🚨 [security] Update railties 7.0.6 → 7.0.8 (patch) #551
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ railties (7.0.6 → 7.0.8) · Repo · Changelog
Release Notes
7.0.8 (from changelog)
7.0.7.2 (from changelog)
7.0.7.1 (from changelog)
7.0.7 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
✳️ activemodel (7.0.6 → 7.0.8) · Repo · Changelog
Release Notes
7.0.8 (from changelog)
7.0.7.2 (from changelog)
7.0.7.1 (from changelog)
7.0.7 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
✳️ activerecord (7.0.6 → 7.0.8) · Repo · Changelog
Release Notes
7.0.8 (from changelog)
7.0.7.2 (from changelog)
7.0.7.1 (from changelog)
7.0.7 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
✳️ activesupport (7.0.6 → 7.0.8) · Repo · Changelog
Security Advisories 🚨
🚨 Possible File Disclosure of Locally Encrypted Files
Release Notes
7.0.8 (from changelog)
7.0.7.2 (from changelog)
7.0.7.1 (from changelog)
7.0.7 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
7.0.8 (from changelog)
7.0.7.2 (from changelog)
7.0.7.1 (from changelog)
7.0.7 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
7.0.8 (from changelog)
7.0.7.2 (from changelog)
7.0.7.1 (from changelog)
7.0.7 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
2.8.4
2.8.3
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 9 commits:
version bump to v2.8.4
Merge pull request #130 from stanhu/sh-cmake-cross-compile-vars
version bump to v2.8.3
Remap x64 processor type to x86_64
[cmake] Automatically add required cross-compilation variables
Merge pull request #129 from stanhu/sh-cmake-msys
Update CHANGELOG.md
Add CHANGELOG.md for CMake fix
cmake: only use MSYS/NMake generators when available
Release Notes
5.20.0 (from changelog)
5.19.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 8 commits:
prepped for release
+ Optionally allow autorun exit hook to remain active in forked child. (casperisfine)
Fixed skip messages for non-forking systems. (casperisfine)
prepped for release
+ Add metadata lazy accessor to Runnable / Result. (matteeyah)
- Minitest::TestTask enthusiastically added itself to default. (ParadoxV5)
+ Only load minitest/unit (aka ancient MiniTest compatibility layer) if ENV["MT_COMPAT"]
Replace 'MiniTest' with 'Minitest' in example code. (sambostock)
Release Notes
1.15.4
1.15.3
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 25 commits:
version bump to v1.15.4
backport updates and fixes to v1.15.x (#2953)
dep: update libxml2 to v2.11.5
test: add coverage for the memsize_of bug
fix memsize_node when called on xmlAttrs
Fix typo
ci: ruby-saml's downstream test suite needs minitest compat
style: prefer Minitest to MiniTest
ci: update suppression stack signature
version bump to v1.15.3
doc: update CHANGELOG
fix: Schema.from_document parameter type checks
prefactor: clean up Schema.from_document implementations
prefactor: clean up XML::Schema tests
fix: CDATA.new parameter type checks
prefactor: clean up CDATA.new implementations
prefactor: clean up XML::CDATA tests
fix: Text.new parameter type checks
prefactor: clean up Text.new implementations
prefactor: clean up XML::Text tests
fix: do not dup text siblings in reparent_node_with(xmlAddChild)
update CHANGELOG
dev: merge two functions into isCDATA()
dev: fix formatting
dev: serializing unparented node on java
Commits
See the full diff on Github. The new version differs by 7 commits:
Bump patch version.
Regenerate SPEC (#2102)
Fix inefficient assert pattern in Rack::Lint (#2101)
Prefer ubuntu-latest for testing. (#2095)
Update cookie.rb (#2092)
adds missing 2.2.7 to CHANGELOG.md (#2081)
Limit file extension length of multipart tempfiles (#2069) (#2075)
Release Notes
2.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 27 commits:
Prepare for 2.2.0
:scissors:
No need to wait rubocop to run tests
Test with Rails edge
Merge pull request #110 from nicoco007/fix-substitution-regression
Special case Regexp instead of strings
Fix string substitution regression
Remove constants from global namespace
Match constant definition with the file name
Inline CountDescribable module
Remove unnecessary requires
Setup Active Support in a common place
:scissors:
Require railtie in the main file
Merge pull request #109 from flavorjones/flavorjones-dom-testing-html-version
doc: update documentation to include HTML parser selection
feat: railtie to set Rails::Dom::Testing.default_html_version
feat: some assertions allow setting the HTML parser version
feat: Introduce Rails::Dom::Testing.default_html_version
Add .rdoc_options to make README the front page.
Merge pull request #108 from flavorjones/flavorjones-rails-rubocop-standards
ci: prepend a rubocop job
style: use require_relative where appropriate
style(rubocop): unsafe autocorrects
style(rubocop): safe autocorrects
dev: import Rails rubocop config, set Ruby version to >=2.5
dev: remove unnecessary development dependencies
Release Notes
2.6.11 (from changelog)
2.6.10 (from changelog)
2.6.9 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 32 commits:
Ready for 2.6.11
Let on_dir_autoloaded be reentrant
Update code comment
Ready for 2.6.10
Rename cpath_expected_at tests
Centralize and improve camelize validations
Relax wording in CHANGELOG
Fixes typo
Ready for version 2.6.9
CHANGELOG.md edits
Rename expected_cpath_at to cpath_expected_at
Update CHANGELOG.md
Let expected_cpath_at validate cnames itself
Let expected_cpath_at raise Zeitwerk::NameError on invalid cnames
Rename `cpath_at` to `expected_cpath_at`
Add test coverage for an edge case in load_file
Improve load_file error handling for hidden arguments
Link to a section in cpath_at docs
Let eager_load_dir do nothing if given a hidden directory
Define Zeitwerk::Loader#cpath_at
Document methods with leading underscores are not public
Add .github/FUNDING.yml
Minor edits to the debuggers section of the README
Merge pull request #268 from andmcadams/clarify-debugger-compat
Clarify debug.rb compatibility
Improves the documentation of the default inflector
Merge pull request #266 from exoego/patch-1
Remove unrechable code
README edits by GPT-4
Merge pull request #265 from henrik/patch-1
README: Copy fix
Fix URL for CI badge in README
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands