build(deps): bump rack from 2.0.7 to 2.2.3 in /pkgs/applications/office/ledger-web #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [rack](https://github.com/rack/rack) from 2.0.7 to 2.2.3. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md) - [Commits](rack/rack@2.0.7...2.2.3) Signed-off-by: dependabot[bot] <support@github.com>
pasqui23
pushed a commit
that referenced
this pull request
Nov 23, 2021
$ diffoscope '...-hdf5-1.12.1' '...-hdf5-1.12.1.check'
--- ...-hdf5-1.12.1/lib/libhdf5.settings
+++ ...-hdf5-1.12.1.check/lib/libhdf5.settings
-1,17 +1,17 @@
HDF5 Version: 1.12.1
- Configured on: Thu Oct 28 17:42:30 UTC 2021
+ Configured on: Sat Nov 6 19:02:02 UTC 2021
Configured by: nixbld@
Host system: x86_64-unknown-linux-gnu
- Uname information: Linux localhost 5.10.76 #1-NixOS SMP Wed Oct 27 07:56:57 UTC 2021 x86_64 GNU/Linux
+ Uname information: Linux localhost 5.14.15 #1-NixOS SMP Wed Oct 27 07:59:56 UTC 2021 x86_64 GNU/Linux
The patch removes `Configured on`, `Configured by` and `Uname information` fields.
pasqui23
pushed a commit
that referenced
this pull request
Feb 5, 2022
The test failed with > Test "test5 user should not be able to run commands under root" failed with > error: "invalid literal for int() with base 10: ''" since 2492da8. The reason for this is that `sudo(8)` writes the lecture to the tty[1] and only as a fallback to stdout[2]. This means that the `base64 --wrap 0` executed by `machine.execute()` doesn't affect the text written to the terminal, however the lecture is part of the string that's read from the VM via `shell.recv()`. I confirmed the problem in an interactive test session[3]: >>> command = "sudo -u test5 sudo -n -u root true" >>> out_command = f"( set -euo pipefail; {command} ) | (base64 --wrap 0; echo)\n" >>> machine.shell.send(out_command.encode()) 84 >>> machine # [ 99.015512] sudo[877]: root : TTY=hvc0 ; PWD=/tmp ; USER=test5 ; COMMAND=/run/wrappers/bin/sudo -n -u root true machine # [ 99.019373] sudo[877]: pam_unix(sudo:session): session opened for user test5(uid=1005) by (uid=0) machine # [ 99.038692] sudo[879]: pam_unix(sudo:auth): conversation failed machine # sudo: a password is required machine # [ 99.041860] sudo[879]: pam_unix(sudo:auth): auth could not identify password for [test5] machine # [ 99.046901] sudo[877]: pam_unix(sudo:session): session closed for user test5 >>> >>> x=machine._next_newline_closed_block_from_shell() >>> print(x) <newline> We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: <newline> #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. <newline> <newline> <newline> >>> Since the lecture isn't strictly necessary to confirm that `security.sudo` works as expected, I decided to disable lecturing inside the test, however we may want to fix the underlying problem in the test-driver at some point. [1] https://github.com/sudo-project/sudo/blob/SUDO_1_9_9/plugins/sudoers/check.c#L275-L283 [2] https://github.com/sudo-project/sudo/blob/SUDO_1_9_9/src/conversation.c#L95-L120 [3] I replaced each empty line with `<newline>` to make sure these aren't swallowed by git.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps rack from 2.0.7 to 2.2.3.
Changelog
Sourced from rack's changelog.
... (truncated)
Commits
1741c58bump version5ccca47When parsing cookies, only decode the valuesa5e80f0Bump version.b0de37dRemove trailing whitespace.1a784e5Prepare CHANGELOG for next patch release.a0d57d4Fix to handle same_site option for session poola9b223bEnsure full match. Fixes #1590.f4c5645Double assignment is still needed to prevent an "unused variable" warning5c121ddRevert "Update Thin handler to better handle more options"961d976Prepare point release.You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.