Bump the bundler group across 1 directory with 8 updates

[dependabot]

Bumps the bundler group with 3 updates in the / directory: rails, puma and rexml.

Updates rails from 7.1.2 to 7.1.3.1

Release notes

Sourced from rails's releases.

7.1.3.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix possible XSS vulnerability with the translate method in controllers

  CVE-2024-26143

• Fix ReDoS in Accept header parsing

  CVE-2024-26142

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

... (truncated)

Commits

• d73ed95 Preparing for 7.1.3.1 release
• 43037d8 update changelog
• 5187a9e fix XSS vulnerability when using translation
• b4d3bfb Fix ReDoS in accept header scanning
• 36c1591 Preparing for 7.1.3 release
• a84622f Sync changelog
• 1f505f0 Merge pull request #50771 from rails/backport-preview-nplus1
• d8a8dd9 Merge pull request #50758 from rails/fix-video-preview-nplus1
• a0eef52 Merge pull request #50767 from rporrasluc/fix-db-runtime-calculation
• 8a0767d Fix test setup to raise SyntaxError on Ruby 2.7
• Additional commits viewable in compare view

Updates puma from 6.4.0 to 6.4.2

Release notes

Sourced from puma's releases.

6.4.1

• Bugfixes

  • DSL#warn_if_in_single_mode - fixup when workers set via CLI (#3256)
  • Fix idle-timeout not working in cluster mode (#3235, #3228, #3282, #3283)
  • Fix worker 0 timing out during phased restart (#3225, #2786)
  • context_builder.rb - require openssl if verify_mode != 'none' (#3179)
  • Make puma cluster process suitable as PID 1 (#3255)
  • Improve Puma::NullIO consistency with real IO (#3276)
  • extconf.rb - fixup to detect openssl info in Ruby build (#3271, #3266)
  • MiniSSL.java - set serialVersionUID, fix RaiseException deprecation (#3270)
  • dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set (#3265, #3264)

• Maintenance

  • LOTS of test refactoring to make tests more stable and easier to write - thanks to @​MSP-Greg!
  • Fix bug in tests re: TestPuma::HOST4 (#3254)
  • Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed (#3245)
  • fix define_method calls, use Symbol parameter instead of String (#3293)

• Docs

  • README.md - add the puma-acme plugin (#3301)
  • Remove --keep-file-descriptors flag from systemd docs (#3248)
  • Note symlink mechanism in restart documentation for hot restart (#3298)

Changelog

Sourced from puma's changelog.

6.4.2 / 2024-01-08

• Security
  • Limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. (GHSA-c2f4-cvqm-65w2)

6.4.1 / 2024-01-03

• Bugfixes

  • DSL#warn_if_in_single_mode - fixup when workers set via CLI (#3256)
  • Fix idle-timeout not working in cluster mode (#3235, #3228, #3282, #3283)
  • Fix worker 0 timing out during phased restart (#3225, #2786)
  • context_builder.rb - require openssl if verify_mode != 'none' (#3179)
  • Make puma cluster process suitable as PID 1 (#3255)
  • Improve Puma::NullIO consistency with real IO (#3276)
  • extconf.rb - fixup to detect openssl info in Ruby build (#3271, #3266)
  • MiniSSL.java - set serialVersionUID, fix RaiseException deprecation (#3270)
  • dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set (#3265, #3264)

• Maintenance

  • LOTS of test refactoring to make tests more stable and easier to write - thanks to @​MSP-Greg!
  • Fix bug in tests re: TestPuma::HOST4 (#3254)
  • Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed (#3245)
  • fix define_method calls, use Symbol parameter instead of String (#3293)

• Docs

  • README.md - add the puma-acme plugin (#3301)
  • Remove --keep-file-descriptors flag from systemd docs (#3248)
  • Note symlink mechanism in restart documentation for hot restart (#3298)

Commits

• 5fc43d7 5.6.8 and 6.4.2
• dfbba22 6.4.2
• 60d5ee3 Merge pull request from GHSA-c2f4-cvqm-65w2
• a287025 6.4.1 version tick!
• 32a629d 6.4.1
• 7e17826 [Fix #3282] idle-timeout not waiting on all workers in cluster mode (#3283)
• 437142e README.md - add the puma-acme plugin (#3301)
• e9125fa [CI] Change all workflow file extensions to '.yml' (#3300)
• d49dec9 [CI] Add Ruby 3.3, use 'rubygems: latest' in tests.yaml MRI (#3299)
• 2d27225 Note symlink mechanism in restart documentation for hot restart (#3298)
• Additional commits viewable in compare view

Updates actionpack from 7.1.2 to 7.1.3.1

Release notes

Sourced from actionpack's releases.

7.1.3.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix possible XSS vulnerability with the translate method in controllers

  CVE-2024-26143

• Fix ReDoS in Accept header parsing

  CVE-2024-26142

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 7.1.3.1 (February 21, 2024)

• Fix possible XSS vulnerability with the translate method in controllers

  CVE-2024-26143

• Fix ReDoS in Accept header parsing

  CVE-2024-26142

Rails 7.1.3 (January 16, 2024)

• Fix including Rails.application.routes.url_helpers directly in an ActiveSupport::Concern.

  Jonathan Hefner

• Fix system tests when using a Chrome binary that has been downloaded by Selenium.

  Jonathan Hefner

Commits

• d73ed95 Preparing for 7.1.3.1 release
• 43037d8 update changelog
• 5187a9e fix XSS vulnerability when using translation
• b4d3bfb Fix ReDoS in accept header scanning
• 36c1591 Preparing for 7.1.3 release
• a84622f Sync changelog
• 8a0767d Fix test setup to raise SyntaxError on Ruby 2.7
• 894f933 Merge pull request #50764 from eugeneius/syntax_error_proxy_nil_backtrace_loc...
• b02f6c9 Merge pull request #48957 from cmaruz/48326
• c1e8b36 Merge pull request #50466 from skipkayhil/hm-fix-to-symbol-raising-nomethoderror
• Additional commits viewable in compare view

Updates actiontext from 7.1.2 to 7.1.3.1

Release notes

Sourced from actiontext's releases.

7.1.3.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Fix possible XSS vulnerability with the translate method in controllers

  CVE-2024-26143

• Fix ReDoS in Accept header parsing

  CVE-2024-26142

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

... (truncated)

Changelog

Sourced from actiontext's changelog.

Rails 7.1.3.1 (February 21, 2024)

• No changes.

Rails 7.1.3 (January 16, 2024)

• No changes.

Commits

• d73ed95 Preparing for 7.1.3.1 release
• 43037d8 update changelog
• 36c1591 Preparing for 7.1.3 release
• a84622f Sync changelog
• 2606c66 Use verb form of "fallback"
• bd5bf43 Merge pull request #50252 from seanpdoyle/rich-text-area-docs
• 09a9cb9 Merge pull request #50165 from jonathanhefner/follow-up-48290-selector
• 5b34d62 Rebuild Action Text's JavaScript
• a02b323 Merge pull request #50081 from maxnotarangelo/fix-typo-in-production-initializer
• See full diff in compare view

Updates nokogiri from 1.15.5 to 1.16.5

Release notes

Sourced from nokogiri's releases.

v1.16.5 / 2024-05-13

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

---

sha256 checksums:

af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874  nokogiri-1.16.5-aarch64-linux.gem
23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec  nokogiri-1.16.5-arm-linux.gem
950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214  nokogiri-1.16.5-arm64-darwin.gem
b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989  nokogiri-1.16.5-java.gem
ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e  nokogiri-1.16.5-x64-mingw-ucrt.gem
6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107  nokogiri-1.16.5-x64-mingw32.gem
abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4  nokogiri-1.16.5-x86-linux.gem
63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4  nokogiri-1.16.5-x86-mingw32.gem
71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279  nokogiri-1.16.5-x86_64-darwin.gem
0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97  nokogiri-1.16.5-x86_64-linux.gem
ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2  nokogiri-1.16.5.gem

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

---

sha256 checksums:

bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5  nokogiri-1.16.4-aarch64-linux.gem
0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a  nokogiri-1.16.4-arm-linux.gem
8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196  nokogiri-1.16.4-arm64-darwin.gem
bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc  nokogiri-1.16.4-java.gem
a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae  nokogiri-1.16.4-x64-mingw-ucrt.gem
4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468  nokogiri-1.16.4-x64-mingw32.gem
d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5  nokogiri-1.16.4-x86-linux.gem
d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168  nokogiri-1.16.4-x86-mingw32.gem
a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628  nokogiri-1.16.4-x86_64-darwin.gem
92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31  nokogiri-1.16.4-x86_64-linux.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.5

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

v1.16.3 / 2024-03-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.6 from v2.12.5. (@​flavorjones)

Changed

• [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.5 from v2.12.4. (@​flavorjones)

v1.16.1 / 2024-02-03

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.4 from v2.12.3. (@​flavorjones)

... (truncated)

Commits

• cd70bd3 version bump to v1.16.5
• afc36de dep: update vendored libxml2 to v2.12.7 (#3191)
• 41b4f08 ci: add arm64-darwin coverage using macos-14
• 67b9e86 dep: update libxml2 to v2.12.7
• 17c0362 version bump to v1.16.4
• 1c329e9 dep: update to zlib 1.3.1 (v1.16.x) (#3175)
• edeac07 dep: update to zlib 1.3.1
• 80fb608 version bump to v1.16.3
• 710bd96 dep: update libxml 2.12.6 (branch v1.16.x) (#3151)
• 461a96e fix: Reader#read sets @​encoding if it is unset
• Additional commits viewable in compare view

Updates rack from 3.0.8 to 3.0.11

Release notes

Sourced from rack's releases.

v3.0.9.1

What's Changed

• Fixed ReDoS in Accept header parsing [CVE-2024-26146]
• Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
• Reject Range headers which are too large [CVE-2024-26141]

Full Changelog: rack/rack@v3.0.9...v3.0.9.1

v3.0.9

What's Changed

• Fix content-length calcuation in Rack:Response#write #2150

Full Changelog: rack/rack@v3.0.8...v3.0.9

Changelog

Sourced from rack's changelog.

[3.0.11] - 2024-05-10

• Backport #2062 to 3-0-stable: Do not allow BodyProxy to respond to to_str, make to_ary call close . (#2062, @​jeremyevans)

[3.0.10] - 2024-03-21

• Backport #2104 to 3-0-stable: Return empty when parsing a multi-part POST with only one end delimiter. (#2164, @​JoeDupuis)

[3.0.9.1] - 2024-02-21

Security

• CVE-2024-26146 Fixed ReDoS in Accept header parsing
• CVE-2024-25126 Fixed ReDoS in Content Type header parsing
• CVE-2024-26141 Reject Range headers which are too large

[3.0.9] - 2024-01-31

• Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, @​mattbrictson)

Commits

• See full diff in compare view

Updates rdoc from 6.6.2 to 6.7.0

Release notes

Sourced from rdoc's releases.

v6.7.0

What's Changed

• Fix support for rb_file_const and rb_curses_define_const by @​nobu in ruby/rdoc#1069
• Bump actions/upload-pages-artifact from 2 to 3 by @​dependabot in ruby/rdoc#1071
• Bump actions/deploy-pages from 3 to 4 by @​dependabot in ruby/rdoc#1070
• Use master of setup-ruby by @​nobu in ruby/rdoc#1072
• Allow empty name rdoc-ref as a local link by @​nobu in ruby/rdoc#1073
• [DOC] MarkupReference by @​BurdetteLamar in ruby/rdoc#1075
• Bump ruby/setup-ruby from 1.162.0 to 1.165.1 by @​dependabot in ruby/rdoc#1074
• [DOC] Tweaks to Markup Reference by @​BurdetteLamar in ruby/rdoc#1077
• Sort coverage outputs by @​nobu in ruby/rdoc#1078
• Ignore locale at write_options by @​nobu in ruby/rdoc#1079
• Singleton visibility by @​nobu in ruby/rdoc#1080
• Respect modeline to detect parser by @​nobu in ruby/rdoc#1081
• Bump ruby/setup-ruby from 1.165.1 to 1.169.0 by @​dependabot in ruby/rdoc#1085
• Don't document aliases with trailing :nodoc directive by @​p8 in ruby/rdoc#1090
• Bump ruby/setup-ruby from 1.169.0 to 1.171.0 by @​dependabot in ruby/rdoc#1089
• Bump ruby/setup-ruby from 1.171.0 to 1.172.0 by @​dependabot in ruby/rdoc#1092
• Fix ToMarkdown missing newlines for label-lists by @​skipkayhil in ruby/rdoc#1094
• Fix ToRdoc generating incorrect {label,name}-lists by @​skipkayhil in ruby/rdoc#1093
• [DOC] Improve documentation of :include: directive file search by @​p8 in ruby/rdoc#1083
• Allow rich definition list labels for Markdown by @​skipkayhil in ruby/rdoc#1096
• Test only with truffleruby-head by @​nobu in ruby/rdoc#1095
• test: Add tests for RDoc::TokenStream class by @​toshimaru in ruby/rdoc#1068
• Use readline history when ri is running interactive by @​adam12 in ruby/rdoc#861
• Revert "Test only with truffleruby-head" by @​eregon in ruby/rdoc#1099
• Bump ruby/setup-ruby from 1.172.0 to 1.173.0 by @​dependabot in ruby/rdoc#1101
• Bump actions/configure-pages from 4 to 5 by @​dependabot in ruby/rdoc#1102
• Bump ruby/setup-ruby from 1.173.0 to 1.174.0 by @​dependabot in ruby/rdoc#1105
• Bump ruby/setup-ruby from 1.174.0 to 1.175.1 by @​dependabot in ruby/rdoc#1106
• Bump ruby/setup-ruby from 1.175.1 to 1.176.0 by @​dependabot in ruby/rdoc#1108
• Fix typo in CONTRIBUTING.md by @​okuramasafumi in ruby/rdoc#1109
• [DOC] Correct .rdoc_options filename in comment by @​adam12 in ruby/rdoc#1103

New Contributors

• @​skipkayhil made their first contribution in ruby/rdoc#1094
• @​adam12 made their first contribution in ruby/rdoc#861
• @​okuramasafumi made their first contribution in ruby/rdoc#1109

Full Changelog: ruby/rdoc@v6.6.3.1...v6.7.0

Commits

• a667e61 Bump up 6.7.0
• 5c7ea6f Correct .rdoc_options filename in comment
• 0c88dc5 Fix typo in CONTRIBUTING.md
• 2ded4f7 Bump ruby/setup-ruby from 1.175.1 to 1.176.0
• 16b46de Bump ruby/setup-ruby from 1.174.0 to 1.175.1
• 8a68a01 Bump ruby/setup-ruby from 1.173.0 to 1.174.0
• dd493df show warning for unused block
• 3ecf346 Bump actions/configure-pages from 4 to 5
• 1c2af1e Bump ruby/setup-ruby from 1.172.0 to 1.173.0
• 924cc6e Merge branch 'ruby-3-3-cve-2024-27281'
• Additional commits viewable in compare view

Updates rexml from 3.2.6 to 3.2.8

Release notes

Sourced from rexml's releases.

REXML 3.2.8 - 2024-05-16

Fixes

• Suppressed a warning

REXML 3.2.7 - 2024-05-16

Improvements

• Improve parse performance by using StringScanner.

  • GH-106

  • GH-107

  • GH-108

  • GH-109

  • GH-112

  • GH-113

  • GH-114

  • GH-115

  • GH-116

  • GH-117

  • GH-118

  • GH-119

  • GH-121

  • Patch by NAITOH Jun.

• Improved parse performance when an attribute has many <s.

  • GH-126

Fixes

• XPath: Fixed a bug of normalize_space(array).

  • GH-110

  • GH-111

  • Patch by flatisland.

• XPath: Fixed a bug that wrong position is used with nested path.

  • GH-110

  • GH-122

  • Reported by jcavalieri.

  • Patch by NAITOH Jun.

• Fixed a bug that an exception message can't be generated for invalid encoding XML.

... (truncated)

Changelog

Sourced from rexml's changelog.

3.2.8 - 2024-05-16 {#version-3-2-8}

Fixes

• Suppressed a warning

3.2.7 - 2024-05-16 {#version-3-2-7}

Improvements

• Improve parse performance by using StringScanner.

  • GH-106

  • GH-107

  • GH-108

  • GH-109

  • GH-112

  • GH-113

  • GH-114

  • GH-115

  • GH-116

  • GH-117

  • GH-118

  • GH-119

  • GH-121

  • Patch by NAITOH Jun.

• Improved parse performance when an attribute has many <s.

  • GH-126

Fixes

• XPath: Fixed a bug of normalize_space(array).

  • GH-110

  • GH-111

  • Patch by flatisland.

• XPath: Fixed a bug that wrong position is used with nested path.

  • GH-110

  • GH-122

  • Reported by jcavalieri.

  • Patch by NAITOH Jun.

• Fixed a bug that an exception message can't be generated for

... (truncated)

Commits

• 1cf37ba Add 3.2.8 entry
• b67081c Remove an unused variable (#128)
• 94e180e Suppress a warning
• d574ba5 ci: install only gems required for running tests (#129)
• 4670f8f Add missing Thanks section
• 9ba35f9 Bump version
• 085def0 Add 3.2.7 entry
• 4325835 Read quoted attributes in chunks (#126)
• e77365e Exclude older than 2.6 on macos-14
• bf2c8ed Move development dependencies to Gemfile (#124)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

Gemfile.lock

Package	Version	License	Issue Type
net-imap	0.4.12	Null	Unknown License
reline	0.5.8	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
rubygems/rails	~> 7.1.3	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/rails	~> 7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/rdoc	6.6.2	🟢 6.6	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3
rubygems/actionpack	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/nokogiri	1.15.5	🟢 6.4	Details Check Score Reason Code-Review ⚠️ 1 Found 1/7 approved changesets -- score normalized to 1 Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Binary-Artifacts ⚠️ 1 binaries present in source code Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/puma	6.4.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 7 Found 22/30 approved changesets -- score normalized to 7 Maintained 🟢 10 14 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/rack	3.0.8	🟢 7.2	Details Check Score Reason Code-Review 🟢 7 Found 20/28 approved changesets -- score normalized to 7 Maintained 🟢 10 17 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/rails	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/rexml	3.2.6	🟢 4.9	Details Check Score Reason Code-Review 🟢 6 Found 20/30 approved changesets -- score normalized to 6 Maintained 🟢 10 22 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging ⚠️ -1 packaging workflow not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/actioncable	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/actionmailbox	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/actionmailer	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/actionpack	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/actiontext	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/actionview	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/activejob	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/activemodel	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/activerecord	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/activestorage	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/activesupport	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/bigdecimal	3.1.8	Unknown	Unknown
rubygems/concurrent-ruby	1.3.1	🟢 4.9	Details Check Score Reason Code-Review 🟢 6 Found 14/22 approved changesets -- score normalized to 6 Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/drb	2.2.1	🟢 3.7	Details Check Score Reason Code-Review 🟢 3 Found 5/14 approved changesets -- score normalized to 3 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/i18n	1.14.5	🟢 5.3	Details Check Score Reason Code-Review 🟢 5 Found 6/11 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/io-console	0.7.2	Unknown	Unknown
rubygems/irb	1.13.1	Unknown	Unknown
rubygems/marcel	1.0.4	🟢 4.2	Details Check Score Reason Code-Review 🟢 3 Found 8/26 approved changesets -- score normalized to 3 Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/minitest	5.23.1	Unknown	Unknown
rubygems/net-imap	0.4.12	Unknown	Unknown
rubygems/net-smtp	0.5.0	🟢 4.4	Details Check Score Reason Code-Review 🟢 7 Found 10/14 approved changesets -- score normalized to 7 Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/nio4r	2.7.3	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 2 Found 6/30 approved changesets -- score normalized to 2 Maintained 🟢 10 15 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/nokogiri	1.16.5	🟢 6.4	Details Check Score Reason Code-Review ⚠️ 1 Found 1/7 approved changesets -- score normalized to 1 Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Binary-Artifacts ⚠️ 1 binaries present in source code Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/puma	6.4.2	🟢 7.1	Details Check Score Reason Code-Review 🟢 7 Found 22/30 approved changesets -- score normalized to 7 Maintained 🟢 10 14 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/racc	1.8.0	🟢 4.8	Details Check Score Reason Code-Review 🟢 4 Found 6/15 approved changesets -- score normalized to 4 Maintained 🟢 10 19 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/rack	3.0.11	🟢 7.2	Details Check Score Reason Code-Review 🟢 7 Found 20/28 approved changesets -- score normalized to 7 Maintained 🟢 10 17 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/rails	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/railties	7.1.3.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/rake	13.2.1	🟢 5	Details Check Score Reason Code-Review 🟢 3 Found 2/6 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6
rubygems/rdoc	6.7.0	🟢 6.6	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3
rubygems/reline	0.5.8	Unknown	Unknown
rubygems/rexml	3.2.8	🟢 4.9	Details Check Score Reason Code-Review 🟢 6 Found 20/30 approved changesets -- score normalized to 6 Maintained 🟢 10 22 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging ⚠️ -1 packaging workflow not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/strscan	3.1.0	Unknown	Unknown
rubygems/thor	1.3.1	🟢 4.1	Details Check Score Reason Code-Review 🟢 7 Found 13/18 approved changesets -- score normalized to 7 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/zeitwerk	2.6.15	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 2/28 approved changesets -- score normalized to 0 Maintained 🟢 10 25 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/actioncable	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/actionmailbox	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/actionmailer	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/actiontext	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/actionview	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/activejob	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/activemodel	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/activerecord	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/activestorage	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/activesupport	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/bigdecimal	3.1.5	Unknown	Unknown
rubygems/concurrent-ruby	1.2.2	🟢 4.9	Details Check Score Reason Code-Review 🟢 6 Found 14/22 approved changesets -- score normalized to 6 Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/drb	2.2.0	🟢 3.7	Details Check Score Reason Code-Review 🟢 3 Found 5/14 approved changesets -- score normalized to 3 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/i18n	1.14.1	🟢 5.3	Details Check Score Reason Code-Review 🟢 5 Found 6/11 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/io-console	0.7.1	Unknown	Unknown
rubygems/irb	1.10.1	Unknown	Unknown
rubygems/marcel	1.0.2	🟢 4.2	Details Check Score Reason Code-Review 🟢 3 Found 8/26 approved changesets -- score normalized to 3 Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/minitest	5.20.0	Unknown	Unknown
rubygems/net-imap	0.4.8	Unknown	Unknown
rubygems/net-smtp	0.4.0	🟢 4.4	Details Check Score Reason Code-Review 🟢 7 Found 10/14 approved changesets -- score normalized to 7 Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/nio4r	2.7.0	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 2 Found 6/30 approved changesets -- score normalized to 2 Maintained 🟢 10 15 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/racc	1.7.3	🟢 4.8	Details Check Score Reason Code-Review 🟢 4 Found 6/15 approved changesets -- score normalized to 4 Maintained 🟢 10 19 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/railties	7.1.2	🟢 5.7	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
rubygems/rake	13.1.0	🟢 5	Details Check Score Reason Code-Review 🟢 3 Found 2/6 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6
rubygems/reline	0.4.1	Unknown	Unknown
rubygems/thor	1.3.0	🟢 4.1	Details Check Score Reason Code-Review 🟢 7 Found 13/18 approved changesets -- score normalized to 7 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
rubygems/zeitwerk	2.6.12	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 2/28 approved changesets -- score normalized to 0 Maintained 🟢 10 25 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

Gemfile

• rails@~> 7.1.3
• rails@~> 7.1.2

Gemfile.lock

• rdoc@6.6.2
• actionpack@7.1.2
• nokogiri@1.15.5
• puma@6.4.0
• rack@3.0.8
• rails@7.1.2
• rexml@3.2.6
• actioncable@7.1.3.1
• actionmailbox@7.1.3.1
• actionmailer@7.1.3.1
• actionpack@7.1.3.1
• actiontext@7.1.3.1
• actionview@7.1.3.1
• activejob@7.1.3.1
• activemodel@7.1.3.1
• activerecord@7.1.3.1
• activestorage@7.1.3.1
• activesupport@7.1.3.1
• bigdecimal@3.1.8
• concurrent-ruby@1.3.1
• drb@2.2.1
• i18n@1.14.5
• io-console@0.7.2
• irb@1.13.1
• marcel@1.0.4
• minitest@5.23.1
• net-imap@0.4.12
• net-smtp@0.5.0
• nio4r@2.7.3
• nokogiri@1.16.5
• puma@6.4.2
• racc@1.8.0
• rack@3.0.11
• rails@7.1.3.1
• railties@7.1.3.1
• rake@13.2.1
• rdoc@6.7.0
• reline@0.5.8
• rexml@3.2.8
• strscan@3.1.0
• thor@1.3.1
• zeitwerk@2.6.15
• actioncable@7.1.2
• actionmailbox@7.1.2
• actionmailer@7.1.2
• actiontext@7.1.2
• actionview@7.1.2
• activejob@7.1.2
• activemodel@7.1.2
• activerecord@7.1.2
• activestorage@7.1.2
• activesupport@7.1.2
• bigdecimal@3.1.5
• concurrent-ruby@1.2.2
• drb@2.2.0
• i18n@1.14.1
• io-console@0.7.1
• irb@1.10.1
• marcel@1.0.2
• minitest@5.20.0
• net-imap@0.4.8
• net-smtp@0.4.0
• nio4r@2.7.0
• racc@1.7.3
• railties@7.1.2
• rake@13.1.0
• reline@0.4.1
• thor@1.3.0
• zeitwerk@2.6.12