)]}'
{
  "commit": "6facdefe608ee516db314ff06477ffbc28db2db7",
  "tree": "6202c20068d8a03b63cd14e7be6f70333462eccc",
  "parents": [
    "31234ccdbe90c3157d1749a23dc8376731558104"
  ],
  "author": {
    "name": "YangJie",
    "email": "yangjie01@baidu.com",
    "time": "Mon Apr 27 14:48:22 2026 +0800"
  },
  "committer": {
    "name": "yangjie01",
    "email": "yangjie01@baidu.com",
    "time": "Mon Apr 27 14:48:22 2026 +0800"
  },
  "message": "[SPARK-56631][DOC] Update `addressable` gem version to 2.9.0\n\n### What changes were proposed in this pull request?\nBump `addressable` (transitive dependency of `jekyll`) from 2.8.7 to 2.9.0 in `docs/Gemfile.lock`.\n\n### Why are the changes needed?\n`addressable` \u003c 2.9.0 has a high-severity ReDoS vulnerability ([CVE-2026-35611](https://nvd.nist.gov/vuln/detail/CVE-2026-35611), [GHSA-h27x-rffw-24p4](https://github.com/sporkmonger/addressable/security/advisories/GHSA-h27x-rffw-24p4), CVSS 7.5) in `Addressable::Template#match`. 2.9.0 fully remediates the vulnerability and also widens the `public_suffix` upper bound to `\u003c 8.0` (the resolved `public_suffix 6.0.2` continues to satisfy).\n\nRelease notes: https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md\n\n### Does this PR introduce _any_ user-facing change?\nNo.\n\n### How was this patch tested?\nPass GitHub Actions.\n\n### Was this patch authored or co-authored using generative AI tooling?\nGenerated-by: Claude Code\n\nCloses #55555 from LuciferYang/SPARK-56631.\n\nAuthored-by: YangJie \u003cyangjie01@baidu.com\u003e\nSigned-off-by: yangjie01 \u003cyangjie01@baidu.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "70a51382190c8e0bf4c192b3a801497617dff3db",
      "old_mode": 33188,
      "old_path": "docs/Gemfile.lock",
      "new_id": "ae4d11e4a1d14649ba7db1193c8a61dfbd208582",
      "new_mode": 33188,
      "new_path": "docs/Gemfile.lock"
    }
  ]
}