Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the bundler group group with 9 updates #45

Closed
wants to merge 1 commit into from
Closed

Bump the bundler group group with 9 updates #45

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2024
edited
Loading

Bumps the bundler group group with 9 updates:

Package From To
activestorage 7.0.4 7.1.3.2
actionpack 7.0.4 7.1.3.2
actionview 7.0.4 7.1.3.2
activerecord 7.0.4 7.1.3.2
activesupport 7.0.4 7.1.3.2
globalid 1.0.0 1.2.1
loofah 2.19.0 2.22.0
rack 2.2.4 3.0.9.1
rails-html-sanitizer 1.4.3 1.6.0

Updates activestorage from 7.0.4 to 7.1.3.2

Release notes

Sourced from activestorage's releases.

v7.1.3.2

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Fix raise_on_missing_translations not working correctly with the translate method in controllers after the patch for CVE-2024-26143.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

... (truncated)

Changelog

Sourced from activestorage's changelog.

Rails 7.1.3.2 (February 21, 2024)

  • No changes.

Rails 7.1.3.1 (February 21, 2024)

  • No changes.

Rails 7.1.3 (January 16, 2024)

  • Fix N+1 query when fetching preview images for non-image assets.

    Aaron Patterson & Justin Searls

  • Fix all Active Storage database related models to respect ActiveRecord::Base.table_name_prefix configuration.

    Chedli Bourguiba

  • Fix ActiveStorage::Representations::ProxyController not returning the proper preview image variant for previewable files.

    Chedli Bourguiba

  • Fix ActiveStorage::Representations::ProxyController to proxy untracked variants.

    Chedli Bourguiba

  • Fix direct upload forms when submit button contains nested elements.

    Marc Köhlbrugge

  • When using the preprocessed: true option, avoid enqueuing transform jobs for blobs that are not representable.

    Chedli Bourguiba

  • Process preview image variant when calling ActiveStorage::Preview#processed. For example, attached_pdf.preview(:thumb).processed will now immediately generate the full-sized preview image and the :thumb variant of it. Previously, the :thumb variant would not be generated until a further call to e.g. processed.url.

    Chedli Bourguiba and Jonathan Hefner

  • Prevent ActiveRecord::StrictLoadingViolationError when strict loading is enabled and the variant of an Active Storage preview has already been

... (truncated)

Commits
  • 6f0d1ad Preparing for 7.1.3.2 release
  • d73ed95 Preparing for 7.1.3.1 release
  • 43037d8 update changelog
  • 36c1591 Preparing for 7.1.3 release
  • a84622f Sync changelog
  • d8a8dd9 Merge pull request #50758 from rails/fix-video-preview-nplus1
  • 2606c66 Use verb form of "fallback"
  • a8b302c Split up code blocks for multi-file examples [ci-skip]
  • 29cc708 Merge pull request #50167 from chaadow/fix_activestorage_table_prefix
  • 09a9cb9 Merge pull request #50165 from jonathanhefner/follow-up-48290-selector
  • Additional commits viewable in compare view

Updates actionpack from 7.0.4 to 7.1.3.2

Release notes

Sourced from actionpack's releases.

v7.1.3.2

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Fix raise_on_missing_translations not working correctly with the translate method in controllers after the patch for CVE-2024-26143.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 7.1.3.2 (February 21, 2024)

  • Fix raise_on_missing_translations not working correctly with the translate method in controllers after the patch for CVE-2024-26143.

Rails 7.1.3.1 (February 21, 2024)

Rails 7.1.3 (January 16, 2024)

  • Fix including Rails.application.routes.url_helpers directly in an ActiveSupport::Concern.

    Jonathan Hefner

  • Fix system tests when using a Chrome binary that has been downloaded by Selenium.

    Jonathan Hefner

Rails 7.1.2 (November 10, 2023)

  • Fix a race condition that could cause a Text file busy - chromedriver error with parallel system tests

    Matt Brictson

  • Fix StrongParameters#extract_value to include blank values

    Otherwise composite parameters may not be parsed correctly when one of the component is blank.

    fatkodima, Yasha Krasnou, Matthias Eiglsperger

  • Add racc as a dependency since it will become a bundled gem in Ruby 3.4.0

    Hartley McGuire

  • Support handling Enumerator for non-buffered responses.

