Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency rails to v6.1.7.10 #235

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 23, 2023

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
rails (source, changelog) 6.1.6 -> 6.1.7.10 age adoption passing confidence

Release Notes

rails/rails (rails)

v6.1.7.10: 6.1.7.10

Compare Source

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

Action Mailer

  • Fix NoMethodError in block_format helper

    Michael Leimstaedtner

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.

Guides

  • No changes.

v6.1.7.9: 6.1.7.9

Compare Source

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Avoid regex backtracking in HTTP Token authentication

    [CVE-2024-47887]

  • Avoid regex backtracking in query parameter filtering

    [CVE-2024-41128]

Active Job

  • No changes.

Action Mailer

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • Avoid backtracing in plain_text_for_blockquote_node

    [CVE-2024-47888]

Railties

  • No changes.

Guides

  • No changes.

v6.1.7.8: 6.1.7.8

Compare Source

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Include the HTTP Permissions-Policy on non-HTML Content-Types
    [CVE-2024-28103]

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.

v6.1.7.7: 6.1.7.7

Compare Source

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • Disables the session in ActiveStorage::Blobs::ProxyController
    and ActiveStorage::Representations::ProxyController
    in order to allow caching by default in some CDNs as CloudFlare

    Fixes #​44136

    Bruno Prieto

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.

v6.1.7.6

Compare Source

No changes between this and 6.1.7.5. This release was just to fix file permissions in the previous release.

v6.1.7.5: 6.1.7.5 Release

Compare Source

Active Support

  • Use a temporary file for storing unencrypted files while editing

    [CVE-2023-38037]

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.

v6.1.7.4

Compare Source

Active Support
  • No changes.
Active Model
  • No changes.
Active Record
  • No changes.
Action View
  • No changes.
Action Pack
  • Raise an exception if illegal characters are provide to redirect_to
    [CVE-2023-28362]

    Zack Deveau

Active Job
  • No changes.
Action Mailer
  • No changes.
Action Cable
  • No changes.
Active Storage
  • No changes.
Action Mailbox
  • No changes.
Action Text
  • No changes.
Railties
  • No changes.

v6.1.7.3

Compare Source

Active Support

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • Ignore certain data-* attributes in rails-ujs when element is contenteditable

    [CVE-2023-23913]

Action Pack

  • No changes.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.

v6.1.7.2

Compare Source

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Fix domain: :all for two letter TLD

    This fixes a compatibility issue introduced in our previous security
    release when using domain: :all with a two letter but single level top
    level domain domain (like .ca, rather than .co.uk).

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.

v6.1.7.1

Compare Source

Active Support
Active Model
  • No changes.
Active Record
  • Make sanitize_as_sql_comment more strict

    Though this method was likely never meant to take user input, it was
    attempting sanitization. That sanitization could be bypassed with
    carefully crafted input.

    This commit makes the sanitization more robust by replacing any
    occurrances of "/" or "/" with "/ " or " /". It also performs a
    first pass to remove one surrounding comment to avoid compatibility
    issues for users relying on the existing removal.

    This also clarifies in the documentation of annotate that it should not
    be provided user input.

    [CVE-2023-22794]

  • Added integer width check to PostgreSQL::Quoting

    Given a value outside the range for a 64bit signed integer type
    PostgreSQL will treat the column type as numeric. Comparing
    integer values against numeric values can result in a slow
    sequential scan.

    This behavior is configurable via
    ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.

    [CVE-2022-44566]

Action View
  • No changes.
Action Pack
Active Job
  • No changes.
Action Mailer
  • No changes.
Action Cable
  • No changes.
Active Storage
  • No changes.
Action Mailbox
  • No changes.
Action Text
  • No changes.
Railties
  • No changes.

v6.1.7

Compare Source

Active Support
  • No changes.
Active Model
  • No changes.
Active Record
  • Symbol is allowed by default for YAML columns

    Étienne Barrié

  • Fix ActiveRecord::Store to serialize as a regular Hash

    Previously it would serialize as an ActiveSupport::HashWithIndifferentAccess
    which is wasteful and cause problem with YAML safe_load.

    Jean Boussier

  • Fix PG.connect keyword arguments deprecation warning on ruby 2.7

    Fixes #​44307.

    Nikita Vasilevsky

Action View
  • No changes.
Action Pack
  • No changes.
Active Job
  • No changes.
Action Mailer
  • No changes.
Action Cable
  • No changes.
Active Storage
  • Respect Active Record's primary_key_type in Active Storage migrations. Backported from 7.0.

    fatkodima

Action Mailbox
  • No changes.
Action Text
  • No changes.
Railties
  • No changes.

v6.1.6.1: 6.1.6.1

Compare Source

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Change ActiveRecord::Coders::YAMLColumn default to safe_load

    This adds two new configuration options The configuration options are as
    follows:

    • config.active_storage.use_yaml_unsafe_load

    When set to true, this configuration option tells Rails to use the old
    "unsafe" YAML loading strategy, maintaining the existing behavior but leaving
    the possible escalation vulnerability in place. Setting this option to true
    is not recommended, but can aid in upgrading.

    • config.active_record.yaml_column_permitted_classes

    The "safe YAML" loading method does not allow all classes to be deserialized
    by default. This option allows you to specify classes deemed "safe" in your
    application. For example, if your application uses Symbol and Time in
    serialized data, you can add Symbol and Time to the allowed list as follows:

    config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
    

    [CVE-2022-32224]

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

Action Mailbox

  • No changes.

Action Text

  • No changes.

Railties

  • No changes.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/ruby-on-rails-packages branch from adae612 to 17e0b00 Compare February 21, 2024 19:03
@renovate renovate bot changed the title chore(deps): update dependency rails to v6.1.7.6 chore(deps): update dependency rails to v6.1.7.7 Feb 21, 2024
@renovate renovate bot changed the title chore(deps): update dependency rails to v6.1.7.7 chore(deps): update dependency rails to v6.1.7.7 - autoclosed Feb 28, 2024
@renovate renovate bot closed this Feb 28, 2024
@renovate renovate bot deleted the renovate/ruby-on-rails-packages branch February 28, 2024 04:39
@renovate renovate bot changed the title chore(deps): update dependency rails to v6.1.7.7 - autoclosed chore(deps): update dependency rails to v6.1.7.7 Mar 2, 2024
@renovate renovate bot reopened this Mar 2, 2024
@renovate renovate bot restored the renovate/ruby-on-rails-packages branch March 2, 2024 00:33
@renovate renovate bot force-pushed the renovate/ruby-on-rails-packages branch from 17e0b00 to 4dbf796 Compare June 4, 2024 19:49
@renovate renovate bot changed the title chore(deps): update dependency rails to v6.1.7.7 chore(deps): update dependency rails to v6.1.7.8 Jun 4, 2024
@renovate renovate bot changed the title chore(deps): update dependency rails to v6.1.7.8 chore(deps): update dependency rails to v6.1.7.8 - autoclosed Jul 15, 2024
@renovate renovate bot closed this Jul 15, 2024
@renovate renovate bot deleted the renovate/ruby-on-rails-packages branch July 15, 2024 00:49
@renovate renovate bot changed the title chore(deps): update dependency rails to v6.1.7.8 - autoclosed chore(deps): update dependency rails to v6.1.7.8 Jul 21, 2024
@renovate renovate bot restored the renovate/ruby-on-rails-packages branch July 21, 2024 11:17
@renovate renovate bot reopened this Jul 21, 2024
@renovate renovate bot force-pushed the renovate/ruby-on-rails-packages branch from 4dbf796 to e3a6e10 Compare October 15, 2024 22:11
@renovate renovate bot changed the title chore(deps): update dependency rails to v6.1.7.8 chore(deps): update dependency rails to v6.1.7.9 Oct 15, 2024
@renovate renovate bot force-pushed the renovate/ruby-on-rails-packages branch from e3a6e10 to e722f35 Compare October 24, 2024 00:43
@renovate renovate bot changed the title chore(deps): update dependency rails to v6.1.7.9 chore(deps): update dependency rails to v6.1.7.10 Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants