Bump the bundler group across 1 directory with 14 updates#860
Open
dependabot[bot] wants to merge 1 commit into
Open
Bump the bundler group across 1 directory with 14 updates#860dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the bundler group with 9 updates in the /backend directory: | Package | From | To | | --- | --- | --- | | [puma](https://github.com/puma/puma) | `5.6.8` | `7.2.1` | | [devise](https://github.com/heartcombo/devise) | `4.9.4` | `5.0.4` | | [rack-cors](https://github.com/cyu/rack-cors) | `2.0.1` | `2.0.2` | | [addressable](https://github.com/sporkmonger/addressable) | `2.8.7` | `2.9.0` | | [faraday](https://github.com/lostisland/faraday) | `1.8.0` | `1.10.6` | | [jwt](https://github.com/jwt/ruby-jwt) | `2.3.0` | `2.10.3` | | [net-imap](https://github.com/ruby/net-imap) | `0.5.12` | `0.5.15` | | [websocket-driver](https://github.com/faye/websocket-driver-ruby) | `0.7.6` | `0.8.1` | | [yard](https://github.com/lsegal/yard) | `0.9.36` | `0.9.44` | Updates `puma` from 5.6.8 to 7.2.1 - [Release notes](https://github.com/puma/puma/releases) - [Changelog](https://github.com/puma/puma/blob/main/History.md) - [Commits](puma/puma@v5.6.8...v7.2.1) Updates `devise` from 4.9.4 to 5.0.4 - [Release notes](https://github.com/heartcombo/devise/releases) - [Changelog](https://github.com/heartcombo/devise/blob/main/CHANGELOG.md) - [Commits](heartcombo/devise@v4.9.4...v5.0.4) Updates `rack-cors` from 2.0.1 to 2.0.2 - [Changelog](https://github.com/cyu/rack-cors/blob/master/CHANGELOG.md) - [Commits](cyu/rack-cors@v2.0.1...v2.0.2) Updates `addressable` from 2.8.7 to 2.9.0 - [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md) - [Commits](sporkmonger/addressable@addressable-2.8.7...addressable-2.9.0) Updates `bcrypt` from 3.1.20 to 3.1.22 - [Release notes](https://github.com/bcrypt-ruby/bcrypt-ruby/releases) - [Changelog](https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG) - [Commits](bcrypt-ruby/bcrypt-ruby@v3.1.20...v3.1.22) Updates `concurrent-ruby` from 1.3.5 to 1.3.7 - [Release notes](https://github.com/ruby-concurrency/concurrent-ruby/releases) - [Changelog](https://github.com/ruby-concurrency/concurrent-ruby/blob/master/CHANGELOG.md) - [Commits](ruby-concurrency/concurrent-ruby@v1.3.5...v1.3.7) Updates `erb` from 6.0.0 to 6.0.4 - [Release notes](https://github.com/ruby/erb/releases) - [Changelog](https://github.com/ruby/erb/blob/master/NEWS.md) - [Commits](ruby/erb@v6.0.0...v6.0.4) Updates `faraday` from 1.8.0 to 1.10.6 - [Release notes](https://github.com/lostisland/faraday/releases) - [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md) - [Commits](lostisland/faraday@v1.8.0...v1.10.6) Updates `jwt` from 2.3.0 to 2.10.3 - [Release notes](https://github.com/jwt/ruby-jwt/releases) - [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md) - [Commits](jwt/ruby-jwt@v2.3.0...v2.10.3) Updates `net-imap` from 0.5.12 to 0.5.15 - [Release notes](https://github.com/ruby/net-imap/releases) - [Commits](ruby/net-imap@v0.5.12...v0.5.15) Updates `nokogiri` from 1.18.10 to 1.19.4 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.18.10...v1.19.4) Updates `rack` from 2.2.21 to 3.2.6 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.21...v3.2.6) Updates `websocket-driver` from 0.7.6 to 0.8.1 - [Changelog](https://github.com/faye/websocket-driver-ruby/blob/main/CHANGELOG.md) - [Commits](faye/websocket-driver-ruby@0.7.6...0.8.1) Updates `yard` from 0.9.36 to 0.9.44 - [Release notes](https://github.com/lsegal/yard/releases) - [Changelog](https://github.com/lsegal/yard/blob/main/CHANGELOG.md) - [Commits](lsegal/yard@v0.9.36...v0.9.44) --- updated-dependencies: - dependency-name: puma dependency-version: 7.2.1 dependency-type: direct:production dependency-group: bundler - dependency-name: devise dependency-version: 5.0.4 dependency-type: direct:production dependency-group: bundler - dependency-name: rack-cors dependency-version: 2.0.2 dependency-type: direct:production dependency-group: bundler - dependency-name: addressable dependency-version: 2.9.0 dependency-type: indirect dependency-group: bundler - dependency-name: bcrypt dependency-version: 3.1.22 dependency-type: indirect dependency-group: bundler - dependency-name: concurrent-ruby dependency-version: 1.3.7 dependency-type: indirect dependency-group: bundler - dependency-name: erb dependency-version: 6.0.4 dependency-type: indirect dependency-group: bundler - dependency-name: faraday dependency-version: 1.10.6 dependency-type: indirect dependency-group: bundler - dependency-name: jwt dependency-version: 2.10.3 dependency-type: indirect dependency-group: bundler - dependency-name: net-imap dependency-version: 0.5.15 dependency-type: indirect dependency-group: bundler - dependency-name: nokogiri dependency-version: 1.19.4 dependency-type: indirect dependency-group: bundler - dependency-name: rack dependency-version: 3.2.6 dependency-type: indirect dependency-group: bundler - dependency-name: websocket-driver dependency-version: 0.8.1 dependency-type: indirect dependency-group: bundler - dependency-name: yard dependency-version: 0.9.44 dependency-type: indirect dependency-group: bundler ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the bundler group with 9 updates in the /backend directory:
5.6.87.2.14.9.45.0.42.0.12.0.22.8.72.9.01.8.01.10.62.3.02.10.30.5.120.5.150.7.60.8.10.9.360.9.44Updates
pumafrom 5.6.8 to 7.2.1Release notes
Sourced from puma's releases.
... (truncated)
Changelog
Sourced from puma's changelog.
... (truncated)
Commits
92754acRelease v7.2.1 (#3948)ebe9db37.2.1 backport (#3947)96b5aa6v7.2.0 (#3864)5d7d1ddAdd workers :auto (#3827)b8c4783ci: fix ci - removeappend_as_byteslogic, misc changes (#3861)44a3ac4Fix PR label manager when maintainer comments [ci skip] (#3863)43f5d89Add GOVERNANCE.md, MAINTAINERS (#3826)21afa66Use Minitest 6 where applicable (#3859)ec7dd61ci: Update test_http11.rb for TruffleRuby - string size (#3860)fa89dbeci: addruby 4.0andrails 8.1(#3852)Updates
devisefrom 4.9.4 to 5.0.4Release notes
Sourced from devise's releases.
Changelog
Sourced from devise's changelog.
... (truncated)
Commits
9ea459dRelease v5.0.4 with sec fix for timeoutable025fe21Merge commit from fork7ca7ed9Add GHSA link to the v5.0.3 sec fix changelog entry [ci skip]605de86Update links to https [ci skip]5e3a8bfBundle update5d20277Cleanup old Rails.version check for db migration path4ffb0b7Fix Gemfile for Rails 7.2, incorrectly testing against 7.12f80920Release v5.0.35334707Add CVE to changelog [ci skip]0252777Fix race condition vulnerability, by ensuring theunconfirmed_emailis alwa...Updates
rack-corsfrom 2.0.1 to 2.0.2Changelog
Sourced from rack-cors's changelog.
Commits
8780639Update changelog7231de7Bump rack-cors to 2.0.2b30b86dFix rubocope823594Fix typo in README.md (#267)8f50607Escape $ in ressource paths compile (#270)555ac46Mocha 2.0+ / Minitest 5.19+ compatibility (#266)202b85dExclude test in gemb0e06a0Move Host matching note into troubleshooting507894eFix test (#262)Updates
addressablefrom 2.8.7 to 2.9.0Changelog
Sourced from addressable's changelog.
Commits
0c3e858Revving version and changelog91915c1Fixing additional vulnerable pathsa091e39Add many more adversarial test cases to ensure we don't have any ReDoS regres...463a819Regenerate gemspec on newer rubygems0afcb0bImprove from O(n^2) to O(n)c87f768Fix a ReDoS vulnerability in URI template matching0d7e9b2Fix links for 2.8.9 in CHANGELOG (#573)e209120Update version, gemspec, and CHANGELOG for 2.8.9 (#572)3875874Reduce gem size by excluding test files (#569)3e57cc6CI: back towindows-2022for MRI jobUpdates
bcryptfrom 3.1.20 to 3.1.22Release notes
Sourced from bcrypt's releases.
Changelog
Sourced from bcrypt's changelog.
Commits
831ce64Merge commit from fork32e687ebump version update changelog5faa274Fix integer overflow in JRuby BCrypt rounds calculationaafc033Merge pull request #294 from bcrypt-ruby/fix-publishing01f947afix env url92ca1d6Merge pull request #293 from bcrypt-ruby/truffleruby-ci-alt-implementation4d1d95bAdd TruffleRuby in CI36a04a2Merge pull request #291 from tenderlove/fix-publishing01cc688Move compilation after bundle install82e6c4cMerge pull request #290 from tenderlove/bumpUpdates
concurrent-rubyfrom 1.3.5 to 1.3.7Release notes
Sourced from concurrent-ruby's releases.
Changelog
Sourced from concurrent-ruby's changelog.
Commits
4c8fc28Release 1.3.7d91ca94Fix AtomicReference#update livelock when stored value is Float::NAN on JRuby ...7e4d711FixReentrantReadWriteLockread hold overflow into write-lock bit6e37e06FixAtomicReference#updatelivelock when stored value isFloat::NAN2825cfaCleanup spec3fd4932FixReadWriteLockwrong-thread write release and stray read release1974b47Add Ruby 4.0 in CIdf8706dAdd SECURITY.md (#1104)7a1b789Bump actions/upload-pages-artifact from 4 to 59b2dbf7Bump actions/deploy-pages from 4 to 5Updates
erbfrom 6.0.0 to 6.0.4Release notes
Sourced from erb's releases.
... (truncated)
Changelog
Sourced from erb's changelog.
Commits
4d2b45eVersion 6.0.49d017beProhibit def_method on marshal-loaded ERB instances9c8fa8aVersion 6.0.30ebc6aeBump rubygems/release-gem from 1.1.2 to 1.2.025a729aBump step-security/harden-runner from 2.15.0 to 2.16.19820802Bump actions/create-github-app-token from 2 to 32611366Bump lewagon/wait-on-check-action from 1.5.0 to 1.6.0890d87fUse github.token instead of missing MATZBOT_DEPENDABOT_MERGE_TOKEN secretafc32b6Fix dependabot auto-merge by using GH_TOKEN env var2fd0a6bfix: exclude some files from published gem (#108)Updates
faradayfrom 1.8.0 to 1.10.6Release notes
Sourced from faraday's releases.
... (truncated)
Changelog
Sourced from faraday's changelog.
... (truncated)
Commits
3194de5v1.10.6dd10c0dBackport GHSA-98m9-hrrm-r99r fix to 1.x: add param_depth_limit to NestedParam...6230807See if tests pass against Ruby 3.3 (#1677)<...Description has been truncated