chore(deps): bump the bundler group across 2 directories with 1 update

[dependabot]

Bumps the bundler group with 1 update in the /logs-concentrator directory: fluentd.
Bumps the bundler group with 1 update in the /logs-dispatcher directory: fluentd.

Updates fluentd from 1.18.0 to 1.19.0

Release notes

Sourced from fluentd's releases.

Fluentd v1.19.0

Full Changelog: fluent/fluentd@v1.18.0...v1.19.0

Enhancement

New features:

• #4657 Add zstd compression support
  • Buffer: add zstd to compress option.
  • out_file: add zstd to compress option.
  • out_forward: add zstd to compress option.
  • in_forward: support zstd format. (Experimental)
• #4986 buffer: add feature to evacuate chunk files when retry limit
• #4859 out_http: TLS1.3 support
• #5036 out_stdout: support output to STDOUT independently of Fluentd logger by setting use_logger to false
• #4904 out_file: add symlink_path_use_relative option to use relative path instead of absolute path in symlink_path
• #5008 System configuration: Add forced_stacktrace_level to force the log level of stacktraces.
• #4893 System configuration: support built-in config files

Metrics:

• #4966 metrics: enable input metrics by default
• #4980 in_tail: add "tracked_file_count" metrics to see how many log files are being tracked
• #4971 output: add metrics for number of writing events in secondary
• #4981 output: add metrics for dropped oldest chunk count

Others:

• #5003 in_forward: enable skip_invalid_event by default not to process broken data
• #4998 buf_file: reinforce buffer file corruption check
• #4866 in_http: allow empty Origin header requests to pass CORS checks
• #4865 in_tail: add warning for directory permission
• #4858 Add logging for errors about loading dependencies on startup
• Performance improvements
  • #4759 #4760 #4763 #4764 #4769 #4813 #4817 #4835 #4845 #4881 #4884 #4886 #4930 #4931 #4932 #4933 #4934 #4995

Bug Fix

• #5010 in_tail: fixed where specifying only encoding parameter might cause data corruption (affects since v0.14.12).
• #4864 formatter_csv: fix memory leak
• #5026 server plugin helper: ensure to close all connections at shutdown
• #4836 Fixed a bug where the default umask was not set to 0 when using --daemon (td-agent, fluent-package) since v1.14.6.
• #4836 --umask command line option: Fixed so that it is applied when Fluentd runs with --daemon (fluent-package) as well as when Fluentd runs with --no-supervisor.
• #4909 Windows: Stop the service when the supervisor is dead
• #4782 Windows: Fixed an issue where stopping the service immediately after startup could leave the processes.
• #4782 Windows: Fixed an issue where stopping service sometimes can not be completed forever.

Misc

• #4962 in_monitor_agent: stop using CGI.parse due to support Ruby 3.5

... (truncated)

Changelog

Sourced from fluentd's changelog.

Release v1.19.0 - 2025/07/30

Enhancement

New features:

• Add zstd compression support fluent/fluentd#4657
  • Buffer: add zstd to compress option.
  • out_file: add zstd to compress option.
  • out_forward: add zstd to compress option. (Experimental)
  • in_forward: support zstd format.
• buffer: add feature to evacuate chunk files when retry limit fluent/fluentd#4986
• out_http: TLS1.3 support fluent/fluentd#4859
• out_stdout: support output to STDOUT independently of Fluentd logger by setting use_logger to false fluent/fluentd#5036
• out_file: add symlink_path_use_relative option to use relative path instead of absolute path in symlink_path fluent/fluentd#4904
• System configuration: Add forced_stacktrace_level to force the log level of stacktraces. fluent/fluentd#5008
• System configuration: support built-in config files fluent/fluentd#4893

Metrics:

• metrics: enable input metrics by default fluent/fluentd#4966
• in_tail: add "tracked_file_count" metrics to see how many log files are being tracked fluent/fluentd#4980
• output: add metrics for number of writing events in secondary fluent/fluentd#4971
• output: add metrics for dropped oldest chunk count fluent/fluentd#4981

Others:

• in_forward: enable skip_invalid_event by default not to process broken data fluent/fluentd#5003
• buf_file: reinforce buffer file corruption check fluent/fluentd#4998
• in_http: allow empty Origin header requests to pass CORS checks fluent/fluentd#4866
• in_tail: add warning for directory permission fluent/fluentd#4865
• Add logging for errors about loading dependencies on startup fluent/fluentd#4858
• Performance improvements
  • fluent/fluentd#4759 fluent/fluentd#4760

... (truncated)

Commits

• ed15edc v1.19.0
• 420e166 gemspec: fix io-event and io-stream version to avoid unstable behavior on Win...
• 1f64300 out_stdout: support output to $stdout independently of logger (#5036)
• 6ce90f9 in_http: replace WEBrick::HTTPUtils.parse_query with URI (#4900)
• d4fd43b logger: force_stacktrace_level was not applied to PluginLogger (#5038)
• 56ba858 README: remove Code Climate badge as the service has ended (#5035)
• cefbc62 build(deps): bump ruby/setup-ruby from 1.245.0 to 1.247.0 (#5031)
• 6797027 build(deps): bump github/codeql-action from 3.29.2 to 3.29.3 (#5030)
• f6f002e rubocop: use plugin scope logger (#5028)
• 11e69f2 server plugin helper: ensure to close all connections at shutdown (#5026)
• Additional commits viewable in compare view

Updates fluentd from 1.18.0 to 1.19.0

Release notes

Sourced from fluentd's releases.

Fluentd v1.19.0

Full Changelog: fluent/fluentd@v1.18.0...v1.19.0

Enhancement

New features:

• #4657 Add zstd compression support
  • Buffer: add zstd to compress option.
  • out_file: add zstd to compress option.
  • out_forward: add zstd to compress option.
  • in_forward: support zstd format. (Experimental)
• #4986 buffer: add feature to evacuate chunk files when retry limit
• #4859 out_http: TLS1.3 support
• #5036 out_stdout: support output to STDOUT independently of Fluentd logger by setting use_logger to false
• #4904 out_file: add symlink_path_use_relative option to use relative path instead of absolute path in symlink_path
• #5008 System configuration: Add forced_stacktrace_level to force the log level of stacktraces.
• #4893 System configuration: support built-in config files

Metrics:

• #4966 metrics: enable input metrics by default
• #4980 in_tail: add "tracked_file_count" metrics to see how many log files are being tracked
• #4971 output: add metrics for number of writing events in secondary
• #4981 output: add metrics for dropped oldest chunk count

Others:

• #5003 in_forward: enable skip_invalid_event by default not to process broken data
• #4998 buf_file: reinforce buffer file corruption check
• #4866 in_http: allow empty Origin header requests to pass CORS checks
• #4865 in_tail: add warning for directory permission
• #4858 Add logging for errors about loading dependencies on startup
• Performance improvements
  • #4759 #4760 #4763 #4764 #4769 #4813 #4817 #4835 #4845 #4881 #4884 #4886 #4930 #4931 #4932 #4933 #4934 #4995

Bug Fix

• #5010 in_tail: fixed where specifying only encoding parameter might cause data corruption (affects since v0.14.12).
• #4864 formatter_csv: fix memory leak
• #5026 server plugin helper: ensure to close all connections at shutdown
• #4836 Fixed a bug where the default umask was not set to 0 when using --daemon (td-agent, fluent-package) since v1.14.6.
• #4836 --umask command line option: Fixed so that it is applied when Fluentd runs with --daemon (fluent-package) as well as when Fluentd runs with --no-supervisor.
• #4909 Windows: Stop the service when the supervisor is dead
• #4782 Windows: Fixed an issue where stopping the service immediately after startup could leave the processes.
• #4782 Windows: Fixed an issue where stopping service sometimes can not be completed forever.

Misc

• #4962 in_monitor_agent: stop using CGI.parse due to support Ruby 3.5

... (truncated)

Changelog

Sourced from fluentd's changelog.

Release v1.19.0 - 2025/07/30

Enhancement

New features:

• Add zstd compression support fluent/fluentd#4657
  • Buffer: add zstd to compress option.
  • out_file: add zstd to compress option.
  • out_forward: add zstd to compress option. (Experimental)
  • in_forward: support zstd format.
• buffer: add feature to evacuate chunk files when retry limit fluent/fluentd#4986
• out_http: TLS1.3 support fluent/fluentd#4859
• out_stdout: support output to STDOUT independently of Fluentd logger by setting use_logger to false fluent/fluentd#5036
• out_file: add symlink_path_use_relative option to use relative path instead of absolute path in symlink_path fluent/fluentd#4904
• System configuration: Add forced_stacktrace_level to force the log level of stacktraces. fluent/fluentd#5008
• System configuration: support built-in config files fluent/fluentd#4893

Metrics:

• metrics: enable input metrics by default fluent/fluentd#4966
• in_tail: add "tracked_file_count" metrics to see how many log files are being tracked fluent/fluentd#4980
• output: add metrics for number of writing events in secondary fluent/fluentd#4971
• output: add metrics for dropped oldest chunk count fluent/fluentd#4981

Others:

• in_forward: enable skip_invalid_event by default not to process broken data fluent/fluentd#5003
• buf_file: reinforce buffer file corruption check fluent/fluentd#4998
• in_http: allow empty Origin header requests to pass CORS checks fluent/fluentd#4866
• in_tail: add warning for directory permission fluent/fluentd#4865
• Add logging for errors about loading dependencies on startup fluent/fluentd#4858
• Performance improvements
  • fluent/fluentd#4759 fluent/fluentd#4760

... (truncated)

Commits

• ed15edc v1.19.0
• 420e166 gemspec: fix io-event and io-stream version to avoid unstable behavior on Win...
• 1f64300 out_stdout: support output to $stdout independently of logger (#5036)
• 6ce90f9 in_http: replace WEBrick::HTTPUtils.parse_query with URI (#4900)
• d4fd43b logger: force_stacktrace_level was not applied to PluginLogger (#5038)
• 56ba858 README: remove Code Climate badge as the service has ended (#5035)
• cefbc62 build(deps): bump ruby/setup-ruby from 1.245.0 to 1.247.0 (#5031)
• 6797027 build(deps): bump github/codeql-action from 3.29.2 to 3.29.3 (#5030)
• f6f002e rubocop: use plugin scope logger (#5028)
• 11e69f2 server plugin helper: ensure to close all connections at shutdown (#5026)
• Additional commits viewable in compare view

Updates fluentd from 1.18.0 to 1.19.0

Release notes

Sourced from fluentd's releases.

Fluentd v1.19.0

Full Changelog: fluent/fluentd@v1.18.0...v1.19.0

Enhancement

New features:

• #4657 Add zstd compression support
  • Buffer: add zstd to compress option.
  • out_file: add zstd to compress option.
  • out_forward: add zstd to compress option.
  • in_forward: support zstd format. (Experimental)
• #4986 buffer: add feature to evacuate chunk files when retry limit
• #4859 out_http: TLS1.3 support
• #5036 out_stdout: support output to STDOUT independently of Fluentd logger by setting use_logger to false
• #4904 out_file: add symlink_path_use_relative option to use relative path instead of absolute path in symlink_path
• #5008 System configuration: Add forced_stacktrace_level to force the log level of stacktraces.
• #4893 System configuration: support built-in config files

Metrics:

• #4966 metrics: enable input metrics by default
• #4980 in_tail: add "tracked_file_count" metrics to see how many log files are being tracked
• #4971 output: add metrics for number of writing events in secondary
• #4981 output: add metrics for dropped oldest chunk count

Others:

• #5003 in_forward: enable skip_invalid_event by default not to process broken data
• #4998 buf_file: reinforce buffer file corruption check
• #4866 in_http: allow empty Origin header requests to pass CORS checks
• #4865 in_tail: add warning for directory permission
• #4858 Add logging for errors about loading dependencies on startup
• Performance improvements
  • #4759 #4760 #4763 #4764 #4769 #4813 #4817 #4835 #4845 #4881 #4884 #4886 #4930 #4931 #4932 #4933 #4934 #4995

Bug Fix

• #5010 in_tail: fixed where specifying only encoding parameter might cause data corruption (affects since v0.14.12).
• #4864 formatter_csv: fix memory leak
• #5026 server plugin helper: ensure to close all connections at shutdown
• #4836 Fixed a bug where the default umask was not set to 0 when using --daemon (td-agent, fluent-package) since v1.14.6.
• #4836 --umask command line option: Fixed so that it is applied when Fluentd runs with --daemon (fluent-package) as well as when Fluentd runs with --no-supervisor.
• #4909 Windows: Stop the service when the supervisor is dead
• #4782 Windows: Fixed an issue where stopping the service immediately after startup could leave the processes.
• #4782 Windows: Fixed an issue where stopping service sometimes can not be completed forever.

Misc

• #4962 in_monitor_agent: stop using CGI.parse due to support Ruby 3.5

... (truncated)

Changelog

Sourced from fluentd's changelog.

Release v1.19.0 - 2025/07/30

Enhancement

New features:

• Add zstd compression support fluent/fluentd#4657
  • Buffer: add zstd to compress option.
  • out_file: add zstd to compress option.
  • out_forward: add zstd to compress option. (Experimental)
  • in_forward: support zstd format.
• buffer: add feature to evacuate chunk files when retry limit fluent/fluentd#4986
• out_http: TLS1.3 support fluent/fluentd#4859
• out_stdout: support output to STDOUT independently of Fluentd logger by setting use_logger to false fluent/fluentd#5036
• out_file: add symlink_path_use_relative option to use relative path instead of absolute path in symlink_path fluent/fluentd#4904
• System configuration: Add forced_stacktrace_level to force the log level of stacktraces. fluent/fluentd#5008
• System configuration: support built-in config files fluent/fluentd#4893

Metrics:

• metrics: enable input metrics by default fluent/fluentd#4966
• in_tail: add "tracked_file_count" metrics to see how many log files are being tracked fluent/fluentd#4980
• output: add metrics for number of writing events in secondary fluent/fluentd#4971
• output: add metrics for dropped oldest chunk count fluent/fluentd#4981

Others:

• in_forward: enable skip_invalid_event by default not to process broken data fluent/fluentd#5003
• buf_file: reinforce buffer file corruption check fluent/fluentd#4998
• in_http: allow empty Origin header requests to pass CORS checks fluent/fluentd#4866
• in_tail: add warning for directory permission fluent/fluentd#4865
• Add logging for errors about loading dependencies on startup fluent/fluentd#4858
• Performance improvements
  • fluent/fluentd#4759 fluent/fluentd#4760

... (truncated)

Commits

• ed15edc v1.19.0
• 420e166 gemspec: fix io-event and io-stream version to avoid unstable behavior on Win...
• 1f64300 out_stdout: support output to $stdout independently of logger (#5036)
• 6ce90f9 in_http: replace WEBrick::HTTPUtils.parse_query with URI (#4900)
• d4fd43b logger: force_stacktrace_level was not applied to PluginLogger (#5038)
• 56ba858 README: remove Code Climate badge as the service has ended (#5035)
• cefbc62 build(deps): bump ruby/setup-ruby from 1.245.0 to 1.247.0 (#5031)
• 6797027 build(deps): bump github/codeql-action from 3.29.2 to 3.29.3 (#5030)
• f6f002e rubocop: use plugin scope logger (#5028)
• 11e69f2 server plugin helper: ensure to close all connections at shutdown (#5026)
• Additional commits viewable in compare view

Updates fluentd from 1.18.0 to 1.19.0

Release notes

Sourced from fluentd's releases.

Fluentd v1.19.0

Full Changelog: fluent/fluentd@v1.18.0...v1.19.0

Enhancement

New features:

• #4657 Add zstd compression support
  • Buffer: add zstd to compress option.
  • out_file: add zstd to compress option.
  • out_forward: add zstd to compress option.
  • in_forward: support zstd format. (Experimental)
• #4986 buffer: add feature to evacuate chunk files when retry limit
• #4859 out_http: TLS1.3 support
• #5036 out_stdout: support output to STDOUT independently of Fluentd logger by setting use_logger to false
• #4904 out_file: add symlink_path_use_relative option to use relative path instead of absolute path in symlink_path
• #5008 System configuration: Add forced_stacktrace_level to force the log level of stacktraces.
• #4893 System configuration: support built-in config files

Metrics:

• #4966 metrics: enable input metrics by default
• #4980 in_tail: add "tracked_file_count" metrics to see how many log files are being tracked
• #4971 output: add metrics for number of writing events in secondary
• #4981 output: add metrics for dropped oldest chunk count

Others:

• #5003 in_forward: enable skip_invalid_event by default not to process broken data
• #4998 buf_file: reinforce buffer file corruption check
• #4866 in_http: allow empty Origin header requests to pass CORS checks
• #4865 in_tail: add warning for directory permission
• #4858 Add logging for errors about loading dependencies on startup
• Performance improvements
  • #4759 #4760 #4763 #4764 #4769 #4813 #4817 #4835 #4845 #4881 #4884 #4886 #4930 #4931 #4932 #4933 #4934 #4995

Bug Fix

• #5010 in_tail: fixed where specifying only encoding parameter might cause data corruption (affects since v0.14.12).
• #4864 formatter_csv: fix memory leak
• #5026 server plugin helper: ensure to close all connections at shutdown
• #4836 Fixed a bug where the default umask was not set to 0 when using --daemon (td-agent, fluent-package) since v1.14.6.
• #4836 --umask command line option: Fixed so that it is applied when Fluentd runs with --daemon (fluent-package) as well as when Fluentd runs with --no-supervisor.
• #4909 Windows: Stop the service when the supervisor is dead
• #4782 Windows: Fixed an issue where stopping the service immediately after startup could leave the processes.
• #4782 Windows: Fixed an issue where stopping service sometimes can not be completed forever.

Misc

• #4962 in_monitor_agent: stop using CGI.parse due to support Ruby 3.5

... (truncated)

Changelog

Sourced from fluentd's changelog.

Release v1.19.0 - 2025/07/30

Enhancement

New features:

• Add zstd compression support fluent/fluentd#4657
  • Buffer: add zstd to compress option.
  • out_file: add zstd to compress option.
  • out_forward: add zstd to compress option. (Experimental)
  • in_forward: support zstd format.
• buffer: add feature to evacuate chunk files when retry limit fluent/fluentd#4986
• out_http: TLS1.3 support fluent/fluentd#4859
• out_stdout: support output to STDOUT independently of Fluentd logger by setting use_logger to false fluent/fluentd#5036
• out_file: add symlink_path_use_relative option to use relative path instead of absolute path in symlink_path fluent/fluentd#4904
• System configuration: Add forced_stacktrace_level to force the log level of stacktraces. fluent/fluentd#5008
• System configuration: support built-in config files fluent/fluentd#4893

Metrics:

• metrics: enable input metrics by default fluent/fluentd#4966
• in_tail: add "tracked_file_count" metrics to see how many log files are being tracked fluent/fluentd#4980
• output: add metrics for number of writing events in secondary fluent/fluentd#4971
• output: add metrics for dropped oldest chunk count fluent/fluentd#4981

Others:

• in_forward: enable skip_invalid_event by default not to process broken data fluent/fluentd#5003
• buf_file: reinforce buffer file corruption check fluent/fluentd#4998
• in_http: allow empty Origin header requests to pass CORS checks fluent/fluentd#4866
• in_tail: add warning for directory permission fluent/fluentd#4865
• Add logging for errors about loading dependencies on startup fluent/fluentd#4858
• Performance improvements
  • fluent/fluentd#4759 fluent/fluentd#4760

... (truncated)

Commits

• ed15edc v1.19.0
• 420e166 gemspec: fix io-event and io-stream version to avoid unstable behavior on Win...
• 1f64300 out_stdout: support output to $stdout independently of logger (#5036)
• 6ce90f9 in_http: replace WEBrick::HTTPUtils.parse_query with URI (#4900)
• d4fd43b logger: force_stacktrace_level was not applied to PluginLogger (#5038)
• 56ba858 README: remove Code Climate badge as the service has ended (#5035)
• cefbc62 build(deps): bump ruby/setup-ruby from 1.245.0 to 1.247.0 (#5031)
• 6797027 build(deps): bump github/codeql-action from 3.29.2 to 3.29.3 (#5030)
• f6f002e rubocop: use plugin scope logger (#5028)
• 11e69f2 server plugin helper: ensure to close all connections at shutdown (#5026)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 16 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

logs-concentrator/Gemfile.lock

Package	Version	License	Issue Type
async	2.36.0	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
async-pool	0.11.1	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
fiber-storage	1.0.1	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
io-event	1.14.2	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
io-stream	0.11.1	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
metrics	0.15.0	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
protocol-http	0.59.0	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
traces	0.18.2	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
console	1.34.3	Null	Unknown License

logs-dispatcher/Gemfile.lock

Package	Version	License	Issue Type
async	2.36.0	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
async-pool	0.11.1	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
fiber-storage	1.0.1	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
io-event	1.14.2	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
io-stream	0.11.1	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
metrics	0.15.0	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
protocol-http	0.59.0	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
traces	0.18.2	LicenseRef-scancode-dco-1.1 AND MIT	Incompatible License
console	1.34.3	Null	Unknown License

Allowed Licenses:

Apache-2.0, BSD-2-Clause, BSD-2-Clause-FreeBSD, BSD-3-Clause, ISC, MIT, PostgreSQL, Python-2.0, Ruby, X11, Zlib

Excluded from license check:

pkg:gem/fluent-plugin-record-modifier, pkg:gem/mime-types-data, pkg:gem/multi_json, pkg:gem/net-http-persistent, pkg:gem/rake, pkg:gem/tzinfo-data, pkg:gem/llhttp-ffi, pkg:gem/public_suffix, pkg:gem/base64

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
rubygems/async	2.36.0	🟢 6.8	Details Check Score Reason Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 19 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
rubygems/async-http	0.94.2	Unknown	Unknown
rubygems/async-pool	0.11.1	Unknown	Unknown
rubygems/concurrent-ruby	1.3.6	🟢 4.7	Details Check Score Reason Code-Review 🟢 4 Found 11/25 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 14 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/console	1.34.3	Unknown	Unknown
rubygems/cool.io	1.9.3	Unknown	Unknown
rubygems/fiber-annotation	0.2.0	Unknown	Unknown
rubygems/fiber-local	1.1.0	Unknown	Unknown
rubygems/fiber-storage	1.0.1	Unknown	Unknown
rubygems/fluentd	1.19.2	🟢 8	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 66 contributing companies or organizations
rubygems/http_parser.rb	0.8.1	Unknown	Unknown
rubygems/io-endpoint	0.17.2	Unknown	Unknown
rubygems/io-event	1.14.2	Unknown	Unknown
rubygems/io-stream	0.11.1	Unknown	Unknown
rubygems/metrics	0.15.0	Unknown	Unknown
rubygems/net-http	0.9.1	Unknown	Unknown
rubygems/ostruct	0.6.3	Unknown	Unknown
rubygems/protocol-hpack	1.5.1	Unknown	Unknown
rubygems/protocol-http	0.59.0	Unknown	Unknown
rubygems/protocol-http1	0.37.0	Unknown	Unknown
rubygems/protocol-http2	0.24.0	Unknown	Unknown
rubygems/protocol-url	0.4.0	Unknown	Unknown
rubygems/traces	0.18.2	Unknown	Unknown
rubygems/tzinfo-data	1.2025.3	⚠️ 2.9	Details Check Score Reason Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
rubygems/webrick	1.9.2	Unknown	Unknown
rubygems/zstd-ruby	1.5.7.1	Unknown	Unknown
rubygems/async	2.36.0	🟢 6.8	Details Check Score Reason Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 19 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
rubygems/async-http	0.94.2	Unknown	Unknown
rubygems/async-pool	0.11.1	Unknown	Unknown
rubygems/console	1.34.3	Unknown	Unknown
rubygems/cool.io	1.9.3	Unknown	Unknown
rubygems/fiber-annotation	0.2.0	Unknown	Unknown
rubygems/fiber-local	1.1.0	Unknown	Unknown
rubygems/fiber-storage	1.0.1	Unknown	Unknown
rubygems/fluentd	1.19.2	🟢 8	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 66 contributing companies or organizations
rubygems/io-endpoint	0.17.2	Unknown	Unknown
rubygems/io-event	1.14.2	Unknown	Unknown
rubygems/io-stream	0.11.1	Unknown	Unknown
rubygems/metrics	0.15.0	Unknown	Unknown
rubygems/net-http	0.9.1	Unknown	Unknown
rubygems/protocol-hpack	1.5.1	Unknown	Unknown
rubygems/protocol-http	0.59.0	Unknown	Unknown
rubygems/protocol-http1	0.37.0	Unknown	Unknown
rubygems/protocol-http2	0.24.0	Unknown	Unknown
rubygems/protocol-url	0.4.0	Unknown	Unknown
rubygems/traces	0.18.2	Unknown	Unknown
rubygems/uri	1.1.1	🟢 4.3	Details Check Score Reason Maintained 🟢 9 10 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 4 Found 6/13 approved changesets -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
rubygems/zstd-ruby	1.5.7.1	Unknown	Unknown

Scanned Files

• logs-concentrator/Gemfile.lock
• logs-dispatcher/Gemfile.lock

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.