🚨 [security] Update activesupport 6.1.7.7 → 8.1.2 (major)#115
Open
depfu[bot] wants to merge 1 commit intomasterfrom
Open
🚨 [security] Update activesupport 6.1.7.7 → 8.1.2 (major)#115depfu[bot] wants to merge 1 commit intomasterfrom
depfu[bot] wants to merge 1 commit intomasterfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ activesupport (6.1.7.7 → 8.1.2) · Repo · Changelog
Security Advisories 🚨
🚨 Active Support Possibly Discloses Locally Encrypted Files
🚨 Possible XSS Security Vulnerability in SafeBuffer#bytesplice
🚨 ReDoS based DoS vulnerability in Active Support's underscore
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
✳️ minitest (5.25.2 → 5.27.0) · Repo · Changelog
Release Notes
5.27.0 (from changelog)
5.26.2 (from changelog)
5.26.1 (from changelog)
5.26.0 (from changelog)
5.25.5 (from changelog)
5.25.4 (from changelog)
5.25.3 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 56 commits:
Branching minitest to version 5.27.0! Adding post install message announcing the EOL for minitest 5.REVERTED: Removed obsolete conditional for prerecord. For now... Wait for MT6.- Removed obsolete guards around Warning.- Removed obsolete version guards for pattern matching assertions.- Removed obsolete conditional for prerecord+ Use Kernel#warn uplevel argument for nicer warnings. (byroot)Fixed reporter test shape variation warning. (havenwood)+ Removed TestTask::Work#initialize since Queue can now initialize with an Enumerable! AMAZING!- Switched all internal requires to require_relative.- Cleaned up option aliasing a tad.Switched to vim-test in readmeAdded minitest website to readmeanother tweak to GHA config to fix task namesCleaned up GHA configprepped for releaseDropped extra 2.7 compatibility code.Dropped extra 2.7 compatibility code.- Fix pathing for Hoe::Minitest initialization to be more generic.- Bumped minimum ruby to 3.1.- Fixed refute_in_epsilon to use min of abs values. (wtn)Fuuuuck I am SO tired of ruby 2.7!- Alias Spec#name to #inspect for cleaner output in repls.- Improved options processing and usage output to be more clear.prepped for release- Bumped ruby version to include 4.0 (trunk). (hsbt)Ryan! STAHP! Stop trying to "optimize" this.- Add links to API doco in README.Comment end of larger classes w/ name to help navigation.Fix formatting of design_rationale.rb, update specstweak assertion count to be consistent- Add missing require thread.prepped for release- Use Regexp.escape for BASE_RE in case pwd has special chars. (astra_1993)- Bypass parallel_executor entirely when n_threads=1.- Switched assert_equal's diff from Tempfile.open to Tempfile.create.clarify an assert_equal + newline + backslash n test output to be more readableImprove let tests to no longer be order dependent.- Ensure that minitest exits non-zero on Interrupt. (tavianator)- Removed some 1.8/1.9-based code from the assertions and expectations.- Still fighting with rdoc? Yup. Still fighting with rdoc...- Don't require rubygems in Rakefile... it is 2025.- Fix Minitest.run sequence rdoc to include loop vars and read consistently.+ Added extra documentation to Minitest::TestTask options.prepped for release- Bumped minimum ruby to 2.7.Added notice to readme about development versions- Update the ruby and rails compatibility tables. (bquorning)- Reorder Minitest::Test.ancestors to allow reaching Minitest::Assertions#skipped? (Edouard-chin)Added ruby 3.4 to CI- Fixed expectation docs for must/wont_pattern_match. (jaredcwhite)prepped for release- Fix for must_verify definition if only requiring minitest/mock (but why?).prepped for release- Fixed formatting of unmet mock expectation messages.- minitest/pride: Fixed to use true colors with *-direct terminals (bk2204)Release Notes
1.3.6
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 69 commits:
Release 1.3.6Exclude dependabot updates from release notesThreadPoolExecutor `kill` will `wait_for_termination` in JRuby; ensure TimerSet timer thread shuts down cleanlyFlaky test fix: allow ThreadPool to shutdown before asserting completed_task_count (#1098)Allow TimerTask to be safely restarted after shutdown and avoid duplicate tasks (#1001)Mark RubySingleThreadExecutor as a SerialExecutorServiceAsynchronous pruning for RubyThreadPoolExecutor (#1082)Add Joshua Young to the list of maintainers (#1097)Use typed data APIsUse stdatomic.h on recent macOSBump actions/checkout from 5 to 6Fix multi require concurrent/executor/cached_thread_poolAlways fail-fast: false in CIAvoid creating a Fiber while loading the gemBump actions/checkout from 4 to 5Bump actions/upload-pages-artifact from 3 to 4Fix mistakes in MVar documentationCorrect word in readmeFix typoAdd 3.4 in CIRun tests without the C extension in CIFix guards in specs using C extension classesDocument Bundler workaround for releasingRelease concurrent-ruby 1.3.5 and concurrent-ruby-edge 0.7.2chore: fix typos (#1076)Set rake-compiler source and target to Java 8 (#1071)Improve ancestor classes specAvoid error when member is present on ancestor classRemove dependency on loggerAvoid requiring files of the gem in Rakefile to avoid redefined method warningsAvoid require in Gemfile & Rakefile to avoid redefined constant warningsAvoid require in *.gemspec files to avoid redefined constant warningsUpdate docs-source/signpost.md1.3.4Check early that $CONCURRENT_JRUBY_HOME is setFix the return value of `Concurrent.available_processor_count` when `cpu.cfs_quota_us` is -1Fix the doc of `Concurrent.available_processor_count`Add `Concurrent.cpu_shares` that is cgroups aware.Update comment for JRuby variant of processor_count to reality1.3.3Improve speed for windows `Get-CimInstance`1.3.2Add a windows job to CIRemove dependency on `win32ole`Automatically run bundle install before running testsRelease edge 0.7.1Make it possible to publish edge without baseEnsure JRuby is used in release testsFix concurrent-ruby-edge to depend on `~> MAJOR.MINOR` of concurrent-rubyGet RakeCompilerDock to work with either podman or docker, based on what is installedFix method name in CHANGELOG.mdPromoting 1.3.1.pre to 1.3.1.Prepare a 1.3.1.pre gem to test things for the 1.3.1 release.Prepare the 1.3.1 release.Prepare the 1.3.0 release.Fix a small grammar issue.Align Java Executor Service behavior for `shuttingdown?`, `shutdown?`Add 10 minute timeout to GitHub ActionsClarifyCleanupsAdd Concurrent.usable_processor_count that is cgroups awareUse 'ruby' for dynamic latest CRuby releaseAdvance "latest" ruby in isolated ci test job to 3.3No continue-on-error for head RubiesBump actions/checkout from 3 to 4Bump actions/deploy-pages from 1 to 4Bump actions/upload-pages-artifact from 1 to 3Fix link label in signpost.mdCI: Tell dependabot to update GH ActionsRelease Notes
1.14.8
1.14.7
1.14.6
1.14.5
1.14.4
1.14.3
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
🆕 base64 (added, 0.3.0)
🆕 bigdecimal (added, 4.0.1)
🆕 connection_pool (added, 3.0.2)
🆕 drb (added, 2.2.3)
🆕 json (added, 2.18.0)
🆕 logger (added, 1.7.0)
🆕 securerandom (added, 0.4.1)
🆕 uri (added, 1.1.1)
🗑️ zeitwerk (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands