Automated Bundle Update #7
Conversation
| actionview (= 6.0.0) | ||
| activesupport (= 6.0.0) | ||
| rack (~> 2.0) | ||
| actionpack (6.0.2.1) |
There was a problem hiding this comment.
actionpack
Patch version upgrade 📈🔹 6.0.0 → 6.0.2.1
Commits
A change of 173 commits. See the full changes on the compare page.
These are the first 10 commits:
- (f17d964) Support Rails with sass-rails 6
- (4c8c8cd) Upgrade the maintainance policy
- (ebbef80) Fix missing backtick in maintenance policy version [ci skip]
- (26aabdc) Merge pull request #36969 from AhmedKamal20/patch-1
- (e7bd651) Merge pull request #36981 from tsuka/fix-tag-builder
- (ab91651) Mark Rails 6.0 released notes as done [ci skip] (#36968)
- (55d8460) Keep the name of the releases note consistent
- (70e6ff2) Generate keep file in tmp/pids
- (3fda3f9) Merge pull request #36985 from anmolarora/fix-take-memoizati…
- (e8257e3) Merge pull request #36998 from jhawthorn/reaper_fork
| rack-test (>= 0.6.3) | ||
| rails-dom-testing (~> 2.0) | ||
| rails-html-sanitizer (~> 1.0, >= 1.2.0) | ||
| actionview (6.0.0) | ||
| activesupport (= 6.0.0) | ||
| actionview (6.0.2.1) |
There was a problem hiding this comment.
actionview
Patch version upgrade 📈🔹 6.0.0 → 6.0.2.1
Commits
A change of 173 commits. See the full changes on the compare page.
These are the first 10 commits:
- (f17d964) Support Rails with sass-rails 6
- (4c8c8cd) Upgrade the maintainance policy
- (ebbef80) Fix missing backtick in maintenance policy version [ci skip]
- (26aabdc) Merge pull request #36969 from AhmedKamal20/patch-1
- (e7bd651) Merge pull request #36981 from tsuka/fix-tag-builder
- (ab91651) Mark Rails 6.0 released notes as done [ci skip] (#36968)
- (55d8460) Keep the name of the releases note consistent
- (70e6ff2) Generate keep file in tmp/pids
- (3fda3f9) Merge pull request #36985 from anmolarora/fix-take-memoizati…
- (e8257e3) Merge pull request #36998 from jhawthorn/reaper_fork
| activemodel (= 6.0.0) | ||
| activesupport (= 6.0.0) | ||
| activesupport (6.0.0) | ||
| activemodel (6.0.2.1) |
There was a problem hiding this comment.
activemodel
Patch version upgrade 📈🔹 6.0.0 → 6.0.2.1
Commits
A change of 173 commits. See the full changes on the compare page.
These are the first 10 commits:
- (f17d964) Support Rails with sass-rails 6
- (4c8c8cd) Upgrade the maintainance policy
- (ebbef80) Fix missing backtick in maintenance policy version [ci skip]
- (26aabdc) Merge pull request #36969 from AhmedKamal20/patch-1
- (e7bd651) Merge pull request #36981 from tsuka/fix-tag-builder
- (ab91651) Mark Rails 6.0 released notes as done [ci skip] (#36968)
- (55d8460) Keep the name of the releases note consistent
- (70e6ff2) Generate keep file in tmp/pids
- (3fda3f9) Merge pull request #36985 from anmolarora/fix-take-memoizati…
- (e8257e3) Merge pull request #36998 from jhawthorn/reaper_fork
| activesupport (6.0.0) | ||
| activemodel (6.0.2.1) | ||
| activesupport (= 6.0.2.1) | ||
| activerecord (6.0.2.1) |
There was a problem hiding this comment.
activerecord
Patch version upgrade 📈🔹 6.0.0 → 6.0.2.1
Commits
A change of 173 commits. See the full changes on the compare page.
These are the first 10 commits:
- (f17d964) Support Rails with sass-rails 6
- (4c8c8cd) Upgrade the maintainance policy
- (ebbef80) Fix missing backtick in maintenance policy version [ci skip]
- (26aabdc) Merge pull request #36969 from AhmedKamal20/patch-1
- (e7bd651) Merge pull request #36981 from tsuka/fix-tag-builder
- (ab91651) Mark Rails 6.0 released notes as done [ci skip] (#36968)
- (55d8460) Keep the name of the releases note consistent
- (70e6ff2) Generate keep file in tmp/pids
- (3fda3f9) Merge pull request #36985 from anmolarora/fix-take-memoizati…
- (e8257e3) Merge pull request #36998 from jhawthorn/reaper_fork
| activerecord (6.0.2.1) | ||
| activemodel (= 6.0.2.1) | ||
| activesupport (= 6.0.2.1) | ||
| activesupport (6.0.2.1) |
There was a problem hiding this comment.
activesupport
Patch version upgrade 📈🔹 6.0.0 → 6.0.2.1
Commits
A change of 173 commits. See the full changes on the compare page.
These are the first 10 commits:
- (f17d964) Support Rails with sass-rails 6
- (4c8c8cd) Upgrade the maintainance policy
- (ebbef80) Fix missing backtick in maintenance policy version [ci skip]
- (26aabdc) Merge pull request #36969 from AhmedKamal20/patch-1
- (e7bd651) Merge pull request #36981 from tsuka/fix-tag-builder
- (ab91651) Mark Rails 6.0 released notes as done [ci skip] (#36968)
- (55d8460) Keep the name of the releases note consistent
- (70e6ff2) Generate keep file in tmp/pids
- (3fda3f9) Merge pull request #36985 from anmolarora/fix-take-memoizati…
- (e8257e3) Merge pull request #36998 from jhawthorn/reaper_fork
| zeitwerk (~> 2.1, >= 2.1.8) | ||
| builder (3.2.3) | ||
| zeitwerk (~> 2.2) | ||
| builder (3.2.4) |
There was a problem hiding this comment.
| concurrent-ruby (1.1.5) | ||
| crass (1.0.4) | ||
| crass (1.0.5) |
There was a problem hiding this comment.
crass
Patch version upgrade 📈🔹 1.0.4 → 1.0.5
[change-log, source-code]
Commits
A change of 4 commits. See the full changes on the compare page.
These are the individual commits:
- (074e56f) Update Travis test matrix
- (78d952e) Remove 1.9.3 from the test matrix
- (1608f38) Remove test files and omit them
- (30b9aa4) Release 1.0.5
| double_entry (1.0.1) | ||
| activerecord (>= 3.2.0) | ||
| activesupport (>= 3.2.0) | ||
| money (>= 6.0.0) | ||
| railties (>= 3.2.0) | ||
| erubi (1.8.0) | ||
| i18n (1.6.0) | ||
| erubi (1.9.0) |
There was a problem hiding this comment.
erubi
Minor version upgrade 📈🔶 1.8.0 → 1.9.0
[change-log, source-code]
Commits
A change of 7 commits. See the full changes on the compare page.
These are the individual commits:
- (3962595) CI: Add Ruby 2.6 to the matrix
- (e33a647) Test on TruffleRuby on Travis
- (01ca84b) Test JRuby 9.2 on Travis
- (592cabf) Use minitest-global_expecations in tests to avoid deprecatio…
- (9b7fc05) Try to get Travis passing
- (3db54fc) Change default :bufvar from 'String.new' to '::String.new' t…
- (3be9947) Bump version to 1.9.0
| erubi (1.8.0) | ||
| i18n (1.6.0) | ||
| erubi (1.9.0) | ||
| i18n (1.7.0) |
There was a problem hiding this comment.
i18n
Minor version upgrade 📈🔶 1.6.0 → 1.7.0
Commits
A change of 24 commits. See the full changes on the compare page.
These are the first 10 commits:
- (38a323e) I18n::Backend::Chain#translations merge from all backends
- (daa63b4) Update spec for new behavior of chain backend
- (d298938) Use each_with_object and more descriptive names
- (b7e5195) Merge branch 'master' into patch-1
- (7bfc725) Merge pull request #470 from gburgett/patch-1
- (74a03cc) Raise disabled during boot inside fallback
- (ba83938) Merge pull request #475 from KaanOzkan/raise-disabled
- (69bd4a7) Fix typo :)
- (0c5dab4) Merge pull request #476 from TaigaMikami/master
- (e49d862) #include is public since ruby 2.1
| concurrent-ruby (~> 1.0) | ||
| json (2.2.0) | ||
| json (2.3.0) |
There was a problem hiding this comment.
| jwt (2.1.0) | ||
| jwt_signed_request (2.5.1) | ||
| jwt (>= 1.5.0, < 2.2.0) | ||
| rack | ||
| loofah (2.2.3) | ||
| loofah (2.4.0) |
There was a problem hiding this comment.
loofah
Minor version upgrade 📈🔶 2.2.3 → 2.4.0
[change-log, source-code]
🎉 Patched vulnerabilities:
-
CVE-2019-15587
Loofah XSS VulnerabilityURL: CVE-2019-15587 - Loofah XSS Vulnerability flavorjones/loofah#171
In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
Commits
A change of 56 commits. See the full changes on the compare page.
These are the first 10 commits:
- (5ab19a3) scripts to inspect and compare DOMPurify metadata
- (2f8d33c) reformat
whitelist.rb - (efb182c) expand set of allowed CSS functions
- (a1b1da9) expand allowed protocols to allow
tel:andline: - (cfa40b9) update CHANGELOG
- (d10e630) failing test for high-precision CSS values
- (a56a1ab) Allow greater precision in values of shorthand css elements
- (ef30cfd) update CHANGELOG
- (717655a) Merge branch 'flavorjones-allowlist-changes'
- (b15ea87) remove versioneye from readme
| crass (~> 1.0.2) | ||
| nokogiri (>= 1.5.9) | ||
| method_source (0.9.2) | ||
| mini_portile2 (2.4.0) | ||
| minitest (5.11.3) | ||
| money (6.13.4) | ||
| minitest (5.13.0) |
There was a problem hiding this comment.
minitest
Minor version upgrade 📈🔶 5.11.3 → 5.13.0
[change-log, source-code]
Commits
A change of 46 commits. See the full changes on the compare page.
These are the first 10 commits:
- (005a3ba) Avoid teardown assertion check if test is skipped
- (3f32f02) Converted all minitest/spec tests over to use _ to avoid dep…
- (879dc1c) + Fail gracefully when expectation used outside of
it. - (e6bc448) + Deprecated use of global expectations. To be removed from …
- (1f2b132) + Extended Assertions#mu_pp to encoding validity output for …
- (4103a10) + Deprecated $N for specifying number of parallel test runne…
- (9116a29) - Fixed Assertions#diff from recalculating if set to nil
- (87f33d7) Split tests out into test_minitest_assertions.rb
- (b1578db) Overhauled and sorted test_minitest_assertions.rb in prep fo…
- (b2eebc2) + Changed mu_pp_for_diff to make having both \n and \n easi…
| minitest (5.11.3) | ||
| money (6.13.4) | ||
| minitest (5.13.0) | ||
| money (6.13.6) |
There was a problem hiding this comment.
money
Patch version upgrade 📈🔹 6.13.4 → 6.13.6
Commits
A change of 13 commits. See the full changes on the compare page.
These are the first 10 commits:
- (29813d1) Do not namespace specs with classes and modules (#873)
- (4293055) Update rubies on CI to latest versions (#874)
- (6be1cfb) Raise warning on using Money.default_currency (#882)
- (8754d9a) Raise warning on using default Money.rounding_mode (#883)
- (53f9a6e) Add Second Ouguiya MRU 929 to currency iso file (#853)
- (3fdbbeb) Change dist to trusty to support older rubies (#885)
- (3ca8a3b) Add symbol for UZS (#893)
- (575fdcf) Fix grammar in README.md (#899)
- (57c3da8) Use monitor for recursive mutual exclusion in RatesStore::Me…
- (f5478c1) Allow passing store as a string to Money::Bank::VariableExch…
| i18n (>= 0.6.4, <= 2) | ||
| nokogiri (1.10.4) | ||
| nokogiri (1.10.7) |
There was a problem hiding this comment.
nokogiri
Patch version upgrade 📈🔹 1.10.4 → 1.10.7
🎉 Patched vulnerabilities:
-
CVE-2019-13117
Nokogiri gem, via libxslt, is affected by multiple vulnerabilitiesURL: Investigate libxslt vulnerabilities patched in USN-4164-1 sparklemotion/nokogiri#1943
Nokogiri v1.10.5 has been released. This is a security release. It addresses three CVEs in upstream libxml2, for which details are below. If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to upgrade at this time, though you may want to check with your distro whether they've patched this (Canonical has patched Ubuntu packages). Note that libxslt 1.1.34 addresses these vulnerabilities. Full details about the security update are available in Github Issue [#1943] Investigate libxslt vulnerabilities patched in USN-4164-1 sparklemotion/nokogiri#1943. --- CVE-2019-13117 https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13117.html Priority: Low Description: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. Patched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 --- CVE-2019-13118 https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13118.html Priority: Low Description: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data Patched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b --- CVE-2019-18197 https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18197.html Priority: Medium Description: In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. Patched with commit https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
Commits
A change of 16 commits. See the full changes on the compare page.
These are the first 10 commits:
- (077e010) update rake-compiler commands to install bundler
- (dca794a) update CHANGELOG with correct release date for v1.10.4
- (2a86496) add suppressions for ruby 2.7
- (99d8a6b) dependency: update libxml to 2.9.10 final
- (43a1753) dependency: update libxslt to 1.1.34 final
- (383c1f8) update CHANGELOG
- (1bc2ff9) version bump to v1.10.5
- (061d75d) add security note to CHANGELOG
- (73c53ee) Add a patch to fix libxml2.la's path
- (95e56fd) update CHANGELOG
| mini_portile2 (~> 2.4.0) | ||
| pagerduty (2.1.2) | ||
| json (>= 1.7.7) | ||
| rack (2.0.7) | ||
| rack (2.0.8) |
There was a problem hiding this comment.
rack
Patch version upgrade 📈🔹 2.0.7 → 2.0.8
[change-log, source-code]
🎉 Patched vulnerabilities:
-
CVE-2019-16782
Possible information leak / session hijack vulnerabilityURL: GHSA-hrqr-hxpp-chr3
There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison. Impact: The session id stored in a cookie is the same id that is used when querying the backing session storage engine. Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id. By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.
Commits
A change of 14 commits. See the full changes on the compare page.
These are the first 10 commits:
- (83d4bd1) try to ensure we always have some kind of object
- (77f3aab) remove more nils
- (bb3d486) use session id objects
- (2b205ed) store hashed id, send public id
- (1c7e3b2) remove || raise and get closer to master
- (4e32262) remove NullSession
- (73a5f79) revert conditionals to master
- (dc45a06) Add the private id
- (6a04bbf) Fallback to the legacy id when the new id is not found
- (3ba123d) Also drop the session with the public id when destroying ses…
| railties (6.0.0) | ||
| actionpack (= 6.0.0) | ||
| activesupport (= 6.0.0) | ||
| rails-html-sanitizer (1.3.0) |
There was a problem hiding this comment.
rails-html-sanitizer
Minor version upgrade 📈🔶 1.2.0 → 1.3.0
[change-log, source-code]
Commits
A change of 4 commits. See the full changes on the compare page.
These are the individual commits:
- (43a87f5) Match Loofah's API changes.
- (845da04) Add project metadata to the gemspec
- (65b9f88) Merge pull request #102 from orien/gem-metadata
- (51dc564) v1.3.0
| activesupport (= 6.0.0) | ||
| rails-html-sanitizer (1.3.0) | ||
| loofah (~> 2.3) | ||
| railties (6.0.2.1) |
There was a problem hiding this comment.
railties
Patch version upgrade 📈🔹 6.0.0 → 6.0.2.1
Commits
A change of 173 commits. See the full changes on the compare page.
These are the first 10 commits:
- (f17d964) Support Rails with sass-rails 6
- (4c8c8cd) Upgrade the maintainance policy
- (ebbef80) Fix missing backtick in maintenance policy version [ci skip]
- (26aabdc) Merge pull request #36969 from AhmedKamal20/patch-1
- (e7bd651) Merge pull request #36981 from tsuka/fix-tag-builder
- (ab91651) Mark Rails 6.0 released notes as done [ci skip] (#36968)
- (55d8460) Keep the name of the releases note consistent
- (70e6ff2) Generate keep file in tmp/pids
- (3fda3f9) Merge pull request #36985 from anmolarora/fix-take-memoizati…
- (e8257e3) Merge pull request #36998 from jhawthorn/reaper_fork
| method_source | ||
| rake (>= 0.8.7) | ||
| thor (>= 0.20.3, < 2.0) | ||
| rake (12.3.3) | ||
| thor (0.20.3) | ||
| rake (13.0.1) |
There was a problem hiding this comment.
rake
Major version upgrade 📈❗ 12.3.3 → 13.0.1
Commits
A change of 53 commits. See the full changes on the compare page.
These are the first 10 commits:
- (449766f) Add order only dependency.
- (714a180) Fixed bug: Task raises previous exception on second invokati…
- (282b0d3) Applied requested changes of @yuki24: Chose clean git blame …
- (382e804) feat: add
without_parent_dirtoPackageTask - (a232f02) Update ruby.yml
- (cfc7e48) Enabled build matrix.
- (8017d98) Added Windows and macOS.
- (4206043) Fixed build names.
- (a4dc9e0) Windows env only provide Ruby 2.4+
- (0544f30) setup-ruby is not support macOS env.
| rake (12.3.3) | ||
| thor (0.20.3) | ||
| rake (13.0.1) | ||
| thor (1.0.1) |
There was a problem hiding this comment.
thor
Major version upgrade 📈❗ 0.20.3 → 1.0.1
Commits
A change of 114 commits. See the full changes on the compare page.
These are the first 10 commits:
- (b2b1e7a) Add Thor.deprecation_warning
- (7d199c0) Always check default type. Deprecate incompatible types with…
- (c7e38fd) Add Thor.deprecation_warning
- (cc8e8fd) Deprecate relying on default exit_on_failure? [#621]
- (562629b) Fix typo [ci skip]
- (1ec3eff) Merge pull request #638 from yujideveloper/fix/typo
- (371f2a3) Fix erikhuda/thor#587
- (4344761) Merge pull request #639 from hugocorbucci/master
- (8c57f1d) Do not require did_you_mean
- (d3762d0) Merge pull request #640 from quixoten/patch-1
| thread_safe (0.3.6) | ||
| tzinfo (1.2.5) | ||
| thread_safe (~> 0.1) | ||
| zeitwerk (2.1.9) | ||
| zeitwerk (2.2.2) |
There was a problem hiding this comment.
zeitwerk
Minor version upgrade 📈🔶 2.1.9 → 2.2.2
[change-log, source-code]
Commits
A change of 45 commits. See the full changes on the compare page.
These are the first 10 commits:
- (6c9443a) fixes signature of real_mod_name
- (757dd73) do not mention preloads in the README
- (47a94db) Better error for invalid constant names
- (a6f1a18) explicit begin/rescue & tweaks
- (4857328) Merge branch 'Shopify-handle-invalid-constant-names'
- (d35312f) version 2.1.10
- (8c4aadb) explains why setup before main module definition
- (1b0d316) adds a remark about eager loading and gems
- (585569c) documents a way to extract custom inflectors for gems
- (8c4c7ba) temporarily allow ruby-head to fail in CI
Gems brought up-to-date with ❤️ by Unwrappr.
See individual annotations below for details.