Grey Baker

icon company @pincites icon location New York icon location Building the future of contract review at @pincites. Previously @github, @dependabot and @gocardless.

Results 24 issues of Grey Baker

Suggestion / request: use Dependabot to keep dependencies up-to-date

## Detailed description First of all, thanks for GitScrum! I've got a suggestion / request: would you be up for using [Dependabot](https://dependabot.com) to automatically create dependency update PRs for this...

URLs in release notes are broken

2 comment

Looks like all of the URLs in your release notes are broken - see https://github.com/sudo-suhas/elastic-builder/releases and any of the URLs under `Features` for v2.3.0.

[Security] Bump rack from 1.6.10 to 1.6.11

Bumps [rack](https://github.com/rack/rack) from 1.6.10 to 1.6.11. **This update includes security fixes.** Vulnerabilities fixed *Sourced from The Ruby Advisory Database.* > **Possible XSS vulnerability in Rack** > There is a possible...

[Security] Bump nokogiri from 1.8.4 to 1.8.5

1 comment

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.8.4 to 1.8.5. **This update includes security fixes.** Vulnerabilities fixed *Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml).* > **Nokogiri gem, via libxml2, is affected by multiple vulnerabilities** >...

[Security] Bump ffi from 1.9.14 to 1.9.25

Bumps [ffi](https://github.com/ffi/ffi) from 1.9.14 to 1.9.25. **This update includes security fixes.** Vulnerabilities fixed *Sourced from The GitHub Vulnerability Alert Database.* > **CVE-2018-1000201** > See https://nvd.nist.gov/vuln/detail/CVE-2018-1000201. > > Affected versions: <...

[Security] Bump rubyzip from 1.2.1 to 1.2.2

1 comment

Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 1.2.1 to 1.2.2. **This update includes security fixes.** Vulnerabilities fixed *Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubyzip/CVE-2018-1000544.yml).* > **Directory Traversal in rubyzip** > rubyzip version 1.2.1 and earlier...

Add SemVer compatibility badge to README

Adds a SemVer compatibility badge that displays the percentage of CI runs that pass when updating `uglifier` between SemVer compatible versions. Data comes from Dependabot (disclosure: I built it). Here's...

[Security] Bump nokogiri from 1.8.4 to 1.8.5

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.8.4 to 1.8.5. **This update includes security fixes.** Vulnerabilities fixed *Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml).* > **Nokogiri gem, via libxml2, is affected by multiple vulnerabilities** >...

Bump capybara from 3.7.0 to 3.8.2

Bumps [capybara](https://github.com/teamcapybara/capybara) from 3.7.0 to 3.8.2. Changelog *Sourced from [capybara's changelog](https://github.com/teamcapybara/capybara/blob/master/History.md).* > # Version 3.8.2 > Release date: 2018-09-26 > > ### Fixed > > * Fixed negated class selector...

Suggestion / request - use Dependabot to keep dependencies up-to-date

First of all, thanks for Zipsell! I've got a suggestion / request: would you be up for using [Dependabot](https://dependabot.com) to automatically create dependency update PRs for this repo? I ran...