🚨 [security] Update all of rails: 5.2.4.3 → 5.2.4.4 (patch) #643
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ rails (5.2.4.3 → 5.2.4.4) · Repo
Commits
See the full diff on Github. The new version differs by 2 commits:
v5.2.4.4
Fix XSS vulnerability in `translate` helper
Commits
See the full diff on Github. The new version differs by 2 commits:
v5.2.4.4
Fix XSS vulnerability in `translate` helper
Commits
See the full diff on Github. The new version differs by 2 commits:
v5.2.4.4
Fix XSS vulnerability in `translate` helper
Commits
See the full diff on Github. The new version differs by 2 commits:
v5.2.4.4
Fix XSS vulnerability in `translate` helper
Security Advisories 🚨
🚨 Potential XSS vulnerability in Action View
Commits
See the full diff on Github. The new version differs by 2 commits:
v5.2.4.4
Fix XSS vulnerability in `translate` helper
Commits
See the full diff on Github. The new version differs by 2 commits:
v5.2.4.4
Fix XSS vulnerability in `translate` helper
Commits
See the full diff on Github. The new version differs by 2 commits:
v5.2.4.4
Fix XSS vulnerability in `translate` helper
Commits
See the full diff on Github. The new version differs by 2 commits:
v5.2.4.4
Fix XSS vulnerability in `translate` helper
Commits
See the full diff on Github. The new version differs by 2 commits:
v5.2.4.4
Fix XSS vulnerability in `translate` helper
Commits
See the full diff on Github. The new version differs by 2 commits:
v5.2.4.4
Fix XSS vulnerability in `translate` helper
Release Notes
1.1.7 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 42 commits:
Update rake-compiler-dock to add 2.7 build
Add 1.1.7 documentation
Bump version, update doc
Merge pull request #879 from mtsmfm/consider-falsy-in-compute-if-absent
Consider falsy value on `Concurrent::Map#compute_if_absent` fast non-blocking path
Merge pull request #878 from markiz/ma/issue-863
Merge pull request #877 from mikrobi/patch-1
Remove outdated documentation about constructor redefinition when including Concurrent::Async
Update future.md
Update doc
Merge pull request #869 from baweaver/baweaver/cleanup/remove-ruby-2-2-references
Merge pull request #876 from wjordan/fork_async
Merge pull request #856 from ruby-concurrency/segfault
Change license file to txt
Remove ``` from LICENSE.md
Reset Async queue on fork
Removes references to static Ruby versions in docs
Merge pull request #861 from olleolleolle/patch-2
CI: Use jruby-9.2.11.1
Merge pull request #859 from olleolleolle/rubinius-ci-config
CI: Rubinius as rbx-3.107
Merge pull request #853 from fzakaria/faridzakaria/bounded_queue
Merge pull request #858 from shanecav84/patch-1
Merge pull request #857 from olleolleolle/patch-2
Typo
Typo
CI: add jruby-9.2.11.0
Added changelog description
make if condition more ruby-idiomatic
remove 'concurrent/mvar'
RubyThreadLocalVar: rely on GIL on MRI to avoid problems with thread/mutex/queue in finalizers
Fix documentation
remove whitespace
Simply make queue always false when @synchronous
Introduce ThreadPoolExecutor without a Queue
Merge pull request #855 from olleolleolle/patch-2
Do not allow failures on JRuby 9.2.10.0 Latest on Java 11
CI: Use JRuby 9.2.10.0
Merge pull request #854 from bjfish/fix-argument-prefix-warnings
Fix argument prefix warning
Merge pull request #852 from fzakaria/remove-unused-line
Remove unused line
Release Notes
1.8.4
1.8.3
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 49 commits:
Bump to 1.8.5
add script to run a single file's tests
Merge pull request #537 from stereosupersonic/bugfix-custom-fallback-class
Improve fallback comment
clearer comment
Update fallbacks_test.rb
fix tests
bugfix custom fallback class
Reset load_path to nil in setup
Bump to 1.8.4
Merge pull request #535 from ruby-i18n/fallbacks
Always instantiate I18n::Locale::Fallbacks objects when using I18n.fallbacks=
Ensure documentation for fallbacks reflects reality
Merge pull request #532 from ruby-i18n/deprecate-constant
Can we call deprecate_constant without checking respond_to?
Merge pull request #531 from Fatsoma/deprecate_constant_interpolation_pattern
Fix deprecate_constant INTERPOLATION_PATTERN
Bump to 1.8.3
Merge pull request #528 from krzysiek1507/feature/optimize-normalize_flat_keys
Merge pull request #519 from fabiosammy/fix-pluralize-on-unknown-locale-with-attributes
Merge pull request #520 from piecehealth/kang
Merge pull request #529 from Shopify/callback-keyword-args
Use Ruby 2.7.1
Trigger actions on pull requests to master
Pass options as keyword arguments to translation procs
Bump Rake to v13
Bump rake to v13
Merge pull request #527 from krzysiek1507/fix/speed-and-memory-optimizations
Optimize normalize_flat_keys
Use flat_map instead of map.flatten in defaults
Reduce memory usage in compute
Reduce memory usage in Tag::Parents module
Map in-place subtags
Use flat_map instead of map.flatten in normalize_key
Merge pull request #526 from amatsuda/kwargs_args
Double-splat the arguments for I18n.translate
Merge pull request #524 from ruby-i18n/revert-521-fix-ruby27-deprecation-warning-in-proc-call
Revert "Fix Ruby 2.7 keyword arguments related deprecation warning in Proc call"
Merge pull request #521 from beamtech/fix-ruby27-deprecation-warning-in-proc-call
Merge pull request #523 from sandstrom/patch-1
Misc readme updates
Provide "I18n::Backend::Fallbacks#on_fallback" hook to allow users to add specified logic when the fallback succeeds.
Added double splat to resolve deprecation warning
Add reject to remove attributes from entry
Add the test to fail
Merge pull request #482 from jeffjyang/add-i18n-exist-check-without-fallback
Switch to new GitHub issue template
Update issue templates
Merge pull request #509 from vipera/fix-chain-fallback-backends
Release Notes
2.7.0
2.6.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 20 commits:
version bump to v2.7.0
Merge pull request #190 from ahorek/page_break
update CHANGELOG
add page-break to safelist
Merge pull request #192 from b7kich/maintain_shorthand_css_important_rule
update CHANGELOG
prefer Array#<< to creating a new array
scrub_css should not drop `!important` from shorthand css props
update json dev dependency
version bump to v2.6.0
ci: update pipeline icon to "cog"
update CHANGELOG
dep: update to hoe-markdown ~> v1.2
ci: remove serial group on PR pipeline
Merge pull request #188 from pipefy/add-css-keywords
order alphabeticaly
ci: update github icons
maintenance: use hoe-markdown to manage markdown files
packaging: update gemspec changelog URL
add border keywords
Release Notes
5.14.2 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 4 commits:
prepped for release
- Bumped ruby version to include 3.0 (trunk).
whitespace
I am an idiot... fixed a last-day-of-month testing bug. I don't think I've done that in 15+ years. :P
Release Notes
2.5.3 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 37 commits:
Bump version.
Remove ancient appveyor config.
Prepare CHANGES.md for next release.
fix for #241
Fix Actions CI for macOS
ssl_socket_spec.rb - move require inside block
Fixes for use when OpenSSL is not loaded
Fix warning: Use `result.unpack1("i")` instead of `result.unpack("i").first`. (convention:Style/UnpackFirst)
Setting 'Enabled: false' for the new cops of Rubocop
Fix warning: Metrics/LineLength has the wrong namespace - should be Layout
Update rubocop version to 2.4
Fix warning: The `Lint/HandleExceptions` cop has been renamed to `Lint/SuppressedException`.
Fix warning: The `Layout/AlignHash` cop has been renamed to `Layout/HashAlignment`
Bumb Rubocop to 0.82.0
Use truffleruby-head in CI
CI: Exclude TruffleRuby on Windows
Remove travis config and update github actions.
Update travis configuration.
Add ruby 2.7
Merge pull request #234 from MSP-Greg/add-actions
Remove redundant jobs from AppVeyor
Remove redundant jobs from Travis
Add Actions CI - workflow.yml
extconf.rb - add devkit for mingw
Fix Warning: unrecognized cop Performance/RegexpMatch found in .rubocop.yml
Fix Lint/UnneededCopEnableDirective
Fix Naming/RescuedExceptionsVariableName
Fix Lint/UnneededCopEnableDirective
disable Layout/AlignHash
Fix Style/ExpandPathArguments
Fix Layout/EmptyLineAfterGuardClause
Fix Style/ExpandPathArguments
bump rubocop to 0.74.0
CI: Add 2.7 to the matrix
Polish examples/echo_server.rb
Update CHANGES.md
Update CHANGES.md
Release Notes
1.10.10
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 5 commits:
version bump to v1.10.10
update CHANGELOG for v1.10.10
Merge branch '2029-windows-support-for-ruby-27-on-v110x' into v1.10.x
Support fat binary gems for ruby-2.7
ci: only manage the v1.10.x pipeline on this branch
Security Advisories 🚨
🚨 Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Commits
See the full diff on Github. The new version differs by 2 commits:
bump version
When parsing cookies, only decode the values
Commits
See the full diff on Github. The new version differs by 2 commits:
v5.2.4.4
Fix XSS vulnerability in `translate` helper
Release Notes
0.7.3 (from changelog)
0.7.2 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 9 commits:
Bump version to 0.7.3
Accept HTTP responses that have an empty reason-phrase, per RFC 2616
Bump version to 0.7.2
Set {source,target}_version to work with the current version of javac on macOS
Update Ruby versions 2.4 to 2.7 on Travis
Allow rack.input.read to return a frozen string
Emit ping and pong events from the Server driver
Mention license change in the changelog
Formatting change: {...} should have spaces inside the braces
Security Advisories 🚨
🚨 Regular Expression Denial of Service in websocket-extensions (RubyGem)
Release Notes
0.1.5 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 6 commits:
Bump version to 0.1.5
Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser
Test on JRuby 9.{0,1,2} rather than "head"
Update Ruby versions 2.4 to 2.7 on Travis
Mention license change in the changelog
Formatting change: {...} should have spaces inside the braces
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands