Yes, I generally scan the changelog and look at the diff on github from the prev...

Railsify on Jan 8, 2022 | parent | context | favorite | on: A routine gem update ended up creating $73k worth ...

Yes, I generally scan the changelog and look at the diff on github from the previous version. Not doing so is penny wise and pound foolish, the risk to brand and the risk of downtime is too great to install a crypto miner, or a vulnerable log4j version, etc.