    Zachary Scott

... (truncated)

Commits
  • 6f0d1ad Preparing for 7.1.3.2 release
  • c25f0fc Respect raise_on_missing_ in controller
  • d73ed95 Preparing for 7.1.3.1 release
  • 43037d8 update changelog
  • 5187a9e fix XSS vulnerability when using translation
  • b4d3bfb Fix ReDoS in accept header scanning
  • 36c1591 Preparing for 7.1.3 release
  • a84622f Sync changelog
  • 8a0767d Fix test setup to raise SyntaxError on Ruby 2.7
  • 894f933 Merge pull request #50764 from eugeneius/syntax_error_proxy_nil_backtrace_loc...
  • Additional commits viewable in compare view

Updates actionview from 7.0.4 to 7.1.3.2

Release notes

Sourced from actionview's releases.

v7.1.3.2

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Fix raise_on_missing_translations not working correctly with the translate method in controllers after the patch for CVE-2024-26143.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 7.1.3.2 (February 21, 2024)

  • No changes.

Rails 7.1.3.1 (February 21, 2024)

  • No changes.

Rails 7.1.3 (January 16, 2024)

  • Better handle SyntaxError in Action View.

    Mario Caropreso

  • Fix word_wrap with empty string.

    Jonathan Hefner

  • Rename ActionView::TestCase::Behavior::Content to ActionView::TestCase::Behavior::RenderedViewContent.

    Make RenderedViewContent inherit from String. Make private API with :nodoc:.

    Sean Doyle

  • Fix detection of required strict locals.

    Further fix render @collection compatibility with strict locals

    Jean Boussier

Rails 7.1.2 (November 10, 2023)

  • Fix the number_to_human_size view helper to correctly work with negative numbers.

    Earlopain

  • Automatically discard the implicit locals injected by collection rendering for template that can't accept them

    When rendering a collection, two implicit variables are injected, which breaks templates with strict locals.

    Now they are only passed if the template will actually accept them.

    Yasha Krasnou, Jean Boussier

  • Fix @rails/ujs calling start() an extra time when using bundlers

    Hartley McGuire, Ryunosuke Sato

... (truncated)

Commits
  • 6f0d1ad Preparing for 7.1.3.2 release
  • d73ed95 Preparing for 7.1.3.1 release
  • 43037d8 update changelog
  • 36c1591 Preparing for 7.1.3 release
  • a84622f Sync changelog
  • 81c8023 Sync changelog
  • 610c7b8 Merge pull request #50752 from seanpdoyle/issue-49818-changelog
  • 2606c66 Use verb form of "fallback"
  • 680b81c Autolink AV::Helpers::SanitizeHelper#sanitize [ci-skip]
  • 1f25cd3 Clean up AV::Helpers::SanitizeHelper#sanitize doc [ci-skip]
  • Additional commits viewable in compare view

Updates activerecord from 7.0.4 to 7.1.3.2

Release notes

Sourced from activerecord's releases.

v7.1.3.2

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Fix raise_on_missing_translations not working correctly with the translate method in controllers after the patch for CVE-2024-26143.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

... (truncated)

Changelog

Sourced from activerecord's changelog.

Rails 7.1.3.2 (February 21, 2024)

  • No changes.

Rails 7.1.3.1 (February 21, 2024)

  • No changes.

Rails 7.1.3 (January 16, 2024)

  • Fix Migrations with versions older than 7.1 validating options given to add_reference.

    Hartley McGuire

  • Ensure reload sets correct owner for each association.

    Dmytro Savochkin

  • Fix view runtime for controllers with async queries.

    fatkodima

  • Fix load_async to work with query cache.

    fatkodima

  • Fix polymorphic belongs_to to correctly use parent's query_constraints.

    fatkodima

  • Fix Preloader to not generate a query for already loaded association with query_constraints.

    fatkodima

  • Fix multi-database polymorphic preloading with equivalent table names.

    When preloading polymorphic associations, if two models pointed to two tables with the same name but located in different databases, the preloader would only load one.

    Ari Summer

  • Fix encrypted_attribute? to take into account context properties passed to encrypts.

    Maxime Réty

  • Fix find_by to work correctly in presence of composite primary keys.

... (truncated)

Commits

Updates activesupport from 7.0.4 to 7.1.3.2

Release notes

Sourced from activesupport's releases.

v7.1.3.2

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Fix raise_on_missing_translations not working correctly with the translate method in controllers after the patch for CVE-2024-26143.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 7.1.3.2 (February 21, 2024)

  • No changes.

Rails 7.1.3.1 (February 21, 2024)

  • No changes.

Rails 7.1.3 (January 16, 2024)

  • Handle nil backtrace_locations in ActiveSupport::SyntaxErrorProxy.

    Eugene Kenny

  • Fix ActiveSupport::JSON.encode to prevent duplicate keys.

    If the same key exist in both String and Symbol form it could lead to the same key being emitted twice.

    Manish Sharma

  • Fix ActiveSupport::Cache::Store#read_multi when using a cache namespace and local cache strategy.

    Mark Oleson

  • Fix Time.now/DateTime.now/Date.today to return results in a system timezone after #travel_to.

    There is a bug in the current implementation of #travel_to: it remembers a timezone of its argument, and all stubbed methods start returning results in that remembered timezone. However, the expected behaviour is to return results in a system timezone.

    Aleksei Chernenkov

  • Fix :unless_exist option for MemoryStore#write (et al) when using a cache namespace.

    S. Brent Faulkner

  • Fix ActiveSupport::Deprecation to handle blaming generated code.

    Jean Boussier, fatkodima

Rails 7.1.2 (November 10, 2023)

  • Fix :expires_in option for RedisCacheStore#write_multi.

... (truncated)

Commits

Updates globalid from 1.0.0 to 1.2.1

Release notes

Sourced from globalid's releases.

1.2.0

What's Changed

New Contributors

Full Changelog: rails/globalid@v1.1.0...v1.2.0

1.1.0

What's Changed

New Contributors

Full Changelog: rails/globalid@v1.0.1...v1.1.0

v1.0.1

Possible ReDoS based DoS vulnerability in GlobalID

There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799.

Versions Affected: >= 0.2.1 Not affected: NOTAFFECTED Fixed Versions: 1.0.1

Impact

There is a possible DoS vulnerability in the model name parsing section of the GlobalID gem. Carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

... (truncated)

Commits
  • 488ab6c Prepare for 1.2.1
  • 0f585e9 Whitespaces
  • 626a342 Merge pull request #168 from ghiculescu/handle-no-primary-key
  • 759d1eb Don't break on models where primary_key is not defined
  • 27dff72 Prepare for 1.2.0
  • 4ec9833 Merge pull request #165 from rails/rm-json-serializer
  • d371dd1 Change verifier to conform Rails 7.1 API
  • b73e5f9 Remove deprecation when default cache format is used
  • 5246758 Make sure legacy verifier behavior work with JSON serializer and symbol values
  • 2fab171 Update the ruby extension to use Ruby LSP
  • Additional commits viewable in compare view

Updates loofah from 2.19.0 to 2.22.0

Release notes

Sourced from loofah's releases.

2.22.0 / 2023-11-13

Added

2.21.4 / 2023-10-10

Fixed

  • Loofah::HTML5::Scrub.scrub_css is more consistent in preserving whitespace (and lack of whitespace) in CSS property values. In particular, .scrub_css no longer inserts whitespace between tokens that did not already have whitespace between them. [#273, fixes #271]

2.21.3 / 2023-05-15

2.21.2 / 2023-05-11

Dependencies

  • Update the dependency on Nokogiri to be >= 1.12.0. The dependency in 2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would result in a NameError exception. [#266]

2.21.1 / 2023-05-10

Fixed

  • Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.

2.21.0 / 2023-05-10

HTML5 Support

Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:

  • Loofah.html5_document
  • Loofah.html5_fragment
  • Loofah.scrub_html5_document
  • Loofah.scrub_html5_fragment

These classes and methods use Nokogiri's HTML5 parser to ensure modern web standards are used.

⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.

... (truncated)

Changelog

Sourced from loofah's changelog.

2.22.0 / 2023-11-13

Added

2.21.4 / 2023-10-10

Fixed

  • Loofah::HTML5::Scrub.scrub_css is more consistent in preserving whitespace (and lack of whitespace) in CSS property values. In particular, .scrub_css no longer inserts whitespace between tokens that did not already have whitespace between them. [#273, fixes #271]

2.21.3 / 2023-05-15

Fixed

2.21.2 / 2023-05-11

Dependencies

  • Update the dependency on Nokogiri to be >= 1.12.0. The dependency in 2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would result in a NameError exception. [#266]

2.21.1 / 2023-05-10

Fixed

  • Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.

2.21.0 / 2023-05-10

HTML5 Support

Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:

  • Loofah.html5_document
  • Loofah.html5_fragment
  • Loofah.scrub_html5_document
  • Loofah.scrub_html5_fragment

These classes and methods use Nokogiri's HTML5 parser to ensure modern web standards are used.

⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.

... (truncated)

Commits
  • cb14ea7 version bump to v2.22.0
  • 64e0a26 update CHANGELOG
  • c5cfb80 Merge pull request #277 from wynksaiddestroy/feature/noreferrer_scrubber
  • 4ad2e13 Add noreferrer scrubber
  • 5345bb7 Merge pull request #275 from hexdevs/add-target-blank-scrub
  • 09e11ad feat: adds :targetblank scrubber
  • 992b054 version bump to v2.21.4
  • 5d9a22f Merge pull request #273 from flavorjones/flavorjones-css-whitespace-handling
  • 876116e fix: scrub_css is more consistent with whitespace
  • edde5f2 Merge pull request #274 from flavorjones/flavorjones-bump-hoe-markdown
  • Additional commits viewable in compare view

Updates rack from 2.2.4 to 3.0.9.1

Release notes

Sourced from rack's releases.

v3.0.9.1

What's Changed

Full Changelog: rack/rack@v3.0.9...v3.0.9.1

v3.0.9

What's Changed

  • Fix content-length calcuation in Rack:Response#write #2150

Full Changelog: rack/rack@v3.0.8...v3.0.9

v3.0.8

What's Changed

New Contributors

Full Changelog: rack/rack@v3.0.7...v3.0.8

v3.0.7

What's Changed

Full Changelog: rack/rack@v3.0.6.1...v3.0.7

v3.0.6.1

No release notes provided.

v3.0.4.1

Full Changelog: rack/rack@v3.0.4...v3.0.4.1

v3.0.4

Full Changelog: rack/rack@v3.0.3...v3.0.4

v3.0.3

What's Changed

Full Changelog: rack/rack@v3.0.2...v3.0.3

v3.0.2

Full Changelog: rack/rack@v3.0.1...v3.0.2

... (truncated)

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

SPEC Changes

  • rack.input is now optional. (#1997, [@​ioquatix])
  • Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)

Changed

  • rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
  • Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
  • MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
  • Add .mjs MIME type (#2057, [@​axilleas])
  • Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
  • set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
  • Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
  • Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])
  • In Rack::Files, ignore the Range header if served file is 0 bytes. (#2159, [@​zarqman])

[3.0.9] - 2024-01-31

  • Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, [@​mattbrictson])

[3.0.8] - 2023-06-14

[3.0.7] - 2023-03-16

[3.0.6.1] - 2023-03-13

[3.0.6] - 2023-03-13

  • Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])

[3.0.5] - 2023-03-13

[3.0.4.2] - 2023-03-02

  • [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts

... (truncated)

Commits
  • a4bc5e0 bump version
  • 6efb2ce Avoid 2nd degree polynomial regexp in MediaType
  • 4849132 Return an empty array when ranges are too large
  • a227cd7 Fixing ReDoS in header parsing
  • 0b3f997 Bump patch version.
  • d3d415e Update Ruby versions for external tests: drop v2.7 and add v3.2 and v3.3. (#2...
  • c8b977f Fix content-length calcuation in Rack:Response#write (#2150)
  • 8d1bf99 Update CHANGELOG for 3.0.8 (#2086)
  • d28c464 Bump patch verison.
  • 32736d2 Fix some unused variable verbose warnings (#2084)
  • Additional commits viewable in compare view

Updates rails-html-sanitizer from 1.4.3 to 1.6.0

Release notes

Sourced from rails-html-sanitizer's releases.

1.6.0 / 2023-05-26

  • Dependencies have been updated:

    • Loofah ~>2.21 and Nokogiri ~>1.14 for HTML5 parser support
    • As a result, required Ruby version is now >= 2.7.0

    Security updates will continue to be made on the 1.5.x release branch as long as Rails 6.1 (which supports Ruby 2.5) is still in security support.

    Mike Dalessio

  • HTML5 standards-compliant sanitizers are now available on platforms supported by Nokogiri::HTML5. These are available as:

    • Rails::HTML5::FullSanitizer
    • Rails::HTML5::LinkSanitizer
    • Rails::HTML5::SafeListSanitizer

    And a new "vendor" is provided at Rails::HTML5::Sanitizer that can be used in a future version of Rails.

    Note that for symmetry Rails::HTML4::Sanitizer is also added, though its behavior is identical to the vendor class methods on Rails::HTML::Sanitizer.

    Users may call Rails::HTML::Sanitizer.best_supported_vendor to get back the HTML5 vendor if it's supported, else the legacy HTML4 vendor.

    Mike Dalessio

  • Module namespaces have changed, but backwards compatibility is provided by aliases.

    The library defines three additional modules:

    • Rails::HTML for general functionality (replacing Rails::Html)
    • Rails::HTML4 containing sanitizers that parse content as HTML4
    • Rails::HTML5 containing sanitizers that parse content as HTML5

    The following aliases are maintained for backwards compatibility:

    • Rails::Html points to Rails::HTML
    • Rails::HTML::FullSanitizer points to Rails::HTML4::FullSanitizer
    • Rails::HTML::LinkSanitizer points to Rails::HTML4::LinkSanitizer
    • Rails::HTML::SafeListSanitizer points to Rails::HTML4::SafeListSanitizer

    Mike Dalessio

  • LinkSanitizer always returns UTF-8 encoded strings. SafeListSanitizer and FullSanitizer already ensured this encoding.

... (truncated)

Changelog

Sourced from rails-html-sanitizer's changelog.

1.6.0 / 2023-05-26

  • Dependencies have been updated:

    • Loofah ~>2.21 and Nokogiri ~>1.14 for HTML5 parser support
    • As a result, required Ruby version is now >= 2.7.0

    Security updates will continue to be made on the 1.5.x release branch as long as Rails 6.1 (which supports Ruby 2.5) is still in security support.

    Mike Dalessio

  • HTML5 standards-compliant sanitizers are now available on platforms supported by Nokogiri::HTML5. These are available as:

    • Rails::HTML5::FullSanitizer
    • Rails::HTML5::LinkSanitizer
    • Rails::HTML5::SafeListSanitizer

    And a new "vendor" is provided at Rails::HTML5::Sanitizer that can be used in a future version of Rails.

    Note that for symmetry Rails::HTML4::Sanitizer is also added, though its behavior is identical to the vendor class methods on Rails::HTML::Sanitizer.

    Users may call Rails::HTML::Sanitizer.best_supported_vendor to get back the HTML5 vendor if it's supported, else the legacy HTML4 vendor.

    Mike Dalessio

  • Module namespaces have changed, but backwards compatibility is provided by aliases.

    The library defines three additional modules:

    • Rails::HTML for general functionality (replacing Rails::Html)
    • Rails::HTML4 containing sanitizers that parse content as HTML4
    • Rails::HTML5 containing sanitizers that parse content as HTML5

    The following aliases are maintained for backwards compatibility:

    • Rails::Html points to Rails::HTML
    • Rails::HTML::FullSanitizer points to Rails::HTML4::FullSanitizer
    • Rails::HTML::LinkSanitizer points to Rails::HTML4::LinkSanitizer
    • Rails::HTML::SafeListSanitizer points to Rails::HTML4::SafeListSanitizer

    Mike Dalessio

  • LinkSanitizer always returns UTF-8 encoded strings. SafeListSanitizer and FullSanitizer already ensured this encoding.

... (truncated)

Commits
  • 19fd6cd version bump to v1.6.0
  • a9b2f1e doc: update CHANGELOG and README with supported branch info
  • ca29c20 doc: update README moving verbose notes after usage
  • 3b31be5 version bump to v1.6.0.rc2
  • b98af6c Merge pull request #167 from rails/flavorjones-best-supported-vendor-method
  • e953444 feat: introduce Rails::HTML::Sanitizer.best_supported_vendor
  • 5419017 version bump to v1.6.0.rc1
  • 669dcd0 doc: update CONTRIBUTING with release process
  • cd77210 Merge pull request #166 from rails/flavorjones-update-deps-for-html5-variation2
  • 7cc07bb dep: update loofah and nokogiri to versions fully supporting HTML5
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the bundler group group with 9 updates
8f1f8c4 
Bumps the bundler group group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [activestorage](https://github.com/rails/rails) | `7.0.4` | `7.1.3.2` |
| [actionpack](https://github.com/rails/rails) | `7.0.4` | `7.1.3.2` |
| [actionview](https://github.com/rails/rails) | `7.0.4` | `7.1.3.2` |
| [activerecord](https://github.com/rails/rails) | `7.0.4` | `7.1.3.2` |
| [activesupport](https://github.com/rails/rails) | `7.0.4` | `7.1.3.2` |
| [globalid](https://github.com/rails/globalid) | `1.0.0` | `1.2.1` |
| [loofah](https://github.com/flavorjones/loofah) | `2.19.0` | `2.22.0` |
| [rack](https://github.com/rack/rack) | `2.2.4` | `3.0.9.1` |
| [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) | `1.4.3` | `1.6.0` |


Updates `activestorage` from 7.0.4 to 7.1.3.2
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activestorage/CHANGELOG.md)
- [Commits](rails/rails@v7.0.4...v7.1.3.2)

Updates `actionpack` from 7.0.4 to 7.1.3.2
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/actionpack/CHANGELOG.md)
- [Commits](rails/rails@v7.0.4...v7.1.3.2)

Updates `actionview` from 7.0.4 to 7.1.3.2
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/actionview/CHANGELOG.md)
- [Commits](rails/rails@v7.0.4...v7.1.3.2)

Updates `activerecord` from 7.0.4 to 7.1.3.2
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activerecord/CHANGELOG.md)
- [Commits](rails/rails@v7.0.4...v7.1.3.2)

Updates `activesupport` from 7.0.4 to 7.1.3.2
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v7.0.4...v7.1.3.2)

Updates `globalid` from 1.0.0 to 1.2.1
- [Release notes](https://github.com/rails/globalid/releases)
- [Commits](rails/globalid@v1.0.0...v1.2.1)

Updates `loofah` from 2.19.0 to 2.22.0
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](flavorjones/loofah@v2.19.0...v2.22.0)

Updates `rack` from 2.2.4 to 3.0.9.1
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@2.2.4...v3.0.9.1)

Updates `rails-html-sanitizer` from 1.4.3 to 1.6.0
- [Release notes](https://github.com/rails/rails-html-sanitizer/releases)
- [Changelog](https://github.com/rails/rails-html-sanitizer/blob/main/CHANGELOG.md)
- [Commits](rails/rails-html-sanitizer@v1.4.3...v1.6.0)

---
updated-dependencies:
- dependency-name: activestorage
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: actionpack
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: actionview
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activerecord
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: globalid
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: loofah
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: rack
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: rails-html-sanitizer
  dependency-type: indirect
  dependency-group: bundler-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 1, 2024
This was referenced Mar 1, 2024
Closed
Closed
Closed
Closed
Closed
Closed
@G-Rath
Copy link
Contributor

G-Rath commented Aug 2, 2024

@dependabot rebase

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 2, 2024

Superseded by #47.

@dependabot dependabot bot closed this Aug 2, 2024
@dependabot dependabot bot deleted the dependabot/bundler/bundler-security-group-94d990f63b branch August 2, 2024 03:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@G-Rath