fix: bump rake dependency per CVE-2020-8130 #219
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
f1337
changed the title
|
Thanks. Given this is a development dependency, can I ask why it's affecting anything? |
|
Also, why not go to 13? |
|
Sorry, I didn't look at the selector properly. |
themichaelyan
pushed a commit
to animoto/pact-ruby
that referenced
this pull request
Feb 4, 2022
* feat: update http client code * feat: unlock rack-test dependency to allow version 1.1.0 * chore(release): version 1.38.0 * feat: allow host of mock service to be specified closes: pact-foundation#186 * chore(release): version 1.39.0 * feat: add support for bearer token * feat: remove ruby 2.2 tests * chore(release): version 1.40.0 * docs(readme): add host to example * feat: redact Authorization header from HTTP client debug output * chore(release): version 1.41.0 * fix: use to_json instead of JSON.dump because it generates different JSON when used in conjuction with other libraries (eg. Oj) * chore(release): version 1.41.1 * chore: add metadata links to gemspec (pact-foundation#195) * chore: revert accidentally commited gemfiles * fix: file upload spec * chore: remove jruby support add 2.5 and 2.6 * fix(pact_helper_locator): add 'test' dir to file patterns (pact-foundation#196) * chore(release): version 1.41.2 * feat: use new 'pacts for verification' endpoint to retrieve pacts (pact-foundation#199) * chore(release): version 1.42.0 * chore: ensure X_PACT_DEVELOPMENT is unset when running appraisal update * fix: can't use safe navigation operator because of Ruby 2.2 in Travelling Ruby for the pact-ruby-standalone * chore(release): version 1.42.1 * fix: remove missed &. * chore(release): version 1.42.2 * chore: build on Ruby 2.2 because it's required for Travelling Ruby for the pact-ruby-standalone. Drop 2.4 and 2.5, and just do 2.6, as the inbetween versions should be fine * chore: remove randexp dependency (pact-foundation#202) * style: code style fixes as per fasterer suggestion (pact-foundation#203) * Use symbol to proc for slight performance gain * Replace `reverse.each` with `reverse_each` * Switch to `tr` for slight performance gain * Clean up duplicate requires * Empty lines vacuum * fix(verify): exit with status 0 if all pacts are in pending state * chore(release): version 1.42.3 * chore: update gemspec (pact-foundation#204) * Drop unnecessary encoding pragma * Use short form __dir__ * Add changelog * Drop unnecessary `json` requirement * Require `pry-byebug` for development * feat(verify): allow includePendingStatus to be specified when fetching pacts * chore(release): version 1.43.0 * fix: use URI.open instead of Kernel.open * chore: add ruby 2.7 to testing matrix * fix: use configured credentials when fetching the diff with previous version Closes: pact-foundation#205 * chore(deps): update for example * chore(release): version 1.43.1 * feat(message pact): add DSL for configuring Message Pact verifications * chore: fix release script so it doesn't release twice * style: whitespace * chore: see if I can get deploy happening once only after tests * chore: put message pact in folder that is not gitignored * Revert "chore: see if I can get deploy happening once only after tests" This reverts commit 1750dc3. * chore(deps): update pact-mock_service to 3.3.1 * chore(release): version 1.44.0 * chore: try the stages again * fix: print notices from 'pacts for verification' response to indicate why pacts are included an/or pending * chore(release): version 1.44.1 * fix: show pending test output in yellow instead of red * feat: support pending pacts in json formatter * style: whitespace * feat: use custom json formatter when --format json is specified and send it straight to stdout or the configured file * chore: ensure logging messages don't screw up the JSON parsing in the test * chore(release): version 1.45.0 * chore: remove tests for RSpec 2. It's time. * chore: lock down gems, stop installing pry-byebug on Travis * chore: rename group because it stopped the gemfiles development dependencies being installed * chore: remove pry-byebug version restriction * chore: remove webrick version restriction * chore: add webrick version restriction back * fix: remove accidentally committed verbose: true * feat: expose full notice object in JSON output * chore: remove gemfiles dir from release script * chore(release): version 1.46.0 * fix: send output messages to the correct stream when using the XML formatter * chore(release): version 1.46.1 * chore: echo link to travis build when releasing [ci-skip] * feat: add pact metadata to json formatter * feat: update json formatter output * chore(release): version 1.47.0 * feat: use certificates from SSL_CERT_FILE and SSL_CERT_DIR environment variables in HTTP connections * chore(release): version 1.48.0 * feat: use environment variables PACT_BROKER_USERNAME and PACT_BROKER_PASSWORD when verifying a pact by URL, if the environment variables are present * chore(release): version 1.49.0 * Revert "Fix link to Ron Holshausen's blog post" (pact-foundation#194) * fix: ensure the presence of basic auth credentials does not cause an error when displaying the path of a pact on the local filesystem * fix: ensure diff is included in the json output * chore(release): version 1.49.1 * fix: json parser error for top level JSON values fixes: pact-foundation/pact-net#237 * chore(release): version 1.49.2 * fix: pact selection verification options logging * chore(release): version 1.49.3 * docs(contributing): Fix typo * feat: Set expected interactions on mock service but without writing them to pact file (pact-foundation#210) * chore(release): version 1.50.0 * fix: fix integration with pact-message-ruby (pact-foundation#216) * chore(release): version 1.50.1 * feat: allow individual interactions to be re-run by setting PACT_BROKER_INTERACTION_ID * chore(release): version 1.51.0 * fix: bump rake dependency per CVE-2020-8130 (pact-foundation#219) * Revert "fix: bump rake dependency per CVE-2020-8130 (pact-foundation#219)" (pact-foundation#220) This reverts commit 09feaa6. * fix: update thor dependency (pact-foundation#218) Co-authored-by: Lindsey Hattamer <lindsey.hattamer@oddball.io> Co-authored-by: Lindsey Hattamer <lindsey.hattamer@oddball.io> * chore: add github release workflow * chore(deps): update rake to ~> 13.0 * chore: disable travis release * chore(release): version 1.51.1 * feat: support webdav http methods * chore(release): version 1.52.0 * feat: add support for the enable_pending flag * chore(release): version 1.53.0 * feat: add support for include_wip_pacts_since * feat: allow include_wip_pacts_since to use a Date, DateTime or Time * feat: use pb relation in preference to beta relation when fetching pacts for verification * chore(deps): update * chore(release): version 1.54.0 * chore(deps): update for example * feat: update output during verification so the pact info shows before the describe blocks of the pact that is being verified * feat: split pending and failed rerun commands into separate sections * feat: allow verification task to set just a pact_helper without a URI * feat: add consumer_version_selectors to pact verification DSL, and convert consumer_version_tags to selectors * chore(release): version 1.55.0 * fix: remove accidentally committed debug logging * chore(release): version 1.55.1 * test: remove puts * chore: update error output when tagging * fix: correctly calculate exit code when a mix of pending and non pending pacts are verified Closes: pact-foundation#223 * chore: support old --ignore-failures as well as new pending * test: update with pact_source * chore(release): version 1.55.2 * fix: de-duplicate re-run commands * fix: correct logic for determining if all interactions for a pact have been verified Closes: pact-foundation#221 * chore: bump pact-message version * chore(release): version 1.55.3 * fix: add back missing output describing the interactions filter * chore(release): version 1.55.4 * fix(security): hide personal access token given in uri (pact-foundation#225) something like https://pat@my-pact-server/pact.json is possible where pat stands for personal access token and is a secret. fix the current behavior where only https://user:password@my-pact-server/pact.json is checked * chore(release): version 1.55.5 * Fixed typo with misspell (pact-foundation#226) * chore: update release workflow [ci-skip] * fix: require rspec now that pact-support does not depend on it * chore(release): version 1.55.6 * fix: add consumer name to the selection description (pact-foundation#229) * fix(pact_selection_description): support consumer name selection When consumer_version_selection specifies consumer name, the name is added to the description too. * fix(pact_selection_description) remove unused variable * chore(release): version 1.55.7 * feat: catch and log error during help text generation * chore: update spec to include active support tests * chore: add test workflow * chore: remove .travis.yml and update badge * chore(release): version 1.56.0 * chore: update trigger script [ci-skip] * feat: allow verbose flag to be set when publishing verifications * chore: update trigger release script [ci-skip] * chore(release): version 1.57.0 * fix: gracefully handle display of username that causes InvalidComponentError to be raised when composing a URI For: pact-foundation/pact-net#289 * chore: don't make ruby 3.0 experimental any more * feat: support publishing verification results with a version branch * chore(release): version 1.58.0 * feat: update descriptions for new consumer version selectors * chore(release): version 1.59.0 * chore: updating pact-support version (pact-foundation#247) * feat: allow SSL verification to be disabled in the HAL client by setting the environment variable PACT_DISABLE_SSL_VERIFICATION=true * chore: use output stream not error stream * chore: update verbose output * chore: add workflow_dispatch to release workflow * chore(release): version 1.60.0 * chore: fix grammar * doc: fixed incorrect use of vowels (pact-foundation#250) * feat: support description of matching_branch and matching_tag consumer version selectors * fix: pass through includePendingStatus to the 'pacts for verification' API when it is false * chore(release): version 1.61.0 Co-authored-by: Beth Skurrie <beth@bethesque.com> Co-authored-by: Victoria Plows <vplows@dius.com.au> Co-authored-by: Beth Skurrie <bethesque@users.noreply.github.com> Co-authored-by: Grey Baker <greysteil@github.com> Co-authored-by: thatguysimon <snizov@twistbioscience.com> Co-authored-by: Tan Le <tanle.oz@gmail.com> Co-authored-by: mcclenney <mcclenney@gmail.com> Co-authored-by: Christoph Grabo <446613+asaaki@users.noreply.github.com> Co-authored-by: Will Djingga <will@alotofnoodles.com> Co-authored-by: Matt Fellows <matt.fellows@onegeek.com.au> Co-authored-by: thatguysimon <simon.nizov@gmail.com> Co-authored-by: Max Forasteiro <max.forasteiro@gmail.com> Co-authored-by: Michael R. Fleet <f1337@users.noreply.github.com> Co-authored-by: Lindsey Hattamer <lindsey.hattamer@oddball.io> Co-authored-by: thomas-girotto <thomas.girotto@gmail.com> Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org> Co-authored-by: Mateusz Derks <mateusz.derks@gmail.com> Co-authored-by: naresh-hopin <78914596+naresh-hopin@users.noreply.github.com> Co-authored-by: Akhil Gautam <akhilgautam123@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.