{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":39528049,"defaultBranch":"main","name":"best-practices-badge","ownerLogin":"coreinfrastructure","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2015-07-22T20:14:25.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/29407097?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1717781814.0","currentOid":""},"activityList":{"items":[{"before":"f4ba577fd6554e32e67ded78ad99842e72aaa52c","after":"a8480948da6df0c37e52956b72d403cdc3bd40fe","ref":"refs/heads/production","pushedAt":"2024-06-07T18:32:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Run \"bundle update\" on 2024-06-05 (#2144)\n\nThis addresses CVE-2024-28103 in actionpack.\r\nThis particular CVE is almost certainly not exploitable in our case,\r\nas we don't directly depend on Permissions-Policy for security.\r\nWe use it, but only as a secondary additional defense.\r\nHowever, we generally apply security updates unless there's a reason\r\nto avoid it (as long as tests pass), in case our analysis is wrong.\r\nThis completes:\r\nhttps://github.com/coreinfrastructure/best-practices-badge/security/dependabot/62\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Run \"bundle update\" on 2024-06-05 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2336497266\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2144\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2144/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2144\">#2144</a>)"}},{"before":"f4ba577fd6554e32e67ded78ad99842e72aaa52c","after":"a8480948da6df0c37e52956b72d403cdc3bd40fe","ref":"refs/heads/staging","pushedAt":"2024-06-07T17:45:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Run \"bundle update\" on 2024-06-05 (#2144)\n\nThis addresses CVE-2024-28103 in actionpack.\r\nThis particular CVE is almost certainly not exploitable in our case,\r\nas we don't directly depend on Permissions-Policy for security.\r\nWe use it, but only as a secondary additional defense.\r\nHowever, we generally apply security updates unless there's a reason\r\nto avoid it (as long as tests pass), in case our analysis is wrong.\r\nThis completes:\r\nhttps://github.com/coreinfrastructure/best-practices-badge/security/dependabot/62\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Run \"bundle update\" on 2024-06-05 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2336497266\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2144\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2144/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2144\">#2144</a>)"}},{"before":null,"after":"1ea45664d2f84e8e666c4279813e68be95880c5c","ref":"refs/heads/document_website_admin","pushedAt":"2024-06-07T17:36:54.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Document web application admin\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Document web application admin"}},{"before":"f4ba577fd6554e32e67ded78ad99842e72aaa52c","after":"a8480948da6df0c37e52956b72d403cdc3bd40fe","ref":"refs/heads/main","pushedAt":"2024-06-07T17:02:03.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Run \"bundle update\" on 2024-06-05 (#2144)\n\nThis addresses CVE-2024-28103 in actionpack.\r\nThis particular CVE is almost certainly not exploitable in our case,\r\nas we don't directly depend on Permissions-Policy for security.\r\nWe use it, but only as a secondary additional defense.\r\nHowever, we generally apply security updates unless there's a reason\r\nto avoid it (as long as tests pass), in case our analysis is wrong.\r\nThis completes:\r\nhttps://github.com/coreinfrastructure/best-practices-badge/security/dependabot/62\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Run \"bundle update\" on 2024-06-05 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2336497266\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2144\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2144/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2144\">#2144</a>)"}},{"before":null,"after":"ea2c0cc16f9db921975354737d6a393d876d5a17","ref":"refs/heads/bundle_updated_2024_06_05","pushedAt":"2024-06-05T17:53:49.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Run \"bundle update\" on 2024-06-05\n\nThis addresses CVE-2024-28103 in actionpack.\nThis particular CVE is almost certainly not exploitable in our case,\nas we don't directly depend on Permissions-Policy for security.\nWe use it, but only as a secondary additional defense.\nHowever, we generally apply security updates unless there's a reason\nto avoid it (as long as tests pass), in case our analysis is wrong.\nThis completes:\nhttps://github.com/coreinfrastructure/best-practices-badge/security/dependabot/62\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Run \"bundle update\" on 2024-06-05"}},{"before":"4abf01619597186db180aa31c031584292a02251","after":"f4ba577fd6554e32e67ded78ad99842e72aaa52c","ref":"refs/heads/production","pushedAt":"2024-06-05T17:46:04.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Run \"bundle update\" (#2143)\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Run \"bundle update\" (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2329444697\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2143\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2143/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2143\">#2143</a>)"}},{"before":"4abf01619597186db180aa31c031584292a02251","after":"f4ba577fd6554e32e67ded78ad99842e72aaa52c","ref":"refs/heads/staging","pushedAt":"2024-06-02T16:28:36.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Run \"bundle update\" (#2143)\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Run \"bundle update\" (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2329444697\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2143\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2143/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2143\">#2143</a>)"}},{"before":"daeaaaed3a59e9a0c8f746f2e3260a1abf164a34","after":null,"ref":"refs/heads/bundle_update_2024_06_01","pushedAt":"2024-06-02T03:29:56.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"}},{"before":"fcd4e68fb231156ce46d9f0c140808fae1d5ddb9","after":"f4ba577fd6554e32e67ded78ad99842e72aaa52c","ref":"refs/heads/main","pushedAt":"2024-06-02T03:29:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Run \"bundle update\" (#2143)\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Run \"bundle update\" (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2329444697\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2143\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2143/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2143\">#2143</a>)"}},{"before":null,"after":"daeaaaed3a59e9a0c8f746f2e3260a1abf164a34","ref":"refs/heads/bundle_update_2024_06_01","pushedAt":"2024-06-02T03:20:21.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Run \"bundle update\"\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Run \"bundle update\""}},{"before":"902286a0520d356f8bed8ed374f7455c63db6a16","after":null,"ref":"refs/heads/translation-2024-06-01","pushedAt":"2024-06-01T19:59:06.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"}},{"before":"4abf01619597186db180aa31c031584292a02251","after":"fcd4e68fb231156ce46d9f0c140808fae1d5ddb9","ref":"refs/heads/main","pushedAt":"2024-06-01T19:59:03.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Translations for 2024-06-01 (#2142)\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Translations for 2024-06-01 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2329268448\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2142\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2142/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2142\">#2142</a>)"}},{"before":null,"after":"902286a0520d356f8bed8ed374f7455c63db6a16","ref":"refs/heads/translation-2024-06-01","pushedAt":"2024-06-01T18:03:53.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Translations for 2024-06-01\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Translations for 2024-06-01"}},{"before":"8f38ef9167997e881a823e81dacdfe8dd69e72bb","after":"4abf01619597186db180aa31c031584292a02251","ref":"refs/heads/production","pushedAt":"2024-05-30T13:58:52.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Rate limit activation email (#2137)\n\n* Rate limit requests for the activation email\r\n\r\nSome users are requesting a huge number of activation emails.\r\nThis may indicate misuse of the system.\r\nSeverely rate limit these requests, so we can't be more than a mild nuisance.\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* bundle update rexml\r\n\r\nAddresses the following report:\r\n\r\n~~~~yml\r\nName: rexml\r\nVersion: 3.2.6\r\nCVE: CVE-2024-35176\r\nGHSA: GHSA-vg3r-rm7w-2xgh\r\nCriticality: Medium\r\nURL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh\r\nTitle: REXML contains a denial of service vulnerability\r\nSolution: upgrade to '>= 3.2.7'\r\n~~~~\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Fix tests to match\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Log when activation emails are requested too soon\r\n\r\nLog when a user tries to re-log into an account that isn't\r\nactivated, triggering an activation email request, but that\r\nrequest is too soon. That way, we can easily see when the\r\nrate limiting for activation emails is being used.\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Override codespell for socioeconomic\r\n\r\nThe normal code of conduct doesn't use a hyphen in\r\n\"socio-economic\" (it isn't really required, in spite of what\r\ncodespell says).\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Modify codespell configuration\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Tell codespell to ignore more words for spelling\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Modify account activation test\r\n\r\nModify the account activation test. We now have several cases,\r\nincluding \"does not send activation email\" and \"does send\r\nactivation email\", make sure both paths are used.\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n---------\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Rate limit activation email (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2323541584\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2137\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2137/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2137\">#2137</a>)"}},{"before":"8f38ef9167997e881a823e81dacdfe8dd69e72bb","after":"4abf01619597186db180aa31c031584292a02251","ref":"refs/heads/staging","pushedAt":"2024-05-29T20:31:10.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Rate limit activation email (#2137)\n\n* Rate limit requests for the activation email\r\n\r\nSome users are requesting a huge number of activation emails.\r\nThis may indicate misuse of the system.\r\nSeverely rate limit these requests, so we can't be more than a mild nuisance.\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* bundle update rexml\r\n\r\nAddresses the following report:\r\n\r\n~~~~yml\r\nName: rexml\r\nVersion: 3.2.6\r\nCVE: CVE-2024-35176\r\nGHSA: GHSA-vg3r-rm7w-2xgh\r\nCriticality: Medium\r\nURL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh\r\nTitle: REXML contains a denial of service vulnerability\r\nSolution: upgrade to '>= 3.2.7'\r\n~~~~\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Fix tests to match\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Log when activation emails are requested too soon\r\n\r\nLog when a user tries to re-log into an account that isn't\r\nactivated, triggering an activation email request, but that\r\nrequest is too soon. That way, we can easily see when the\r\nrate limiting for activation emails is being used.\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Override codespell for socioeconomic\r\n\r\nThe normal code of conduct doesn't use a hyphen in\r\n\"socio-economic\" (it isn't really required, in spite of what\r\ncodespell says).\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Modify codespell configuration\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Tell codespell to ignore more words for spelling\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Modify account activation test\r\n\r\nModify the account activation test. We now have several cases,\r\nincluding \"does not send activation email\" and \"does send\r\nactivation email\", make sure both paths are used.\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n---------\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Rate limit activation email (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2323541584\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2137\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2137/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2137\">#2137</a>)"}},{"before":"fb2f2d0c8cba32cf0d8bffe6699706370a99b9ba","after":null,"ref":"refs/heads/rate_limit_activation_email","pushedAt":"2024-05-29T20:29:41.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"}},{"before":"a2e3ec2168c3d3094f8dccbf6b1f10a2c77ddaed","after":"4abf01619597186db180aa31c031584292a02251","ref":"refs/heads/main","pushedAt":"2024-05-29T20:29:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Rate limit activation email (#2137)\n\n* Rate limit requests for the activation email\r\n\r\nSome users are requesting a huge number of activation emails.\r\nThis may indicate misuse of the system.\r\nSeverely rate limit these requests, so we can't be more than a mild nuisance.\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* bundle update rexml\r\n\r\nAddresses the following report:\r\n\r\n~~~~yml\r\nName: rexml\r\nVersion: 3.2.6\r\nCVE: CVE-2024-35176\r\nGHSA: GHSA-vg3r-rm7w-2xgh\r\nCriticality: Medium\r\nURL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh\r\nTitle: REXML contains a denial of service vulnerability\r\nSolution: upgrade to '>= 3.2.7'\r\n~~~~\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Fix tests to match\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Log when activation emails are requested too soon\r\n\r\nLog when a user tries to re-log into an account that isn't\r\nactivated, triggering an activation email request, but that\r\nrequest is too soon. That way, we can easily see when the\r\nrate limiting for activation emails is being used.\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Override codespell for socioeconomic\r\n\r\nThe normal code of conduct doesn't use a hyphen in\r\n\"socio-economic\" (it isn't really required, in spite of what\r\ncodespell says).\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Modify codespell configuration\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Tell codespell to ignore more words for spelling\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n* Modify account activation test\r\n\r\nModify the account activation test. We now have several cases,\r\nincluding \"does not send activation email\" and \"does send\r\nactivation email\", make sure both paths are used.\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>\r\n\r\n---------\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Rate limit activation email (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2323541584\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2137\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2137/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2137\">#2137</a>)"}},{"before":"1894e0dbad7c00fbf95a03b5dac8f8c8cd632e2b","after":"fb2f2d0c8cba32cf0d8bffe6699706370a99b9ba","ref":"refs/heads/rate_limit_activation_email","pushedAt":"2024-05-29T19:57:39.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Modify account activation test\n\nModify the account activation test. We now have several cases,\nincluding \"does not send activation email\" and \"does send\nactivation email\", make sure both paths are used.\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Modify account activation test"}},{"before":"a00c4b58318650b2922fa8fc0a6fde5bf2b377a0","after":"1894e0dbad7c00fbf95a03b5dac8f8c8cd632e2b","ref":"refs/heads/rate_limit_activation_email","pushedAt":"2024-05-29T19:27:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Tell codespell to ignore more words for spelling\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Tell codespell to ignore more words for spelling"}},{"before":"981927151c828bc9647cd3b7846ed1a738d520e2","after":"a00c4b58318650b2922fa8fc0a6fde5bf2b377a0","ref":"refs/heads/rate_limit_activation_email","pushedAt":"2024-05-29T16:31:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Modify codespell configuration\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Modify codespell configuration"}},{"before":"f7608901f6f06757c5790ba93053e5b00e03ebda","after":"981927151c828bc9647cd3b7846ed1a738d520e2","ref":"refs/heads/rate_limit_activation_email","pushedAt":"2024-05-29T16:08:21.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Override codespell for socioeconomic\n\nThe normal code of conduct doesn't use a hyphen in\n\"socio-economic\" (it isn't really required, in spite of what\ncodespell says).\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Override codespell for socioeconomic"}},{"before":"64124fef36127c688cff509974997f06d930bcd3","after":"f7608901f6f06757c5790ba93053e5b00e03ebda","ref":"refs/heads/rate_limit_activation_email","pushedAt":"2024-05-29T15:17:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Log when activation emails are requested too soon\n\nLog when a user tries to re-log into an account that isn't\nactivated, triggering an activation email request, but that\nrequest is too soon. That way, we can easily see when the\nrate limiting for activation emails is being used.\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Log when activation emails are requested too soon"}},{"before":null,"after":"64124fef36127c688cff509974997f06d930bcd3","ref":"refs/heads/rate_limit_activation_email","pushedAt":"2024-05-29T14:54:50.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Fix tests to match\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Fix tests to match"}},{"before":null,"after":"c3671e3e17d669b3babf18ae1752475f3ae4f0a8","ref":"refs/heads/update_scorecard_badge_reference","pushedAt":"2024-05-14T22:33:35.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Update URL for Scorecard badge\n\nUpdate the OpenSSF Scorecard badge URLs.\n\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Update URL for Scorecard badge"}},{"before":"5d695557418e05128a42d743eb5b965c3e7fb6b6","after":null,"ref":"refs/heads/add-scorecard-action","pushedAt":"2024-05-14T22:16:26.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"}},{"before":"8f38ef9167997e881a823e81dacdfe8dd69e72bb","after":"a2e3ec2168c3d3094f8dccbf6b1f10a2c77ddaed","ref":"refs/heads/main","pushedAt":"2024-05-14T22:16:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Create scorecard.yml (#2135)\n\nThis enables scorecard execution internally. See:\r\nhttps://github.com/marketplace/actions/ossf-scorecard-action","shortMessageHtmlLink":"Create scorecard.yml (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2296479513\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2135\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2135/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2135\">#2135</a>)"}},{"before":null,"after":"5d695557418e05128a42d743eb5b965c3e7fb6b6","ref":"refs/heads/add-scorecard-action","pushedAt":"2024-05-14T21:59:43.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Create scorecard.yml\n\nThis enables scorecard execution internally. See:\r\nhttps://github.com/marketplace/actions/ossf-scorecard-action","shortMessageHtmlLink":"Create scorecard.yml"}},{"before":"c43f0f182abc6990f6b1556ff930a407e22317da","after":"8f38ef9167997e881a823e81dacdfe8dd69e72bb","ref":"refs/heads/production","pushedAt":"2024-05-14T16:11:59.000Z","pushType":"push","commitsCount":9,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Update nokogiri to version 1.16.5 (#2134)\n\nThis updates its packaged libxml2 to v2.12.7\r\nto resolve what we believe are false claims that we are\r\nvulnerable to CVE-2024-34459.\r\n\r\nThis is *NOT* believed to be a vulnerability in our\r\nsoftware. Nokogiri does not provide or expose the\r\ncode that is vulnerable (which is in xmllint).\r\nStill, updating nokogiri will get rid of a false negative,\r\nmaking it easier for us to detect real problems later.\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Update nokogiri to version 1.16.5 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2294051314\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2134\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2134/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2134\">#2134</a>)"}},{"before":"69afb7fb06e298951e4d5b579d795930dcf4e5af","after":"8f38ef9167997e881a823e81dacdfe8dd69e72bb","ref":"refs/heads/staging","pushedAt":"2024-05-14T15:42:34.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"},"commit":{"message":"Update nokogiri to version 1.16.5 (#2134)\n\nThis updates its packaged libxml2 to v2.12.7\r\nto resolve what we believe are false claims that we are\r\nvulnerable to CVE-2024-34459.\r\n\r\nThis is *NOT* believed to be a vulnerability in our\r\nsoftware. Nokogiri does not provide or expose the\r\ncode that is vulnerable (which is in xmllint).\r\nStill, updating nokogiri will get rid of a false negative,\r\nmaking it easier for us to detect real problems later.\r\n\r\nSigned-off-by: David A. Wheeler <dwheeler@dwheeler.com>","shortMessageHtmlLink":"Update nokogiri to version 1.16.5 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2294051314\" data-permission-text=\"Title is private\" data-url=\"https://github.com/coreinfrastructure/best-practices-badge/issues/2134\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/coreinfrastructure/best-practices-badge/pull/2134/hovercard\" href=\"https://github.com/coreinfrastructure/best-practices-badge/pull/2134\">#2134</a>)"}},{"before":"1e62232822a3710272eb18e85154453b57562815","after":null,"ref":"refs/heads/nokogiri_1_16_5","pushedAt":"2024-05-14T01:10:11.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"david-a-wheeler","name":"David A. Wheeler","path":"/david-a-wheeler","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/813150?s=80&v=4"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEX4BxsAA","startCursor":null,"endCursor":null}},"title":"Activity · coreinfrastructure/best-practices-badge"}