From d77ba6b8ef8ce7d1f3f2e701fcc4ee6548e635ea Mon Sep 17 00:00:00 2001
From: Peter Goldstein <peter.m.goldstein@gmail.com>
Date: Tue, 26 Jul 2022 14:55:23 -0400
Subject: [PATCH 1/4] Add GitHub Actions to Dependabot

---
 .github/dependabot.yml | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..5ace4600
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

From e3b04ebab73ad7e5c35bdf02d4ca84021be725e5 Mon Sep 17 00:00:00 2001
From: Adrien Rey-Jarthon <jobs@adrienjarthon.com>
Date: Sat, 2 Jul 2022 12:01:52 +0200
Subject: [PATCH 2/4] fix "invalid byte sequence in UTF-8" exception when
 unencoding URLs containing non UTF-8 characters

---
 lib/addressable/uri.rb       | 12 +++---------
 spec/addressable/uri_spec.rb |  5 +++++
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/lib/addressable/uri.rb b/lib/addressable/uri.rb
index 6e55cda9..3ded0e87 100644
--- a/lib/addressable/uri.rb
+++ b/lib/addressable/uri.rb
@@ -468,19 +468,13 @@ def self.unencode(uri, return_type=String, leave_encoded='')
           "Expected Class (String or Addressable::URI), " +
           "got #{return_type.inspect}"
       end
-      uri = uri.dup
-      # Seriously, only use UTF-8. I'm really not kidding!
-      uri.force_encoding("utf-8")
 
-      unless leave_encoded.empty?
-        leave_encoded = leave_encoded.dup.force_encoding("utf-8")
-      end
-
-      result = uri.gsub(/%[0-9a-f]{2}/iu) do |sequence|
+      result = uri.gsub(/%[0-9a-f]{2}/i) do |sequence|
         c = sequence[1..3].to_i(16).chr
-        c.force_encoding("utf-8")
+        c.force_encoding(sequence.encoding)
         leave_encoded.include?(c) ? sequence : c
       end
+
       result.force_encoding("utf-8")
       if return_type == String
         return result
diff --git a/spec/addressable/uri_spec.rb b/spec/addressable/uri_spec.rb
index 76edaad0..b8ca5213 100644
--- a/spec/addressable/uri_spec.rb
+++ b/spec/addressable/uri_spec.rb
@@ -5992,6 +5992,11 @@ def to_str
     expect(Addressable::URI.unencode_component("ski=%BA%DAɫ")).to eq("ski=\xBA\xDAɫ")
   end
 
+  it "should not fail with UTF-8 incompatible string" do
+    url = "/M%E9/\xE9?p=\xFC".b
+    expect(Addressable::URI.unencode_component(url)).to eq("/M\xE9/\xE9?p=\xFC")
+  end
+
   it "should result in correct percent encoded sequence as a URI" do
     expect(Addressable::URI.unencode(
       "/path?g%C3%BCnther", ::Addressable::URI

From f968b358fd30bcca1da3eb7a6cae80a6349f6b59 Mon Sep 17 00:00:00 2001
From: Bob Aman <sporkmonger@users.noreply.github.com>
Date: Fri, 29 Jul 2022 20:20:08 -0700
Subject: [PATCH 3/4] Enable CodeQL analysis

---
 .github/workflows/codeql-analysis.yml | 53 +++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 .github/workflows/codeql-analysis.yml

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 00000000..392e871b
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,53 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '41 19 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'ruby' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

From 31c23e23666633b267a82f0900f1776df35e6543 Mon Sep 17 00:00:00 2001
From: Bob Aman <sporkmonger@users.noreply.github.com>
Date: Fri, 29 Jul 2022 20:21:33 -0700
Subject: [PATCH 4/4] Remove boilerplate

---
 .github/workflows/codeql-analysis.yml | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 392e871b..7b2e23ed 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,14 +1,3 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
 name: "CodeQL"
 
 on: