\r\n<li><code>rack.input</code> is now optional, and if missing, will raise\r\nan error. Use this to fail on multipart parsing a request without an\r\ninput body. (<a\r\nhref=\"https://redirect.github.com/rack/rack/pull/2018\">#2018</a>, [<a\r\nhref=\"https://github.com/ioquatix\"><code>@​ioquatix</code></a>])</li>\r\n<li>Introduce <code>module Rack::BadRequest</code> which is included in\r\nmultipart and query parser errors. (<a\r\nhref=\"https://redirect.github.com/rack/rack/pull/2019\">#2019</a>, [<a\r\nhref=\"https://github.com/ioquatix\"><code>@​ioquatix</code></a>])</li>\r\n<li>MIME type for JavaScript files (<code>.js</code>) changed from\r\n<code>application/javascript</code> to <code>text/javascript</code> (<a\r\nhref=\"https://github.com/rack/rack/commit/1bd0f1597d8f4a90d47115f3e156a8ce7870c9c8\"><code>1bd0f15</code></a>)</li>\r\n<li>Add <code>.mjs</code> MIME type (<a\r\nhref=\"https://redirect.github.com/rack/rack/pull/2057\">#2057</a>, [<a\r\nhref=\"https://github.com/axilleas\"><code>@​axilleas</code></a>])</li>\r\n</ul>\r\n<h2>[3.0.7] - 2023-03-16</h2>\r\n<ul>\r\n<li>Make query parameters without <code>=</code> have <code>nil</code>\r\nvalues. (<a\r\nhref=\"https://redirect.github.com/rack/rack/pull/2059\">#2059</a>, [<a\r\nhref=\"https://github.com/jeremyevans\"><code>@​jeremyevans</code></a>])</li>\r\n</ul>\r\n<h2>[3.0.6.1] - 2023-03-13</h2>\r\n<ul>\r\n<li>[CVE-2023-27539] Avoid ReDoS in header parsing</li>\r\n</ul>\r\n<h2>[3.0.6] - 2023-03-13</h2>\r\n<ul>\r\n<li>Add <code>QueryParser#missing_value</code> for handling missing\r\nvalues + tests. (<a\r\nhref=\"https://redirect.github.com/rack/rack/pull/2052\">#2052</a>, [<a\r\nhref=\"https://github.com/ioquatix\"><code>@​ioquatix</code></a>])</li>\r\n</ul>\r\n<h2>[3.0.5] - 2023-03-13</h2>\r\n<ul>\r\n<li>Split form/query parsing into two steps. (<a\r\nhref=\"https://redirect.github.com/rack/rack/pull/2038\">#2038</a>, <a\r\nhref=\"https://github.com/matthewd\"><code>@​matthewd</code></a>)</li>\r\n</ul>\r\n<h2>[3.0.4.2] - 2023-03-02</h2>\r\n<ul>\r\n<li>[CVE-2023-27530] Introduce multipart_total_part_limit to limit total\r\nparts</li>\r\n</ul>\r\n<h2>[3.0.4.1] - 2023-01-17</h2>\r\n<ul>\r\n<li>[CVE-2022-44571] Fix ReDoS vulnerability in multipart parser</li>\r\n<li>[CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges</li>\r\n<li>[CVE-2022-44572] Forbid control characters in attributes (also\r\nReDoS)</li>\r\n</ul>\r\n<h2>[3.0.4] - 2023-01-17</h2>\r\n<ul>\r\n<li><code>Rack::Request#POST</code> should consistently raise errors.\r\nCache errors that occur when invoking <code>Rack::Request#POST</code> so\r\nthey can be raised again later. (<a\r\nhref=\"https://redirect.github.com/rack/rack/pull/2010\">#2010</a>, [<a\r\nhref=\"https://github.com/ioquatix\"><code>@​ioquatix</code></a>])</li>\r\n<li>Fix <code>Rack::Lint</code> error message for\r\n<code>HTTP_CONTENT_TYPE</code> and <code>HTTP_CONTENT_LENGTH</code>. (<a\r\nhref=\"https://redirect.github.com/rack/rack/pull/2007\">#2007</a>, <a\r\nhref=\"https://github.com/byroot\"><code>@​byroot</code></a>)</li>\r\n<li>Extend <code>Rack::MethodOverride</code> to handle\r\n<code>QueryParser::ParamsTooDeepError</code> error. (<a\r\nhref=\"https://redirect.github.com/rack/rack/pull/2006\">#2006</a>, <a\r\nhref=\"https://github.com/byroot\"><code>@​byroot</code></a>)</li>\r\n</ul>\r\n<h2>[3.0.3] - 2022-12-27</h2>\r\n<!-- raw HTML omitted -->\r\n</blockquote>\r\n<p>... (truncated)</p>\r\n</details>\r\n<details>\r\n<summary>Commits</summary>\r\n<ul>\r\n<li><a\r\nhref=\"https://github.com/rack/rack/commit/27addc7f1ae290b6b84c1c351e5b6d75a05bb40b\"><code>27addc7</code></a>\r\nbump version</li>\r\n<li><a\r\nhref=\"https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff\"><code>ee7919e</code></a>\r\nAvoid ReDoS problem</li>\r\n<li><a\r\nhref=\"https://github.com/rack/rack/commit/d6b5b2bab88f458fb048133604faebea952d8133\"><code>d6b5b2b</code></a>\r\nbump version</li>\r\n<li><a\r\nhref=\"https://github.com/rack/rack/commit/9aac3757fe19cdb0476504c9245170115bec9668\"><code>9aac375</code></a>\r\nLimit all multipart parts, not just files</li>\r\n<li><a\r\nhref=\"https://github.com/rack/rack/commit/2606ac5d5d180c00a8cbcaa4d634276bab06500e\"><code>2606ac5</code></a>\r\nbumping version</li>\r\n<li><a\r\nhref=\"https://github.com/rack/rack/commit/f6d4f528f2df1318a6612845db0b59adc7fe8fc1\"><code>f6d4f52</code></a>\r\nFix ReDoS in Rack::Utils.get_byte_ranges</li>\r\n<li><a\r\nhref=\"https://github.com/rack/rack/commit/20bc90c2431d7fabcd1873410543cf3d72f65004\"><code>20bc90c</code></a>\r\nbump version</li>\r\n<li><a\r\nhref=\"https://github.com/rack/rack/commit/3677f170b4ac713defb84cd6a86431623ba0adc0\"><code>3677f17</code></a>\r\nUpdate changelog</li>\r\n<li><a\r\nhref=\"https://github.com/rack/rack/commit/ee25ab9a7ee981d7578f559701085b0cf39bde77\"><code>ee25ab9</code></a>\r\nFix ReDoS vulnerability in multipart parser</li>\r\n<li><a\r\nhref=\"https://github.com/rack/rack/commit/19e49f0f185d7e42ed5b402baec6c897a8c48029\"><code>19e49f0</code></a>\r\nForbid control characters in attributes</li>\r\n<li>Additional commits viewable in <a\r\nhref=\"https://github.com/rack/rack/compare/2.2.4...v2.2.6.4\">compare\r\nview</a></li>\r\n</ul>\r\n</details>\r\n<br />\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack&package-manager=bundler&previous-version=2.2.4&new-version=2.2.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n<details>\r\n<summary>Dependabot commands and options</summary>\r\n<br />\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/ViewComponent/rspec-viewcomponent/network/alerts).\r\n\r\n</details>\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump rack from 2.2.4 to 2.2.6.4 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1644188721\" data-permission-text=\"Title is private\" data-url=\"https://github.com/ViewComponent/rspec-viewcomponent/issues/9\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/ViewComponent/rspec-viewcomponent/pull/9/hovercard\" href=\"https://github.com/ViewComponent/rspec-viewcomponent/pull/9\">#9</a>)"}},{"before":null,"after":"8bc8d3ad4d88f7668e27e9e654cee600d25675c6","ref":"refs/heads/dependabot/bundler/rack-2.2.6.4","pushedAt":"2023-03-28T15:23:01.909Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump rack from 2.2.4 to 2.2.6.4\n\nBumps [rack](https://github.com/rack/rack) from 2.2.4 to 2.2.6.4.\n- [Release notes](https://github.com/rack/rack/releases)\n- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/rack/rack/compare/2.2.4...v2.2.6.4)\n\n---\nupdated-dependencies:\n- dependency-name: rack\n  dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Bump rack from 2.2.4 to 2.2.6.4"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAADEfMqlwA","startCursor":null,"endCursor":null}},"title":"Activity · ViewComponent/rspec-viewcomponent"}