Skip to content

chore(deps): Bump the bundler group across 1 directory with 4 updates#525

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/bundler-2f82f0fe2e
Open

chore(deps): Bump the bundler group across 1 directory with 4 updates#525
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/bundler-2f82f0fe2e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Bumps the bundler group with 4 updates in the / directory: oj, fluent-plugin-concat, fluent-plugin-kafka and fluent-plugin-opensearch.

Updates oj from 3.17.0 to 3.17.3

Release notes

Sourced from oj's releases.

v3.17.3

What's Changed

Full Changelog: ohler55/oj@v3.17.1...v3.17.3

v3.17.1

What's Changed

New Contributors

Full Changelog: ohler55/oj@v3.17.0...v3.17.1

Changelog

Sourced from oj's changelog.

3.17.3 - 2026-06-04

  • Fixed issue in intern.c and fast.c.

3.17.2 - 2026-05-27

  • Fixed multiple issues related to extreme sizes.

3.17.1 - 2026-05-15

  • Fixed "quoted string not terminated" error.
Commits

Updates fluent-plugin-concat from 2.6.1 to 2.6.2

Changelog

Sourced from fluent-plugin-concat's changelog.

v2.6.2

Fixes

  • Fix unbounded growth of stream state in timeout handling (#150)
  • docs: clarify timeout handling to prevent silent log loss
Commits
  • 67b2cb2 Merge pull request #151 from fluent-plugins-nursery/v2.6.2
  • c1a0665 v2.6.2
  • 1176f29 Fix unbounded growth of stream state in timeout handling (#150)
  • ba79741 Merge pull request #149 from fluent-plugins-nursery/docs
  • d933bdc docs: clarify timeout handling to prevent silent log loss
  • 602a134 Merge pull request #147 from fluent-plugins-nursery/badge
  • d992f36 docs: update CI badges
  • 47e3db9 ci: enable updates in groups (#146)
  • dd09372 Bump actions/checkout from 6.0.2 to 6.0.3 (#144)
  • 42c9536 Bump actions/add-to-project from 1.0.2 to 2.0.0 (#145)
  • Additional commits viewable in compare view

Updates fluent-plugin-kafka from 0.19.6 to 0.19.7

Changelog

Sourced from fluent-plugin-kafka's changelog.

Release 0.19.7 - 2026/06/02 * in_rdkafka_group: support regexp pattern in topics (#541)

Release 0.19.6 - 2026/03/04

  • out_rdkafka2: Auto-configure SASL PLAIN when username and password are set (#547)
  • out_rdkafka2: Fix NoMethodError during graceful reload (#546)
  • out_rdkafka: Fix ArgumentError for ssl_client_cert_key_password (#545)
  • out_rdkafka, out_rdkafka2: Fix deprecation warning for max_wait_timeout in rdkafka-ruby >= 0.25.0 (#544)

Release 0.19.5 - 2025/07/11

  • in_kafka_group: Add sasl_aws_msk_iam_access_key_id, sasl_aws_msk_iam_secret_access_key and sasl_aws_msk_iam_aws_region options (#531)

Release 0.19.4 - 2025/03/24

  • Support Ruby 3.4. (#526)

Release 0.19.3 - 2024/08/02

  • out_rdkafka2: Add unrecoverable_error_codes parameter to handle specific error code as unrecoverable errors. topic_authorization_failed and msg_size_too_large are treated as such unrecoverable error by default. (#510)
  • out_rdkafka2: Add missing closing timeout feature to keep compatibility with rdkafka-ruby 0.12.x or later. (#505)
  • out_rdkafka2: Add idempotent parameter to enable idempotence in Kafka producer. (#501)
  • out_kafka2: Fix errors while sending data to EventHub by adding broker pool to take care of fetching metadata (#503)

Release 0.19.2 - 2023/10/13

  • out_rdkafka2: Add discard_kafka_delivery_failed_regex

Release 0.19.1 - 2023/09/20

  • out_rdkafka2: Add use_default_for_unknown_topic & use_default_for_unknown_partition_error

Release 0.19.0 - 2023/04/26

  • out_kafka2: Add support for AWS IAM authentication
  • in_kafka, in_kafka_group, out_kafka2: Add support for ssl client cert key password
  • out_rdkafka2: Mask ssl_client_cert_key_password on dumping it to log
  • out_rdkafka2: Support rdkafka-ruby 0.12

Release 0.18.1 - 2022/08/17

  • out_kafka2: Fix a bug that it doesn't respect chunk_limit_records and chunk_limit_size

Release 0.18.0 - 2022/07/21

  • out_kafka2: Keep alive Kafka connections between flushes
  • out_rdkafka2: Enable to set SASL credentials via username and password parameters
  • out_kafka2/out_rdkafka2: Add record_key parameter

Release 0.17.5 - 2022/03/18

  • out_kafka2: Add resolve_seed_brokers parameter

Release 0.17.4 - 2022/01/25

... (truncated)

Commits
  • b6eadb1 ci: update baseline of confluent (#562)
  • ec4f02d v0.19.7 (#563)
  • 5d1cc57 README.md: fix missing newline (#561)
  • bdc00af in_rdkafka_group: support regexp pattern in topics (#541)
  • 444951e build(deps): bump ruby/setup-ruby from 1.306.0 to 1.310.0 (#560)
  • 4b28148 build(deps): bump actions/stale from 10.2.0 to 10.3.0 (#559)
  • f9af461 build(deps): bump actions/add-to-project from 1.0.2 to 2.0.0 (#558)
  • 1688088 build(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 (#557)
  • 6f2fe5e CI: fix permission for stale action (#556)
  • 299e583 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 (#555)
  • Additional commits viewable in compare view

Updates fluent-plugin-opensearch from 1.1.5 to 1.1.6

Changelog

Sourced from fluent-plugin-opensearch's changelog.

1.1.6

  • out_opensearch_data_stream: filter failed items in data stream bulk error log (#175)
  • out_opensearch: fix default value of refresh_credentials_interval (#159)
Commits
  • 3ab3656 Merge pull request #177 from fluent/v1.1.6
  • 4709826 Merge pull request #176 from fluent/fix-badge
  • 724abb9 v1.1.6
  • dd51884 docs: fix status badge
  • cc90993 fix: filter failed items in data stream bulk error log (#175)
  • 5237368 Merge pull request #171 from fluent/dependabot/github_actions/ruby/setup-ruby...
  • 3140159 Merge pull request #172 from fluent/dependabot/github_actions/actions/create-...
  • 7265f25 Bump actions/create-github-app-token from 3.0.0 to 3.1.1
  • 732cf14 Bump ruby/setup-ruby from 1.299.0 to 1.306.0
  • 2c5400c Bump ruby/setup-ruby from 1.298.0 to 1.299.0 (#170)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump the bundler group across 1 directory with 4 updates
209cd7d 
Bumps the bundler group with 4 updates in the / directory: [oj](https://github.com/ohler55/oj), [fluent-plugin-concat](https://github.com/fluent-plugins-nursery/fluent-plugin-concat), [fluent-plugin-kafka](https://github.com/fluent/fluent-plugin-kafka) and [fluent-plugin-opensearch](https://github.com/fluent/fluent-plugin-opensearch).


Updates `oj` from 3.17.0 to 3.17.3
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](ohler55/oj@v3.17.0...v3.17.3)

Updates `fluent-plugin-concat` from 2.6.1 to 2.6.2
- [Changelog](https://github.com/fluent-plugins-nursery/fluent-plugin-concat/blob/master/NEWS.md)
- [Commits](fluent-plugins-nursery/fluent-plugin-concat@v2.6.1...v2.6.2)

Updates `fluent-plugin-kafka` from 0.19.6 to 0.19.7
- [Changelog](https://github.com/fluent/fluent-plugin-kafka/blob/master/ChangeLog)
- [Commits](fluent/fluent-plugin-kafka@v0.19.6...v0.19.7)

Updates `fluent-plugin-opensearch` from 1.1.5 to 1.1.6
- [Changelog](https://github.com/fluent/fluent-plugin-opensearch/blob/main/History.md)
- [Commits](fluent/fluent-plugin-opensearch@v1.1.5...v1.1.6)

---
updated-dependencies:
- dependency-name: oj
  dependency-version: 3.17.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bundler
- dependency-name: fluent-plugin-concat
  dependency-version: 2.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bundler
- dependency-name: fluent-plugin-kafka
  dependency-version: 0.19.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bundler
- dependency-name: fluent-plugin-opensearch
  dependency-version: 1.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jun 18, 2026
@github-actions

github-actions Bot commented Jun 18, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 20 package(s) with unknown licenses.
See the Details below.

License Issues

Dockerfile

PackageVersionLicenseIssue Type
aws-partitions1.1261.0NullUnknown License
concurrent-ruby1.3.7NullUnknown License
debian/libcom-err21.47.2-3+b11NullUnknown License
debian/libcurl4t648.14.1-2+deb13u3NullUnknown License
debian/libgcrypt201.11.0-7+deb13u1NullUnknown License
debian/libgnutls30t643.8.9-3+deb13u4NullUnknown License
debian/libgssapi-krb5-21.21.3-5+deb13u1NullUnknown License
debian/libk5crypto31.21.3-5+deb13u1NullUnknown License
debian/libkrb5-31.21.3-5+deb13u1NullUnknown License
debian/libkrb5support01.21.3-5+deb13u1NullUnknown License
debian/libxslt1.11.1.35-1.2+deb13u3NullUnknown License
debian/tini0.19.0-3+b7NullUnknown License
faraday2.14.3NullUnknown License
fluent-plugin-kafka0.19.7NullUnknown License
json2.19.9NullUnknown License

