Skip to content
This repository has been archived by the owner on Jun 26, 2023. It is now read-only.

Automated Bundle Update #7

Merged
merged 1 commit into from
Dec 19, 2019
Merged

Conversation

johnsyweb
Copy link
Contributor

Gems brought up-to-date with ❤️ by Unwrappr.
See individual annotations below for details.

actionview (= 6.0.0)
activesupport (= 6.0.0)
rack (~> 2.0)
actionpack (6.0.2.1)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actionview (6.0.0)
activesupport (= 6.0.0)
actionview (6.0.2.1)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

activemodel (= 6.0.0)
activesupport (= 6.0.0)
activesupport (6.0.0)
activemodel (6.0.2.1)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

activesupport (6.0.0)
activemodel (6.0.2.1)
activesupport (= 6.0.2.1)
activerecord (6.0.2.1)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

activerecord (6.0.2.1)
activemodel (= 6.0.2.1)
activesupport (= 6.0.2.1)
activesupport (6.0.2.1)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zeitwerk (~> 2.1, >= 2.1.8)
builder (3.2.3)
zeitwerk (~> 2.2)
builder (3.2.4)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

builder

Patch version upgrade 📈🔹 3.2.3 → 3.2.4

[change-log, source-code]

concurrent-ruby (1.1.5)
crass (1.0.4)
crass (1.0.5)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

crass

Patch version upgrade 📈🔹 1.0.4 → 1.0.5

[change-log, source-code]

Commits

A change of 4 commits. See the full changes on the compare page.

These are the individual commits:

double_entry (1.0.1)
activerecord (>= 3.2.0)
activesupport (>= 3.2.0)
money (>= 6.0.0)
railties (>= 3.2.0)
erubi (1.8.0)
i18n (1.6.0)
erubi (1.9.0)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

erubi

Minor version upgrade 📈🔶 1.8.0 → 1.9.0

[change-log, source-code]

Commits

A change of 7 commits. See the full changes on the compare page.

These are the individual commits:

erubi (1.8.0)
i18n (1.6.0)
erubi (1.9.0)
i18n (1.7.0)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

concurrent-ruby (~> 1.0)
json (2.2.0)
json (2.3.0)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

json

Minor version upgrade 📈🔶 2.2.0 → 2.3.0

[change-log, source-code]

jwt (2.1.0)
jwt_signed_request (2.5.1)
jwt (>= 1.5.0, < 2.2.0)
rack
loofah (2.2.3)
loofah (2.4.0)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

loofah

Minor version upgrade 📈🔶 2.2.3 → 2.4.0

[change-log, source-code]

🎉 Patched vulnerabilities:

Commits

A change of 56 commits. See the full changes on the compare page.

These are the first 10 commits:

crass (~> 1.0.2)
nokogiri (>= 1.5.9)
method_source (0.9.2)
mini_portile2 (2.4.0)
minitest (5.11.3)
money (6.13.4)
minitest (5.13.0)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minitest (5.11.3)
money (6.13.4)
minitest (5.13.0)
money (6.13.6)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i18n (>= 0.6.4, <= 2)
nokogiri (1.10.4)
nokogiri (1.10.7)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nokogiri

Patch version upgrade 📈🔹 1.10.4 → 1.10.7

[change-log, source-code]

🎉 Patched vulnerabilities:

Commits

A change of 16 commits. See the full changes on the compare page.

These are the first 10 commits:

mini_portile2 (~> 2.4.0)
pagerduty (2.1.2)
json (>= 1.7.7)
rack (2.0.7)
rack (2.0.8)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rack

Patch version upgrade 📈🔹 2.0.7 → 2.0.8

[change-log, source-code]

🎉 Patched vulnerabilities:

  • CVE-2019-16782
    Possible information leak / session hijack vulnerability

    URL: GHSA-hrqr-hxpp-chr3

    There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison. Impact: The session id stored in a cookie is the same id that is used when querying the backing session storage engine. Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id. By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.

Commits

A change of 14 commits. See the full changes on the compare page.

These are the first 10 commits:

railties (6.0.0)
actionpack (= 6.0.0)
activesupport (= 6.0.0)
rails-html-sanitizer (1.3.0)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rails-html-sanitizer

Minor version upgrade 📈🔶 1.2.0 → 1.3.0

[change-log, source-code]

Commits

A change of 4 commits. See the full changes on the compare page.

These are the individual commits:

activesupport (= 6.0.0)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
railties (6.0.2.1)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

method_source
rake (>= 0.8.7)
thor (>= 0.20.3, < 2.0)
rake (12.3.3)
thor (0.20.3)
rake (13.0.1)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rake (12.3.3)
thor (0.20.3)
rake (13.0.1)
thor (1.0.1)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thread_safe (0.3.6)
tzinfo (1.2.5)
thread_safe (~> 0.1)
zeitwerk (2.1.9)
zeitwerk (2.2.2)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zeitwerk

Minor version upgrade 📈🔶 2.1.9 → 2.2.2

[change-log, source-code]

Commits

A change of 45 commits. See the full changes on the compare page.

These are the first 10 commits:

@johnsyweb johnsyweb merged commit 18c056f into master Dec 19, 2019
@johnsyweb johnsyweb deleted the auto_bundle_update_20191220-0902 branch December 19, 2019 22:07
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant