Skip to content

chore(deps-dev): bump addressable from 2.8.9 to 2.9.0#149

Merged
cardmagic merged 1 commit into
masterfrom
dependabot/bundler/addressable-2.9.0
May 14, 2026
Merged

chore(deps-dev): bump addressable from 2.8.9 to 2.9.0#149
cardmagic merged 1 commit into
masterfrom
dependabot/bundler/addressable-2.9.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps addressable from 2.8.9 to 2.9.0.

Changelog

Sourced from addressable's changelog.

Addressable 2.9.0

  • fixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete remediation in 2.8.10)

Addressable 2.8.10

  • fixes ReDoS vulnerability in Addressable::Template#match
Commits
  • 0c3e858 Revving version and changelog
  • 91915c1 Fixing additional vulnerable paths
  • a091e39 Add many more adversarial test cases to ensure we don't have any ReDoS regres...
  • 463a819 Regenerate gemspec on newer rubygems
  • 0afcb0b Improve from O(n^2) to O(n)
  • c87f768 Fix a ReDoS vulnerability in URI template matching
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Apr 8, 2026
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented Apr 8, 2026

PR author is in the excluded authors list.

@cardmagic
Copy link
Copy Markdown
Owner

cardmagic commented May 14, 2026

@dependabot rebase

@dependabot
chore(deps-dev): bump addressable from 2.8.9 to 2.9.0
2d9e6f0 
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.9 to 2.9.0.
- [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md)
- [Commits](sporkmonger/addressable@addressable-2.8.9...addressable-2.9.0)

---
updated-dependencies:
- dependency-name: addressable
  dependency-version: 2.9.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/addressable-2.9.0 branch from 2b23fe8 to 2d9e6f0 Compare May 14, 2026 16:15
@cardmagic cardmagic merged commit 519164a into master May 14, 2026
5 checks passed
@cardmagic cardmagic deleted the dependabot/bundler/addressable-2.9.0 branch May 14, 2026 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cardmagic