Gemfile.lock

PackageVersionLicenseIssue Type
aws-partitions1.1261.0NullUnknown License
concurrent-ruby1.3.7NullUnknown License
faraday2.14.3NullUnknown License
fluent-plugin-kafka0.19.7NullUnknown License
json2.19.9NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
unknown/aws-partitions 1.1261.0 UnknownUnknown
unknown/aws-sdk-core 3.252.0 🟢 6.6
Details
CheckScoreReason
Code-Review⚠️ 1Found 5/27 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 8SAST tool is not run on all commits -- score normalized to 8
Pinned-Dependencies🟢 10all dependencies are pinned
unknown/concurrent-ruby 1.3.7 UnknownUnknown
unknown/console 1.36.0 UnknownUnknown
unknown/debian/libcom-err2 1.47.2-3+b11 UnknownUnknown
unknown/debian/libcurl4t64 8.14.1-2+deb13u3 UnknownUnknown
unknown/debian/libgcrypt20 1.11.0-7+deb13u1 UnknownUnknown
unknown/debian/libgnutls30t64 3.8.9-3+deb13u4 UnknownUnknown
unknown/debian/libgssapi-krb5-2 1.21.3-5+deb13u1 UnknownUnknown
unknown/debian/libk5crypto3 1.21.3-5+deb13u1 UnknownUnknown
unknown/debian/libkrb5-3 1.21.3-5+deb13u1 UnknownUnknown
unknown/debian/libkrb5support0 1.21.3-5+deb13u1 UnknownUnknown
unknown/debian/libxslt1.1 1.1.35-1.2+deb13u3 UnknownUnknown
unknown/debian/tini 0.19.0-3+b7 UnknownUnknown
unknown/excon 1.5.0 🟢 5.8
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/28 approved changesets -- score normalized to 1
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
unknown/faraday 2.14.3 UnknownUnknown
unknown/faraday-excon 2.4.0 UnknownUnknown
unknown/faraday-net_http 3.4.4 🟢 3.5
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 3Found 9/27 approved changesets -- score normalized to 3
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Maintained🟢 45 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
unknown/fluent-plugin-concat 2.6.2 UnknownUnknown
unknown/fluent-plugin-kafka 0.19.7 🟢 5
Details
CheckScoreReason
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 8Found 17/19 approved changesets -- score normalized to 8
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
unknown/fluent-plugin-opensearch 1.1.6 UnknownUnknown
unknown/io-event 1.16.2 UnknownUnknown
unknown/io-stream 0.13.1 UnknownUnknown
unknown/json 2.19.9 UnknownUnknown
unknown/msgpack 1.8.3 🟢 4.5
Details
CheckScoreReason
Code-Review⚠️ 2Found 6/21 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1013 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
unknown/multi_json 1.21.1 UnknownUnknown
unknown/oj 3.17.3 🟢 4.9
Details
CheckScoreReason
Maintained🟢 1019 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 3Found 10/28 approved changesets -- score normalized to 3
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 4security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/aws-partitions 1.1261.0 🟢 6.6
Details
CheckScoreReason
Code-Review⚠️ 1Found 5/27 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 8SAST tool is not run on all commits -- score normalized to 8
Pinned-Dependencies🟢 10all dependencies are pinned
rubygems/aws-sdk-core 3.252.0 🟢 6.6
Details
CheckScoreReason
Code-Review⚠️ 1Found 5/27 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 8SAST tool is not run on all commits -- score normalized to 8
Pinned-Dependencies🟢 10all dependencies are pinned
rubygems/concurrent-ruby 1.3.7 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 3Found 8/24 approved changesets -- score normalized to 3
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/console 1.36.0 UnknownUnknown
rubygems/excon 1.5.0 🟢 5.8
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/28 approved changesets -- score normalized to 1
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/faraday 2.14.3 🟢 5.9
Details
CheckScoreReason
Code-Review🟢 4Found 11/26 approved changesets -- score normalized to 4
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Maintained🟢 57 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/faraday-excon 2.4.0 UnknownUnknown
rubygems/faraday-net_http 3.4.4 🟢 3.5
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 3Found 9/27 approved changesets -- score normalized to 3
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Maintained🟢 45 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/fluent-plugin-concat 2.6.2 UnknownUnknown
rubygems/fluent-plugin-kafka 0.19.7 🟢 5
Details
CheckScoreReason
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 8Found 17/19 approved changesets -- score normalized to 8
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/fluent-plugin-opensearch 1.1.6 UnknownUnknown
rubygems/io-event 1.16.2 UnknownUnknown
rubygems/io-stream 0.13.1 UnknownUnknown
rubygems/json 2.19.9 UnknownUnknown
rubygems/msgpack 1.8.3 🟢 4.5
Details
CheckScoreReason
Code-Review⚠️ 2Found 6/21 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1013 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
rubygems/multi_json 1.21.1 UnknownUnknown
rubygems/oj 3.17.3 🟢 4.9
Details
CheckScoreReason
Maintained🟢 1019 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 3Found 10/28 approved changesets -- score normalized to 3
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 4security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • Dockerfile
  • Gemfile.lock

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@stevehipwell stevehipwell

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stevehipwell