๐จ [security] Update activesupport 7.0.4.3 โ 7.1.3.2 (minor) #3274
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
๐จ Your current dependencies have known security vulnerabilities ๐จ
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
Security Advisories ๐จ
๐จ Possible File Disclosure of Locally Encrypted Files
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
โณ๏ธ active_model_serializers (0.10.13 โ 0.10.14) ยท Repo ยท Changelog
Commits
See the full diff on Github. The new version differs by 7 commits:
chore: bump to 0.10.14
Update gem requirement to allow Rails 7.1 (#2453)
Upgrade to Ubuntu 22.04 on Github Actions (#2451)
Merge pull request #2442 from ohbarye/remove-travis-setting
Remove travis settings
Merge pull request #2427 from y-yagi/fix-bundler-deprecated-method
Fix checking of method defined or not
โณ๏ธ awesome_nested_set (3.5.0 โ 3.6.0) ยท Repo ยท Changelog
Release Notes
3.6.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 10 commits:
Remove gem signing so I can push
Bump version
Update changelog and readme
Merge pull request #476 from AlejandroFernandesAntunes/impossible_move_err_msg_ext
Merge pull request #477 from harshalbhakta/rails_7_1_0
Add support for Rails 7.1.0
Added class name and ID for ImpossibleMove exception msg
Add Ruby 3.2 to CI and upgrade actions (#475)
Rails >= 5 should throw :abort (#470)
Remove Hakiri badge
โณ๏ธ rails (7.0.4.3 โ 7.1.3.2) ยท Repo
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Security Advisories ๐จ
๐จ Possible XSS Vulnerability in Action Controller
๐จ Possible Sensitive Session Information Leak in Active Storage
๐จ Possible XSS Vulnerability in Action Controller
๐จ Possible ReDoS vulnerability in Accept header parsing in Action Dispatch
๐จ Possible XSS via User Supplied Values to redirect_to
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Security Advisories ๐จ
๐จ Possible Sensitive Session Information Leak in Active Storage
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
2.2.0
2.1.1
2.1.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
1.6.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 57 commits:
version bump to v1.6.0
doc: update CHANGELOG and README with supported branch info
doc: update README moving verbose notes after usage
version bump to v1.6.0.rc2
Merge pull request #167 from rails/flavorjones-best-supported-vendor-method
feat: introduce Rails::HTML::Sanitizer.best_supported_vendor
version bump to v1.6.0.rc1
doc: update CONTRIBUTING with release process
Merge pull request #166 from rails/flavorjones-update-deps-for-html5-variation2
dep: update loofah and nokogiri to versions fully supporting HTML5
Merge pull request #165 from rails/flavorjones-small-readme-change
test: print value of html5_support? at start of suite
doc: small improvements to README
Merge pull request #163 from rails/flavorjones-ensure-utf8-encoding-from-all-sanitizers
fix: ensure LinkSanitizer returns UTF-8 encoded strings
Merge pull request #162 from rails/flavorjones-html5-sanitizer-vendor
doc: update CHANGELOG
feat: add HTML5::Sanitizer to provide a vendor interface for Rails
Merge pull request #161 from rails/flavorjones-quash-uninit-ivar-warning
fix: avoid uninitialized ivar warning
Merge pull request #160 from rails/flavorjones-update-license-and-copyright
legal: update copyright dates and add myself as a maintainer
Merge pull request #158 from rails/flavorjones-support-html5-parsing
doc: update README
test: fix tests to accommodate HTML5 parser behavior
feat: add HTML5 variations of the sanitizers
test: reorganize sanitizer tests
move the sanitizers under the Rails::HTML4 namespace
naming: Rails::Html is now Rails::HTML
refactor: extract scrubber logic into composable concerns
prefactor: extract orthogonal sanitizer methods
prefactor: replace Loofah.scrub_fragment with the long form
test: add API coverage for Sanitizer singleton methods
doc: set up .rdoc_options and start marking things :nodoc:
dep: remove rails-dom-testing
ci: add rubocop
Merge pull request #159 from rails/flavorjones-fix-requires
refactor: use require_relative for internal requires
Merge pull request #156 from rails/flavorjones-add-scrubber-test-coverage
ci: now that JRuby passes, let's not ignore errors
test: accommodate jruby nokogiri 1.13 behavior
test: don't use assert_dom_equal and be explicit about assert_nil
test: remove bulk test of all Loofah ALLOWED_ELEMENTS
test: update to accommodate jruby behavior
test: avoid renaming nodes to avoid errors in JRuby
feat: remove Rails::Html::XPATHS_TO_REMOVE
feat: SafeListSanitizer allows "time" tag and "lang" attr
style: scrubber tag and attribute arrays
rubocop: enable Minitest/NoAssertions
Merge pull request #151 from rails/flavorjones-rubocop
style(rubocop): correct all warnings
dep(style): move dev deps into Gemfile and add rubocop
dep: set required_ruby_version to ">= 2.5.0"
dev: update CI to use main as the default branch
Merge pull request #150 from amatsuda/ci
dev: set version to 1.6.0.dev
CI against Ruby 3.2
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
0.4.1
0.4.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 18 commits:
Bump up 0.4.1
Merge pull request #40 from jjb/test-blank-seconds
Merge pull request #39 from jjb/test-nested-exception-identity
Merge pull request #42 from ruby/dependabot/github_actions/actions/checkout-4
Bump actions/checkout from 3 to 4
tests for blank seconds
nested exception tests for discussion
Require Ruby >= 2.6 for the timeout gem
Test that work is done in the same thread/fiber as the caller (#34)
Merge pull request #35 from jjb/patch-1
require ruby version in gemspec
Bump up v0.4.0
Raise exception instead of throw/catch for timeouts (#30)
Move gemspec files to top of lib directory.
Merge pull request #31 from nobu/test-unit-ruby-core
Use released version of test-unit-ruby-core
Merge pull request #29 from ruby/update-test-lib-20230324
Update test libraries from https://github.com/ruby/ruby/commit/b4e438d8aabaf4bba2b27f374c787543fae07c58
๐ base64 (added, 0.2.0)
๐ bigdecimal (added, 3.1.6)
๐ connection_pool (added, 2.4.1)
๐ drb (added, 2.2.1)
๐ io-console (added, 0.7.2)
๐ irb (added, 1.11.2)
๐ mutex_m (added, 0.2.0)
๐ psych (added, 5.1.2)
๐ rack-session (added, 1.0.2)
๐ rackup (added, 1.0.0)
๐ rdoc (added, 6.6.2)
๐ reline (added, 0.4.3)
๐ stringio (added, 3.1.0)
๐ webrick (added, 1.8.1)
๐๏ธ method_source (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands