Skip to content

Bump actionpack, rails, rails_admin, dotenv-rails and letter_opener#305

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/multi-ae3542c56c
Open

Bump actionpack, rails, rails_admin, dotenv-rails and letter_opener#305
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/multi-ae3542c56c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Jun 4, 2024

Bumps actionpack, rails, rails_admin, dotenv-rails and letter_opener. These dependencies needed to be updated together.
Updates actionpack from 6.1.3.2 to 7.1.3.4

Release notes

Sourced from actionpack's releases.

7.1.3.4

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103]

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 7.1.3.4 (June 04, 2024)

  • Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103]

Rails 7.1.3.3 (May 16, 2024)

  • No changes.

Rails 7.1.3.2 (February 21, 2024)

  • Fix raise_on_missing_translations not working correctly with the translate method in controllers after the patch for CVE-2024-26143.

Rails 7.1.3.1 (February 21, 2024)

Rails 7.1.3 (January 16, 2024)

  • Fix including Rails.application.routes.url_helpers directly in an ActiveSupport::Concern.

    Jonathan Hefner

  • Fix system tests when using a Chrome binary that has been downloaded by Selenium.

    Jonathan Hefner

Rails 7.1.2 (November 10, 2023)

  • Fix a race condition that could cause a Text file busy - chromedriver error with parallel system tests

    Matt Brictson

  • Fix StrongParameters#extract_value to include blank values

    Otherwise composite parameters may not be parsed correctly when one of the component is blank.

... (truncated)

Commits
  • 19eebf6 Preparing for 7.1.3.4 release
  • bd7c28a update changelog
  • c7b9e0c include the HTTP Permissions-Policy on non-HTML Content-Types
  • 747a03b Preparing for 7.1.3.3 release
  • 6f0d1ad Preparing for 7.1.3.2 release
  • c25f0fc Respect raise_on_missing_ in controller
  • d73ed95 Preparing for 7.1.3.1 release
  • 43037d8 update changelog
  • 5187a9e fix XSS vulnerability when using translation
  • b4d3bfb Fix ReDoS in accept header scanning
  • Additional commits viewable in compare view

Updates rails from 6.1.3.2 to 7.1.3.4

Release notes

Sourced from rails's releases.

7.1.3.4

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103]

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

... (truncated)

Commits
  • 19eebf6 Preparing for 7.1.3.4 release
  • bd7c28a update changelog
  • 1ac6d40 Sanitize ActionText HTML ContentAttachment in Trix edit view
  • c7b9e0c include the HTTP Permissions-Policy on non-HTML Content-Types
  • 747a03b Preparing for 7.1.3.3 release
  • 260cb39 Upgrade Trix to 2.1.1 to fix [CVE-2024-34341][1]
  • 6f0d1ad Preparing for 7.1.3.2 release
  • c25f0fc Respect raise_on_missing_ in controller
  • d73ed95 Preparing for 7.1.3.1 release
  • 43037d8 update changelog
  • Additional commits viewable in compare view

Updates rails_admin from 2.2.1 to 3.1.2

Changelog

Sourced from rails_admin's changelog.

3.1.2 - 2023-03-23

Full Changelog

Fixed

  • Fix install failing with importmap setup (aca22b6, #3609)
  • Fix to show non-eager-loaded models which are explicitly configured (87c9d5b, #3604)
  • Fix rails_admin.dom_ready event not triggered with jQuery on (2ee43de, 33773d7, #3600)
  • Restore caching in RailsAdmin::Config::Model#excluded? (#3587)
  • Optimize/simplify viable_models file path to class name logic (#3589)

3.1.1 - 2022-12-18

Full Changelog

Changed

  • Relax Font-Awesome dependency to allow Webpacker users to stay on 5.x (3a7f348, #3565)

Removed

  • Remove unused glphyicon assets (#3578)

Fixed

  • Simplify uses of defined? (#3561)
  • Define jQuery object in separate file to support esbuild (#3571)
  • Fix filter box being duplicated on browser back (c6b1893, #3570)
  • Fix sidebar menu expanding horizontally, preventing vertical scroll (9997c10, #3564)

3.1.0 - 2022-11-06

Full Changelog

Fixed

  • Fix to use defer instead of async to ensure script loading order (2a40976, #3513)
  • Improve filter method select box appearance (#3559)

3.1.0.rc2 - 2022-10-02

Full Changelog

Fixed

  • Fix sidebar style broken in attempt to support Bootstrap 5.2 (d7abba4, #3553)

3.1.0.rc - 2022-09-22

... (truncated)

Commits
  • 5a958e4 Version 3.1.2
  • 33773d7 Postpone introduction of the new event name rails_admin:dom_ready
  • aca22b6 Fix install failing with importmap setup
  • 87c9d5b Fix to show non-eager-loaded models which are explicitly configured
  • 2ee43de Change dom_ready event name to use colon as the separator
  • edd9f24 Restore caching in RailsAdmin::Config::Model#excluded? (#3587)
  • e8319bc Update GitHub Actions Badge URL
  • ede9870 Optimize file path to class name conversion (#3589)
  • e83fb0b Switch to the safe navigation operator in spec files (#3588)
  • fa9a96b Fix typo: Envinronment ==> Environment (#3586)
  • Additional commits viewable in compare view

Updates dotenv-rails from 3.1.0 to 3.1.2

Release notes

Sourced from dotenv-rails's releases.

3.1.2

What's Changed

Full Changelog: bkeepers/dotenv@v3.1.1...v3.1.2

3.1.1

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.0...v3.1.1

Changelog

Sourced from dotenv-rails's changelog.

3.1.2

Full Changelog: bkeepers/dotenv@v3.1.1...v3.1.2

3.1.1

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.0...v3.1.1

Commits
  • 1ee5884 Release 3.1.2
  • ea5de88 Merge pull request #504 from bkeepers/autorestore-stubbed
  • 6a12390 Fix: "can't modify frozen Hash" when stubbing ENV
  • e9c1907 Prepare for v3.1.1 release
  • 6cbcf3c Merge pull request #503 from bkeepers/guard-restore
  • 2567e26 Guard against restore being called with no previously saved state
  • e43d34a Merge pull request #502 from maxjacobson/mj/template-multi-line-variables
  • 1982e3c Fix template (-t) handling of multi-line variables
  • c9ecfa4 Merge pull request #495 from javierjulio/patch-1
  • 453e676 Require version file so VERSION is available
  • See full diff in compare view

Updates letter_opener from 1.9.0 to 1.10.0

Changelog

Sourced from letter_opener's changelog.

1.10.0

  • Allow Launchy 3.0+.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump actionpack, rails, rails_admin, dotenv-rails and letter_opener
f4829e7 
Bumps [actionpack](https://github.com/rails/rails), [rails](https://github.com/rails/rails), [rails_admin](https://github.com/sferik/rails_admin), [dotenv-rails](https://github.com/bkeepers/dotenv) and [letter_opener](https://github.com/ryanb/letter_opener). These dependencies needed to be updated together.

Updates `actionpack` from 6.1.3.2 to 7.1.3.4
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.4/actionpack/CHANGELOG.md)
- [Commits](rails/rails@v6.1.3.2...v7.1.3.4)

Updates `rails` from 6.1.3.2 to 7.1.3.4
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](rails/rails@v6.1.3.2...v7.1.3.4)

Updates `rails_admin` from 2.2.1 to 3.1.2
- [Changelog](https://github.com/railsadminteam/rails_admin/blob/master/CHANGELOG.md)
- [Commits](railsadminteam/rails_admin@v2.2.1...v3.1.2)

Updates `dotenv-rails` from 3.1.0 to 3.1.2
- [Release notes](https://github.com/bkeepers/dotenv/releases)
- [Changelog](https://github.com/bkeepers/dotenv/blob/main/Changelog.md)
- [Commits](bkeepers/dotenv@v3.1.0...v3.1.2)

Updates `letter_opener` from 1.9.0 to 1.10.0
- [Changelog](https://github.com/ryanb/letter_opener/blob/master/CHANGELOG.md)
- [Commits](ryanb/letter_opener@v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: actionpack
  dependency-type: direct:production
- dependency-name: rails
  dependency-type: direct:production
- dependency-name: rails_admin
  dependency-type: direct:production
- dependency-name: dotenv-rails
  dependency-type: direct:development
- dependency-name: letter_opener
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jun 4, 2024
@dependabot dependabot bot mentioned this pull request Jun 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants