Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump sqlite3 from 1.3.13 to 1.5.4 #164

Merged
merged 1 commit into from Dec 9, 2022
Merged

Bump sqlite3 from 1.3.13 to 1.5.4 #164

merged 1 commit into from Dec 9, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 9, 2022
edited

Bumps sqlite3 from 1.3.13 to 1.5.4.

Release notes

Sourced from sqlite3's releases.

1.5.4 / 2022-11-18

Dependencies

  • Vendored sqlite is updated to v3.40.0.

sha256 checksums:

6b5df9845b54de0933e829c40b222100c7bd5190c53adfd88a19bfafd4520132  sqlite3-1.5.4-aarch64-linux.gem
cfed00e8f9200ea38451856e53e891dc11d3297e95120f1f2879ec8000169941  sqlite3-1.5.4-arm-linux.gem
6e70813a40bc4524623f0d66b96cf3068397973c661ca33773f85cc3e49141a6  sqlite3-1.5.4-arm64-darwin.gem
186bcdd7869b9098f9091640c7e6b250951988eb9f0d92f05e5160b64bed0000  sqlite3-1.5.4-x64-mingw-ucrt.gem
28a4daf8386d67590f86f32284229de2fa66c7e19389fc7e18c60143be616729  sqlite3-1.5.4-x64-mingw32.gem
495757cc3d65484055706adf416ea3ce8040c4b5847d7a3e959e7f22a1990739  sqlite3-1.5.4-x86-linux.gem
d5db3d52c9bfffc172eaae265cb367ad6f8ee99e15deb3386c97889ef1673a95  sqlite3-1.5.4-x86_64-darwin.gem
28a91539287a4a19d1beb1b168cbbec969eda3035a1c8c9208475d9765152f89  sqlite3-1.5.4-x86_64-linux.gem
5d4f6bed23a629651c965f5107861f11df479d74eeef3a70d6ec702f28112101  sqlite3-1.5.4.gem

1.5.3 / 2022-10-11

Fixed

  • Fixed installation of the "ruby" platform gem when building from source on Fedora. In v1.5.0..v1.5.2, installation failed on some systems due to the behavior of Fedora's pkg-config implementation. #355

sha256 checksums:

6780cc379c25a1395568cfd9a422024a0a18e7e2a39024f4120815b1a9d9ddec  sqlite3-1.5.3-aarch64-linux.gem
a8c09c5df83058712489ca7a5b072be8efb62db1d1c30fef4b64e386ff20a408  sqlite3-1.5.3-arm-linux.gem
ed25f7d3a8edc2d0a7b64c51dbb12665e45f750249e88937ae7a4ecdc4a53d13  sqlite3-1.5.3-arm64-darwin.gem
11cd815acd898c1dda022d8145365235fff29cdc2cc155f611c12d66ec925211  sqlite3-1.5.3-x64-mingw-ucrt.gem
10aea826628e6bd4339dccac74679cea6709b95adb78f2661b97101658ac998d  sqlite3-1.5.3-x64-mingw32.gem
c427322e6deb8807165ebb17d027aa8127ae267be2dba769574722f468c0815e  sqlite3-1.5.3-x86-linux.gem
6237622911b170eaf53fa931e3128656d027452acfffdd8cd2d0584f70a40376  sqlite3-1.5.3-x86_64-darwin.gem
12bc33cd1e063651985801a877463aad86645e3bd27d46577dced1a0a41b3826  sqlite3-1.5.3-x86_64-linux.gem
66524f404db0b697620b601dea6381b139e9ce6f47e8eb628759c8d6ddcb25c5  sqlite3-1.5.3.gem

1.5.2 / 2022-10-01

Packaging

This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla "ruby" platform gem package, so that users will not require network access at installation.

... (truncated)

Changelog

Sourced from sqlite3's changelog.

1.5.4 / 2022-11-18

Dependencies

  • Vendored sqlite is updated to v3.40.0.

1.5.3 / 2022-10-11

Fixed

  • Fixed installation of the "ruby" platform gem when building from source on Fedora. In v1.5.0..v1.5.2, installation failed on some systems due to the behavior of Fedora's pkg-config implementation. #355

1.5.2 / 2022-10-01

Packaging

This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla "ruby" platform gem package, so that users will not require network access at installation.

v1.5.0 and v1.5.1 mistakenly packaged the tarball for sqlite v3.38.5 in the vanilla "ruby" platform gem, resulting in downloading the intended tarball over the network at installation time (or, if the network was not available, failure to install). Note that the precompiled native gems were not affected by this issue. #352

1.5.1 / 2022-09-29

Dependencies

  • Vendored sqlite is updated to v3.39.4.

Security

The vendored version of sqlite, v3.39.4, should be considered to be a security release. From the release notes:

Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so this should be considered a security update.

In order to exploit the vulnerability, an attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit signed integer overflow.

For more information please see GHSA-mgvv-5mxp-xq67.

1.5.0 / 2022-09-08

Packaging

Faster, more reliable installation

... (truncated)

Commits
  • beaa142 version bump to v1.5.4
  • a1cdafa Merge pull request #362 from sparklemotion/flavorjones-update-to-3_40_0
  • d5ece08 dep: update packaged sqlite3 to v3.40.0
  • 9ef3c1b ci: add dependencies.yml to actions/cache key
  • c1eb06d Merge pull request #361 from sparklemotion/flavorjones-allow-experimental-builds
  • 1c60661 ci: periodically run tests against upstream sqlite
  • a8f4010 dev: add ability to build against an arbitrary sqlite source tree
  • 72836be Merge pull request #347 from sparklemotion/flavorjones-truffleruby-gem-install
  • 12fc329 version bump to v1.5.3
  • 5ec7855 Merge pull request #355 from sparklemotion/354-work-around-fedora-pkgconf-lib...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 9, 2022
@hellcp
Copy link
Member

hellcp commented Dec 9, 2022

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/bundler/sqlite3-1.5.4 branch from 85f7f27 to 78308d5 Compare December 9, 2022 18:41
@dependabot
Bump sqlite3 from 1.3.13 to 1.5.4
18bfebe 
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 1.3.13 to 1.5.4.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/master/CHANGELOG.md)
- [Commits](sparklemotion/sqlite3-ruby@v1.3.13...v1.5.4)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/bundler/sqlite3-1.5.4 branch from 78308d5 to 18bfebe Compare December 9, 2022 20:14
@coveralls
Copy link

Coverage Status

Coverage remained the same at 89.408% when pulling 18bfebe on dependabot/bundler/sqlite3-1.5.4 into 5fee0c1 on master.

@hellcp hellcp merged commit 069d85b into master Dec 9, 2022
@hellcp hellcp deleted the dependabot/bundler/sqlite3-1.5.4 branch December 9, 2022 20:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@hellcp @coveralls