🚨 [security] Update activemodel 8.1.2 → 8.1.3 (patch)#992
Open
depfu[bot] wants to merge 1 commit intomasterfrom
Open
🚨 [security] Update activemodel 8.1.2 → 8.1.3 (patch)#992depfu[bot] wants to merge 1 commit intomasterfrom
depfu[bot] wants to merge 1 commit intomasterfrom
Conversation
Minimum allowed line rate is |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ activemodel (8.1.2 → 8.1.3) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 74 commits:
Preparing for 8.1.3 releaseMerge branch '8-1-sec' into 8-1-stablePreparing for 8.1.2.1 releaseUpdate changelogUpdate CHANGELOG (8.1 only)Fix XSS in debug exceptions copy-to-clipboardSkip blank attribute names in Action View tag helpersPrevent glob injection in ActiveStorage DiskService#delete_prefixedPrevent path traversal in ActiveStorage DiskServiceImprove performance of NumberToDelimitedConverterFix `SafeBuffer#%` to preserve unsafe statusActive Storage: Filter user supplied metadata in DirectUploadControllerNumberConverter: reject scientific notationActiveStorage::Streaming limit range requests to a single rangeUpdate trilogyMerge pull request #57022 from byroot/sobrinho-mainConfigurable maxmimum streaming chunk sizeLock some dependenciesMerge pull request #56977 from hschne/26-03-fix-ignore-virtual-tablesMerge pull request #56970 from nicolasva/fix_spatia_liteMerge pull request #56965 from rosa/restore-previous-instrumenter-async-block-8-1-stableRestore previous instrumenter after execute_or_skipMerge pull request #56932 from eglitobias/fix-dbconsole-notimplemented-messageMerge pull request #56951 from r-plus/patch-1Merge pull request #56943 from yahonda/ruby-16321Merge pull request #56911 from toy/postgresql-9.5-requiredMerge pull request #56906 from kataokatsuki/fix-strict-locals-non-ascii-encodingMerge pull request #56880 from skipkayhil/hm-xwkpqplrmlzqqyxnMerge pull request #56898 from byroot/pinned-con-leakMerge pull request #56891 from pietervisser/fix-collection-caching-to-preserve-store-default-expires-inMerge pull request #56889 from alpaca-tc/support-spring-on-test-environmentMerge pull request #56867 from hammadxcm/fix-ruby4-delegator-inspect-warningMerge pull request #56868 from yahonda/8-1-stable-sidekiq-811-integration-testFix deprecation of sidekiq/testing in integration test adapterMerge pull request #56828 from djezzzl/mainMerge pull request #56862 from skipkayhil/hm-rtvozytmvnswkpvrMerge pull request #56817 from afurm/fix/sqlite3-generated-column-equalityFix deprecation of sidekiq/testing/inlineMerge pull request #56802 from afurm/fix/sqlite3-rowid-column-equalityRevert benchmark.rb to a silent shim (#56832)Merge pull request #56803 from daffo/fix-use-ranges-limitMerge pull request #56750 from nicolasva/fix/UnknownHttpMethodMerge pull request #56820 from ybiquitous/improve-apidoc-for-ActionDispatch_Integration_SessionMerge pull request #56797 from uberjay/fix-sqlite3-pg-column-deduplication-virtualMerge pull request #53417 from vinibispo/fix/skip_storage-changes-gitignoreMerge pull request #56783 from kudoas/fix-activestorage-blob-content-type-nilMerge pull request #56785 from drsharp/dan/fix-json-encoder-bugMerge pull request #56767 from xathien/fix-eager-json-encoder-cacheMerge pull request #56768 from RemoteCTO/fix/integer-type-marshal-compatMerge pull request #56751 from yahonda/pin-dalli-4Merge pull request #56733 from eglitobias/improve-docs2Merge pull request #56693 from r7kamura/configuration-duplicated-ifFix activesupport/CHANGELOG.md offense at 8-1-stableMerge pull request #56679 from Saidbek/fix-overlapping-acronyms-orderMerge pull request #56666 from kirs/skip-unique-index-lookup-insert-allFix changelog formattingMerge pull request #56652 from zzak/re-56588Merge pull request #56667 from yahonda/use-released-net-smtp-in-bug-report-templatesMerge pull request #56660 from mutumagitonga/patch-1Merge pull request #56661 from eglitobias/improve-docsFix badly named testMerge pull request #56401 from Tretent/patch-5Merge pull request #56645 from zzak/8-1-ruby-4.1-source_locationHandle Ruby 4.1 stabby lambda in Proc#source_location start_columnFix ErrorReporterAssertions when no reporter is configuredUse Gem::Version to check for `RUBY_VERSION >= 3.3.5`Merge pull request #56591 from rails/8-1-as-para-worker-mt-fixAdd missing `with_info_handler` removed in 0f8014a0ffMerge pull request #56579 from fatkodima/followup-56578Merge pull request #56578 from fatkodima/fix-change_table-with-bulk-and-prefixesMerge pull request #56523 from stevepolitodesign/sp-cl-libvipsMerge pull request #56529 from yujiteshima/fix-migration-default-docsMerge pull request #56427 from callmesangio/fix-humanize-docsMerge pull request #56556 from chiperific/fix-56555Security Advisories 🚨
🚨 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
🚨 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
🚨 Rails Active Support has a possible DoS vulnerability in its number helpers
Commits
See the full diff on Github. The new version differs by 74 commits:
Preparing for 8.1.3 releaseMerge branch '8-1-sec' into 8-1-stablePreparing for 8.1.2.1 releaseUpdate changelogUpdate CHANGELOG (8.1 only)Fix XSS in debug exceptions copy-to-clipboardSkip blank attribute names in Action View tag helpersPrevent glob injection in ActiveStorage DiskService#delete_prefixedPrevent path traversal in ActiveStorage DiskServiceImprove performance of NumberToDelimitedConverterFix `SafeBuffer#%` to preserve unsafe statusActive Storage: Filter user supplied metadata in DirectUploadControllerNumberConverter: reject scientific notationActiveStorage::Streaming limit range requests to a single rangeUpdate trilogyMerge pull request #57022 from byroot/sobrinho-mainConfigurable maxmimum streaming chunk sizeLock some dependenciesMerge pull request #56977 from hschne/26-03-fix-ignore-virtual-tablesMerge pull request #56970 from nicolasva/fix_spatia_liteMerge pull request #56965 from rosa/restore-previous-instrumenter-async-block-8-1-stableRestore previous instrumenter after execute_or_skipMerge pull request #56932 from eglitobias/fix-dbconsole-notimplemented-messageMerge pull request #56951 from r-plus/patch-1Merge pull request #56943 from yahonda/ruby-16321Merge pull request #56911 from toy/postgresql-9.5-requiredMerge pull request #56906 from kataokatsuki/fix-strict-locals-non-ascii-encodingMerge pull request #56880 from skipkayhil/hm-xwkpqplrmlzqqyxnMerge pull request #56898 from byroot/pinned-con-leakMerge pull request #56891 from pietervisser/fix-collection-caching-to-preserve-store-default-expires-inMerge pull request #56889 from alpaca-tc/support-spring-on-test-environmentMerge pull request #56867 from hammadxcm/fix-ruby4-delegator-inspect-warningMerge pull request #56868 from yahonda/8-1-stable-sidekiq-811-integration-testFix deprecation of sidekiq/testing in integration test adapterMerge pull request #56828 from djezzzl/mainMerge pull request #56862 from skipkayhil/hm-rtvozytmvnswkpvrMerge pull request #56817 from afurm/fix/sqlite3-generated-column-equalityFix deprecation of sidekiq/testing/inlineMerge pull request #56802 from afurm/fix/sqlite3-rowid-column-equalityRevert benchmark.rb to a silent shim (#56832)Merge pull request #56803 from daffo/fix-use-ranges-limitMerge pull request #56750 from nicolasva/fix/UnknownHttpMethodMerge pull request #56820 from ybiquitous/improve-apidoc-for-ActionDispatch_Integration_SessionMerge pull request #56797 from uberjay/fix-sqlite3-pg-column-deduplication-virtualMerge pull request #53417 from vinibispo/fix/skip_storage-changes-gitignoreMerge pull request #56783 from kudoas/fix-activestorage-blob-content-type-nilMerge pull request #56785 from drsharp/dan/fix-json-encoder-bugMerge pull request #56767 from xathien/fix-eager-json-encoder-cacheMerge pull request #56768 from RemoteCTO/fix/integer-type-marshal-compatMerge pull request #56751 from yahonda/pin-dalli-4Merge pull request #56733 from eglitobias/improve-docs2Merge pull request #56693 from r7kamura/configuration-duplicated-ifFix activesupport/CHANGELOG.md offense at 8-1-stableMerge pull request #56679 from Saidbek/fix-overlapping-acronyms-orderMerge pull request #56666 from kirs/skip-unique-index-lookup-insert-allFix changelog formattingMerge pull request #56652 from zzak/re-56588Merge pull request #56667 from yahonda/use-released-net-smtp-in-bug-report-templatesMerge pull request #56660 from mutumagitonga/patch-1Merge pull request #56661 from eglitobias/improve-docsFix badly named testMerge pull request #56401 from Tretent/patch-5Merge pull request #56645 from zzak/8-1-ruby-4.1-source_locationHandle Ruby 4.1 stabby lambda in Proc#source_location start_columnFix ErrorReporterAssertions when no reporter is configuredUse Gem::Version to check for `RUBY_VERSION >= 3.3.5`Merge pull request #56591 from rails/8-1-as-para-worker-mt-fixAdd missing `with_info_handler` removed in 0f8014a0ffMerge pull request #56579 from fatkodima/followup-56578Merge pull request #56578 from fatkodima/fix-change_table-with-bulk-and-prefixesMerge pull request #56523 from stevepolitodesign/sp-cl-libvipsMerge pull request #56529 from yujiteshima/fix-migration-default-docsMerge pull request #56427 from callmesangio/fix-humanize-docsMerge pull request #56556 from chiperific/fix-56555Security Advisories 🚨
🚨 Ruby JSON has a format string injection vulnerability
Release Notes
2.19.3
2.19.2
2.19.1
2.19.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 24 commits:
Release 2.19.3Fix handling of unescaped control characters preceeded by a backslashRelease 2.19.2Fix a format string injection vulnerabilityMerge pull request #953 from ruby/dependabot/github_actions/actions/create-github-app-token-3Bump actions/create-github-app-token from 2 to 3Release 2.19.1Add missing GC_GUARD in `fbuffer_append_str`Release 2.19.0fbuffer.h: Use size_t over unsigned longAdd depth validation to Jruby and TruffleRuby implementationsReject negative depth; add overflow guards to prevent hang/crashFix `allow_blank` parsing option to only consider strings.Reimplement `to_json` methods in RubyRemove unused load_uint8x16_4 function.Use single quotes for allow_invalid_escape docAdd `allow_invalid_escape` parsing optionRemove bignum warningsRemove unused method in JSONGeneratorTest[DOC] Another link fix[DOC] Fix linksStop using RB_ALLOCVCleanup function delecarationsRemove codepaths under !RUBY_INTEGER_UNIFICATIONDepfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands