Automated Bundle Update #6
Conversation
| actionpack (5.2.2.1) | ||
| actionview (= 5.2.2.1) | ||
| activesupport (= 5.2.2.1) | ||
| actionpack (6.0.0) |
There was a problem hiding this comment.
actionpack
Major version upgrade 📈❗ 5.2.2.1 → 6.0.0
Commits
A change of 7275 commits. See the full changes on the compare page.
These are the first 10 commits:
- (045b307) Merge pull request #36159 from sharang-d/update-getting-star…
- (18e684b) Merge pull request #36152 from prathamesh-sonpatki/active-su…
- (fa94115) Merge pull request #36166 from alexcameron89/add_action_cabl…
- (d846e30) Merge pull request #36172 from tgxworld/recover_pluck_perf
- (485de3d) Merge pull request #36169 from prathamesh-sonpatki/backport-…
- (72999db) Make generated test work even when using virtual attributes
- (ffefb6d) Merge pull request #36190 from kamipo/should_attempt_tx_call…
- (7b00308) Fix a bug where DebugExceptions errors out when malformed qu…
- (d0a7460) Merge pull request #36196 from st0012/fix-29947
- (5768921) documents autoloading in the upgrading guide [ci skip]
| actionview (5.2.2.1) | ||
| activesupport (= 5.2.2.1) | ||
| rails-html-sanitizer (~> 1.0, >= 1.2.0) | ||
| actionview (6.0.0) |
There was a problem hiding this comment.
actionview
Major version upgrade 📈❗ 5.2.2.1 → 6.0.0
Commits
A change of 7275 commits. See the full changes on the compare page.
These are the first 10 commits:
- (045b307) Merge pull request #36159 from sharang-d/update-getting-star…
- (18e684b) Merge pull request #36152 from prathamesh-sonpatki/active-su…
- (fa94115) Merge pull request #36166 from alexcameron89/add_action_cabl…
- (d846e30) Merge pull request #36172 from tgxworld/recover_pluck_perf
- (485de3d) Merge pull request #36169 from prathamesh-sonpatki/backport-…
- (72999db) Make generated test work even when using virtual attributes
- (ffefb6d) Merge pull request #36190 from kamipo/should_attempt_tx_call…
- (7b00308) Fix a bug where DebugExceptions errors out when malformed qu…
- (d0a7460) Merge pull request #36196 from st0012/fix-29947
- (5768921) documents autoloading in the upgrading guide [ci skip]
| arel (>= 9.0) | ||
| activesupport (5.2.2.1) | ||
| rails-html-sanitizer (~> 1.1, >= 1.2.0) | ||
| activemodel (6.0.0) |
There was a problem hiding this comment.
activemodel
Major version upgrade 📈❗ 5.2.2.1 → 6.0.0
Commits
A change of 7275 commits. See the full changes on the compare page.
These are the first 10 commits:
- (045b307) Merge pull request #36159 from sharang-d/update-getting-star…
- (18e684b) Merge pull request #36152 from prathamesh-sonpatki/active-su…
- (fa94115) Merge pull request #36166 from alexcameron89/add_action_cabl…
- (d846e30) Merge pull request #36172 from tgxworld/recover_pluck_perf
- (485de3d) Merge pull request #36169 from prathamesh-sonpatki/backport-…
- (72999db) Make generated test work even when using virtual attributes
- (ffefb6d) Merge pull request #36190 from kamipo/should_attempt_tx_call…
- (7b00308) Fix a bug where DebugExceptions errors out when malformed qu…
- (d0a7460) Merge pull request #36196 from st0012/fix-29947
- (5768921) documents autoloading in the upgrading guide [ci skip]
| rails-html-sanitizer (~> 1.1, >= 1.2.0) | ||
| activemodel (6.0.0) | ||
| activesupport (= 6.0.0) | ||
| activerecord (6.0.0) |
There was a problem hiding this comment.
activerecord
Major version upgrade 📈❗ 5.2.2.1 → 6.0.0
Commits
A change of 7275 commits. See the full changes on the compare page.
These are the first 10 commits:
- (045b307) Merge pull request #36159 from sharang-d/update-getting-star…
- (18e684b) Merge pull request #36152 from prathamesh-sonpatki/active-su…
- (fa94115) Merge pull request #36166 from alexcameron89/add_action_cabl…
- (d846e30) Merge pull request #36172 from tgxworld/recover_pluck_perf
- (485de3d) Merge pull request #36169 from prathamesh-sonpatki/backport-…
- (72999db) Make generated test work even when using virtual attributes
- (ffefb6d) Merge pull request #36190 from kamipo/should_attempt_tx_call…
- (7b00308) Fix a bug where DebugExceptions errors out when malformed qu…
- (d0a7460) Merge pull request #36196 from st0012/fix-29947
- (5768921) documents autoloading in the upgrading guide [ci skip]
| activerecord (6.0.0) | ||
| activemodel (= 6.0.0) | ||
| activesupport (= 6.0.0) | ||
| activesupport (6.0.0) |
There was a problem hiding this comment.
activesupport
Major version upgrade 📈❗ 5.2.2.1 → 6.0.0
Commits
A change of 7275 commits. See the full changes on the compare page.
These are the first 10 commits:
- (045b307) Merge pull request #36159 from sharang-d/update-getting-star…
- (18e684b) Merge pull request #36152 from prathamesh-sonpatki/active-su…
- (fa94115) Merge pull request #36166 from alexcameron89/add_action_cabl…
- (d846e30) Merge pull request #36172 from tgxworld/recover_pluck_perf
- (485de3d) Merge pull request #36169 from prathamesh-sonpatki/backport-…
- (72999db) Make generated test work even when using virtual attributes
- (ffefb6d) Merge pull request #36190 from kamipo/should_attempt_tx_call…
- (7b00308) Fix a bug where DebugExceptions errors out when malformed qu…
- (d0a7460) Merge pull request #36196 from st0012/fix-29947
- (5768921) documents autoloading in the upgrading guide [ci skip]
| concurrent-ruby (~> 1.0, >= 1.0.2) | ||
| i18n (>= 0.7, < 2) | ||
| minitest (~> 5.1) | ||
| tzinfo (~> 1.1) | ||
| arel (9.0.0) |
There was a problem hiding this comment.
| @@ -48,32 +47,33 @@ GEM | |||
| method_source (0.9.2) | |||
| mini_portile2 (2.4.0) | |||
| minitest (5.11.3) | |||
| money (6.13.2) | |||
| money (6.13.4) | |||
There was a problem hiding this comment.
money
Patch version upgrade 📈🔹 6.13.2 → 6.13.4
Commits
A change of 12 commits. See the full changes on the compare page.
These are the first 10 commits:
- (4340099) Only include required files in the packaged gem (#844)
- (422172a) Use Currency::Loader directly without extending (#845)
- (faa0323) Add Money.with_rounding_mode as a replacement for Money.roud…
- (1fc2c08) Fix currency search for two digit currencies (#856)
- (c4b59a1) Raise explicit errors for +/- operations (#852)
- (f5d1f12) Update version to 6.13.3
- (421d0bc) Typo in changelog (#861)
- (6cbddd4) Fix typo in README (#865)
- (3bae6b0) Fix typo in arithmetic spec's docstring (#864)
- (e4d2a58) Do not modify passed-in options in FormattingRules (#869)
| i18n (>= 0.6.4, <= 2) | ||
| nokogiri (1.10.1) | ||
| nokogiri (1.10.4) |
There was a problem hiding this comment.
nokogiri
Patch version upgrade 📈🔹 1.10.1 → 1.10.4
[change-log, source-code]
🎉 Patched vulnerabilities:
-
CVE-2019-5477
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_fileURL: CVE-2019-5477 - Nokogiri Command Injection Vulnerability sparklemotion/nokogiri#1915
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's
Kernel.openmethod. Processes are vulnerable only if the undocumented methodNokogiri::CSS::Tokenizer#load_fileis being passed untrusted user input. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4. Upgrade to Nokogiri v1.10.4, or avoid calling the undocumented methodNokogiri::CSS::Tokenizer#load_filewith untrusted user input. -
CVE-2019-11068
Nokogiri gem, via libxslt, is affected by improper access control vulnerabilityURL: Investigate Ubuntu libxslt patches in USN-3947-1 and USN-3947-2 sparklemotion/nokogiri#1892
Nokogiri v1.10.3 has been released. This is a security release. It addresses a CVE in upstream libxslt rated as "Priority: medium" by Canonical, and "NVD Severity: high" by Debian. More details are available below. If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to upgrade at this time, though you may want to check with your distro whether they've patched this (Canonical has patched Ubuntu packages). Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt. Full details about the security update are available in Github Issue [#1892] Investigate Ubuntu libxslt patches in USN-3947-1 and USN-3947-2 sparklemotion/nokogiri#1892. --- CVE-2019-11068 Permalinks are: - Canonical: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068 - Debian: https://security-tracker.debian.org/tracker/CVE-2019-11068 Description: > libxslt through 1.1.33 allows bypass of a protection mechanism > because callers of xsltCheckRead and xsltCheckWrite permit access > even upon receiving a -1 error code. xsltCheckRead can return -1 for > a crafted URL that is not actually invalid and is subsequently > loaded. Canonical rates this as "Priority: Medium". Debian rates this as "NVD Severity: High (attack range: remote)".
Commits
A change of 86 commits. See the full changes on the compare page.
These are the first 10 commits:
- (18ffedc) fix CHANGELOG typo
- (f4cc5a7) concourse: remove concourse generate file
- (8899dad) dependency: update concourse gem
- (b9c4e1e) concourse: commit generated pipeline file
- (bada964) omit CODE_OF_CONDUCT.md from Hoe manifest
- (609cdde) Rakefile: remove
compileas a prereq fortest - (6d7c6f7) concourse: job to build a gem, and test installing it
- (f8d8cd6) Merge branch '1845-automate-gem-building-and-testing'
- (72a58dc) make sure we invoke the
compilerake task where necessary - (1647bd0) README: update with
rake compile test
| mini_portile2 (~> 2.4.0) | ||
| pagerduty (2.1.2) | ||
| json (>= 1.7.7) | ||
| rack (2.0.6) | ||
| rack (2.0.7) |
There was a problem hiding this comment.
rack
Patch version upgrade 📈🔹 2.0.6 → 2.0.7
[change-log, source-code]
Commits
A change of 4 commits. See the full changes on the compare page.
These are the individual commits:
| rack-test (1.1.0) | ||
| rack (>= 1.0, < 3) | ||
| rails-dom-testing (2.0.3) | ||
| activesupport (>= 4.2.0) | ||
| nokogiri (>= 1.6) | ||
| rails-html-sanitizer (1.0.4) | ||
| rails-html-sanitizer (1.2.0) |
There was a problem hiding this comment.
rails-html-sanitizer
Minor version upgrade 📈🔶 1.0.4 → 1.2.0
[change-log, source-code]
Commits
A change of 26 commits. See the full changes on the compare page.
These are the first 10 commits:
- (4ccc774) [CI] Test against Ruby 2.5
- (e4e6cab) [CI] Allow failure with ruby head
- (fc5fd28) Merge pull request #71 from nicolasleger/patch-1
- (d4d823c) [ci skip] Please don't send more PRs trying to bump Loofah.
- (cba410f) Fix Nokogiri link in documentation
- (f82bfd2) Merge pull request #86 from tebs/fix-documentation-link
- (89ae177) Use a inclusive Bundler version
- (630d2f7) Update Ruby version matrix on CI
- (ccb51ce) Merge pull request #88 from JuanitoFatas/jf.relax-bundler-de…
- (7d30b71) Merge pull request #89 from JuanitoFatas/rubies
| railties (5.2.2.1) | ||
| actionpack (= 5.2.2.1) | ||
| activesupport (= 5.2.2.1) | ||
| railties (6.0.0) |
There was a problem hiding this comment.
railties
Major version upgrade 📈❗ 5.2.2.1 → 6.0.0
Commits
A change of 7275 commits. See the full changes on the compare page.
These are the first 10 commits:
- (045b307) Merge pull request #36159 from sharang-d/update-getting-star…
- (18e684b) Merge pull request #36152 from prathamesh-sonpatki/active-su…
- (fa94115) Merge pull request #36166 from alexcameron89/add_action_cabl…
- (d846e30) Merge pull request #36172 from tgxworld/recover_pluck_perf
- (485de3d) Merge pull request #36169 from prathamesh-sonpatki/backport-…
- (72999db) Make generated test work even when using virtual attributes
- (ffefb6d) Merge pull request #36190 from kamipo/should_attempt_tx_call…
- (7b00308) Fix a bug where DebugExceptions errors out when malformed qu…
- (d0a7460) Merge pull request #36196 from st0012/fix-29947
- (5768921) documents autoloading in the upgrading guide [ci skip]
| thor (>= 0.19.0, < 2.0) | ||
| rake (12.3.2) | ||
| thor (>= 0.20.3, < 2.0) | ||
| rake (12.3.3) |
There was a problem hiding this comment.
rake
Patch version upgrade 📈🔹 12.3.2 → 12.3.3
[change-log, source-code]
Commits
A change of 25 commits. See the full changes on the compare page.
These are the first 10 commits:
- (3d5a5be) Add ruby 2.6.0 to .travis.yml
- (d21463c) Merge pull request #300 from ruby/colby/add-ruby-2.6
- (799d847) fix outstanding rubocop warnings
- (9d9b431) Merge pull request #301 from ruby/colby/update-rubocop
- (d28957d) Use the application's name in error message if a task is not…
- (67ced2f) Merge pull request #303 from tmatilai/app-name-in-error
- (7b75d7a) Use Ruby 2.6.1
- (91e4b80) Merge pull request #305 from aycabta/use-2.6.1
- (aec6e97) Set up CI with Azure Pipelines
- (48a5f2e) Applied matrix build for the multiple platforms.
| thor (0.20.3) | ||
| thread_safe (0.3.6) | ||
| tzinfo (1.2.5) | ||
| thread_safe (~> 0.1) | ||
| zxcvbn-ruby (0.1.2) | ||
| zeitwerk (2.1.9) |
There was a problem hiding this comment.
| thor (0.20.3) | ||
| thread_safe (0.3.6) | ||
| tzinfo (1.2.5) | ||
| thread_safe (~> 0.1) | ||
| zxcvbn-ruby (0.1.2) | ||
| zeitwerk (2.1.9) | ||
| zxcvbn-ruby (1.0.0) |
There was a problem hiding this comment.
zxcvbn-ruby
Major version upgrade 📈❗ 0.1.2 → 1.0.0
[change-log, source-code]
Commits
A change of 16 commits. See the full changes on the compare page.
These are the first 10 commits:
- (df2ae63) Adding license info to the gemspec.
- (431f514) Add a "FeedbackGiver" and "Feedback" class for feedback
- (1a4fb8a) Improve descriptiveness of some comments
- (1e23e5f) Remove branches for unsupported feedback indicators
- (25a4415) Remove handler for the unsupported multi-character repeat ma…
- (9f46af7) Cover the rest of the FeedbackGiver in specs
- (e47b763) Remove Ruby 2.4isms because 1.9 is still a target here
- (134c4a3) Update Readme and pretty-print examples
- (fc69afd) Merge pull request #21 from reiz/patch-1
- (e156c7a) adding in supported ruby versions (2.3 +)
Gems brought up-to-date with ❤️ by Unwrappr.
See individual annotations below for details.