Bump the bundler group across 1 directory with 11 updates #11
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates the requirements on dalli, activerecord, actionpack, actionview, activesupport, globalid, loofah, nokogiri, rack, rails-html-sanitizer and rexml to permit the latest version.
Updates
dalli
from 2.7.11 to 3.2.3Changelog
Sourced from dalli's changelog.
... (truncated)
Commits
23b2465
Prepare for version 3.2.372c4171
Fix Rubocop test lints - 2022-10 (#934)48d594d
Fixes #932 (#933)a8611e2
README: fix link to CHANGELOG.md (#929)4f6ffac
Rename History.md to CHANGELOG.md7177ad8
Add changelog entries.2143122
Require "uri" from stdlib (#925)b4b2574
Add changelog entry for namespace as proc fixf5ec74c
Evaluate Proc namespaces every time (not just at initialization) (#923)903295c
Fix new Rubocop issues (#924)Updates
activerecord
from 6.1.3.2 to 6.1.7.1Release notes
Sourced from activerecord's releases.
... (truncated)
Commits
c443466
Version 6.1.7.13db858c
Make sanitize_as_sql_comment more strict4f44aa9
Added integer width check to PostgreSQL::Quoting9ab3375
Version 6.1.7e74d6ee
Merge pull request #45872 from the-spectator/correct_hwia_encoding3da5f09
Fix tests after cherry-pick of #45773aab3695
Don't handle this change for legacy_connection_handlingb2e8fb8
Merge pull request #45773 from eileencodes/only-setup-shared-pools-if-we-have...571b4d5
Merge pull request #45593 from skipkayhil/fix-6-1-compatefc58ab
Remove active_record.yaml initializersUpdates
actionpack
from 6.1.3.2 to 6.1.7.1Release notes
Sourced from actionpack's releases.
... (truncated)
Commits
c443466
Version 6.1.7.18dc4595
Avoid regex backtracking on If-None-Match header90e8a90
Use string#split instead of regex for domain parts9ab3375
Version 6.1.7f05ac78
Merge branch '6-1-sec' into 6-1-stabledc1242f
Preparing for 6.1.6.1 release0bce40f
updating version and changelog41b0776
Fix did you mean tests for ruby-trunk (3.2)47ff0bd
Merge pull request #45141 from eugeneius/dont_call_headersd42b549
Preparing for 6.1.6 releaseUpdates
actionview
from 6.1.3.2 to 6.1.7.1Release notes
Sourced from actionview's releases.
... (truncated)
Commits
c443466
Version 6.1.7.19ab3375
Version 6.1.7f05ac78
Merge branch '6-1-sec' into 6-1-stabledc1242f
Preparing for 6.1.6.1 release0bce40f
updating version and changelog507b5aa
Fix failing test on 6-1-stable for Ruby 2.5 and 2.6d42b549
Preparing for 6.1.6 release147557d
Preparing for 6.1.6 release7c2da9e
Merge pull request #45027 from rails/fix-tag-helper-regressione2efc66
Preparing for 6.1.5.1 releaseUpdates
activesupport
from 6.1.3.2 to 6.1.7.1Release notes
Sourced from activesupport's releases.
... (truncated)
Commits
c443466
Version 6.1.7.1a7cda7e
Avoid regex backtracking in Inflector.underscore9ab3375
Version 6.1.7ad24aa5
add test for keyword arguments in ActiveSupport::CurrentAttributes.method_mis...11e0b89
fix ActiveSupport::CurrentAttributes.method_missing for Ruby 3f05ac78
Merge branch '6-1-sec' into 6-1-stabledc1242f
Preparing for 6.1.6.1 release0bce40f
updating version and changelogd42b549
Preparing for 6.1.6 release147557d
Preparing for 6.1.6 releaseUpdates
globalid
from 0.4.2 to 1.0.1Release notes
Sourced from globalid's releases.
Commits
574b99f
Bump version for release4a75ecb
Fix ReDoS vulnerability in name parsing42f5ea6
Prepare for 1.0.0beab3e4
Prepare to 0.6.029e12cb
Upgrade all development gemsc894a43
Add devcontainer to allow contributors to have a working environmentb3ec8b9
Move ActiveRecord::FixtureSet.signed_global_id to this geme9d6ed9
Merge pull request #137 from rails/dependabot/bundler/nokogiri-1.12.5a565d31
Bump nokogiri from 1.11.7 to 1.12.59b1a4d2
Why u no love me?Updates
loofah
from 2.9.1 to 2.19.1Release notes
Sourced from loofah's releases.
... (truncated)
Changelog
Sourced from loofah's changelog.
... (truncated)
Commits
3f88063
version bump to v2.19.19a8dadb
docs: preserve the context and decision record86f7f63
fix: replace recursive approach to cdata with escaping solution415677f
fix: do not allow "image/svg+xml" in data URIs84ca20c
refactor: extract scrub_uri_attribute for downstream use47a835a
ci: pin psych to v4 until v5 builds properly on CIa6e0a1a
fix: replace slow regex attribute check with crass parserea853aa
Merge pull request #247 from flavorjones/flavorjones-downstream-test-rhse1f2a4b
ci: test downstream rails-html-sanitizer79d65a0
Merge pull request #245 from flavorjones/flavorjones-fix-ruby-2.5-ciUpdates
nokogiri
from 1.11.6 to 1.16.7Release notes
Sourced from nokogiri's releases.
... (truncated)
Changelog
Sourced from nokogiri's changelog.
... (truncated)
Commits
d8d6ba3
version bump to v1.16.776199bb
dep: update libxml2 to v2.12.9 (branch v1.16.x) (#3297)ca92e48
dep: update packaged libxml2 to v2.12.9fb833ea
version bump to v1.16.6bacc8dc
dep: update libxml2 to 2.12.8 (backport to v1.16.x) (#3229)cf0579f
doc: update CHANGELOG447fd12
dep: update libxml2 to 2.12.8cd70bd3
version bump to v1.16.5afc36de
dep: update vendored libxml2 to v2.12.7 (#3191)41b4f08
ci: add arm64-darwin coverage using macos-14Updates
rack
from 2.2.3 to 2.2.8.1Release notes
Sourced from rack's releases.
Changelog
Sourced from rack's changelog.
... (truncated)
Commits
e830011
bump versiond9c163a
Avoid 2nd degree polynomial regexp in MediaType6245768
Return an empty array when ranges are too largee4c1177
Fixing ReDoS in header parsingf169ff7
Bump patch version.0a46487
Regenerate SPEC (#2102)cee73b3
Fix inefficient assert pattern in Rack::Lint (#2101)1fdcf1f
Prefer ubuntu-latest for testing. (#2095)287fe43
Update cookie.rb (#2092)e7f4869
adds missing 2.2.7 to CHANGELOG.md (#2081)Updates
rails-html-sanitizer
from 1.3.0 to 1.4.4Release notes
Sourced from rails-html-sanitizer's releases.
... (truncated)
Changelog
Sourced from rails-html-sanitizer's changelog.
... (truncated)
Commits
fd63dea
version bump to v1.4.448ae90a
dep: bump dependency on loofah0713caf
fix: escape CDATA nodes using Loofah's escaping methodse6d52d3
revert 45a5c10d1223a2
fix: use Loofah's scrub_uri_attribute methodf0e3347
fix: replace slow regex attribute check with Loofah methoddf03f2f
ci: pin system lib test to 20.043e2a0f3
Merge pull request #145 from rails/flavorjones-get-14x-green11752a6
tests: handle libxml 2.10.0 incorrectly-opened comment parsingf83f08c
version bump to v1.4.3Updates
rexml
from 3.2.5 to 3.3.6Release notes
Sourced from rexml's releases.
... (truncated)
Changelog
Sourced from rexml's changelog.
... (truncated)
Commits
95871f3
Add 3.3.6 entry7cb5eae
parser tree: improve namespace conflicted attribute check performance6109e01
Fix a bug that Stream parser doesn't expand the user-defined entity reference...cb15858
parser: keep the current namespaces instead of stack of Set2b47b16
parser: move duplicated end tag check to BaseParser35e1681
test tree-parser: move common method to base class6e00a14
test: fix indentdf3a0cc
test: fix indentfdbffe7
Use loop instead of recursive call for Element#namespace6422fa3
Use loop instead of recursive call for Element#rootDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.