π¨ [security] Update activesupport: 4.2.11.1 β 5.2.4.3 (major) #4
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Welcome to Depfu π
This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.
After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.
Let us know if you have any questions. Thanks so much for giving Depfu a try!
π¨ Your version of activesupport has known security vulnerabilities π¨
Advisory: CVE-2020-8165
Disclosed: May 18, 2020
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
π¨ We recommend to merge and deploy this update as soon as possible! π¨
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
Release Notes
5.2.4.1
5.2.4
5.2.3
5.1.7
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
β³οΈ jekyll (3.8.4 β 3.8.7) Β· Repo Β· Changelog
Release Notes
3.8.7
3.8.6
3.8.5
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 36 commits:
Release :gem: 3.8.7
chore(release): v3.8.7 :gem:
Update history to reflect merge of #8125 [ci skip]
Backport #7948 for v3.8.x (#8125)
Release :gem: 3.8.6
3.8.6: add release note for 3c06609406
Fix year
Update release date
Merge pull request #7735 from jekyll/3-8-6-release-notes
Create 3.8.6 release notes
Backport #7679 for v3.8.x (#7734)
Add all backports since 3.8.5
Backport #7697 for v3.8.x (#7722)
Backport #7709 to 3.8-stable branch
Backport #7213 and #7633 for v3.8.x (#7690)
Backport #7684 for v3.8.x (#7689)
Install platform-specific gems as required
Backport regex-escape-site-path from #7568 to 3.8-stable (#7573)
Fix CI builds on older Ruby versions (#7567)
Merge pull request #7467 from jekyll/3.8-stable-backport-7382
Merge pull request #7424 from jekyll/3.8-stable-backport-7419
Backport excerpt-liquid from 7382 to 3.8-stable
Merge branch '3.8-stable' into 3.8-stable-backport-7419
Backport c368fec to 3.8-stable
Skip theme dir symlink test if Windows.
Merge branch '3.8-stable' into this branch
Backport e41c427 to 3.8-stable
Backport 564f773 to 3.8-stable
Fix linting issue with lines being too long.
Backport ensure-realpath-for-theme-dirs-is-in-theme-dir from #7419 to 3.8-stable
Release :gem: 3.8.5
Prepare 3.8.5 release
Merge pull request #7352 from jekyll/3.8-backport-7250
style: Metrics/LineLength
style: fix offenses
Re-implement handling Liquid blocks in excerpts (#7250)
β³οΈ jekyll-redirect-from (0.14.0 β 0.16.0) Β· Repo Β· Changelog
Release Notes
0.16.0
0.15.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 28 commits:
chore(release): :gem: v0.16.0
chore(deps): target Ruby 2.4
chore: ignore vendor/bundle
Update history to reflect merge of #204 [ci skip]
Allow redirects from and for subclasses of page and document (#204)
Update history to reflect merge of #207 [ci skip]
Allows generation of redirects.json to be disabled (#207)
Update history to reflect merge of #211 [ci skip]
Stop testing with backwards-compatible site config (#211)
Update history to reflect merge of #201 [ci skip]
Use `Hash#key?` instead of `Hash#keys.any?` (#201)
Update history to reflect merge of #185 [ci skip]
Simplifies YAML for redirect_to (#185)
Release: v0.15.0
Update history to reflect merge of #196 [ci skip]
Allow testing and using with Jekyll 4.x (#196)
chore (ci): remove deprecated `sudo: false` in .travis.yml
chore(ci): Add Ruby 2.6, drop Ruby 2.3
chore(deps): relax version constraint on bundler
chore(ci): test oldest and latest Ruby versions only
style: auo-gen-exclude-only
style: safe-auto-correct
chore(deps): rubocop-jekyll 0.4
Update history to reflect merge of #187 [ci skip]
chore(deps): rubocop-jekyll 0.3 (#187)
chore(ci): match GitHub Pages version
Lint with rubocop-jekyll
Rubocop ~> 0.57.2
β³οΈ middleman (3.4.1 β 5.0.0.rc.1) Β· Repo Β· Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
β³οΈ middleman-livereload (3.3.4 β 3.4.6) Β· Repo Β· Changelog
Commits
See the full diff on Github. The new version differs by 32 commits:
bump
Merge pull request #85 from zhusee2/fix-thread-mutex-warning
Fix Thread.exclusive deprecation in Ruby 2.3.0
test against master
Fix pathname bug
Update targets
Bump
Merge pull request #83 from wazeHQ/css_reload
Fix CSS live reloading when @imported partials change
Merge pull request #80 from cbetta/js_host_and_port_docs
Add documentation for new options
Merge pull request #79 from cbetta/js_host_and_port
Merge pull request #78 from cbetta/patch-1
Add js_host and js_port options
Update README to include current version
Merge pull request #77 from wazeHQ/master
Live reload CSS partials.
Bump
Merge pull request #75 from middleman/Arcovion-patch-1
Correct the printed URI scheme
Merge pull request #74 from Arcovion/ignore-option
Add ignore option
minor v4 safety check
tweak
prep v4
prep for v4
Merge pull request #70 from komor72/master
Updated gem declaration to 3.3.x.
Merge pull request #67 from michaelbaudino/master
Add @import'ed and require'd files note to README
Merge pull request #66 from michaelbaudino/master
Minor output fix
β³οΈ middleman-syntax (3.0.0 β 3.2.0) Β· Repo Β· Changelog
Release Notes
3.2.0 (from changelog)
Does any of this look wrong? Please let us know.
Release Notes
1.12.2 (from changelog)
1.12.1 (from changelog)
1.12.0 (from changelog)
1.11.3 (from changelog)
1.11.2 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 44 commits:
Bump VERSION to 1.12.2
Update CHANGELOG for 1.12.2
Replace st_table with simple cache and fix segfault after GC.compact
Remove old references to ruby-1.9
Bump VERSION to 1.12.1
Do parallel builds in CI docker containers
Respect MAKE environment variable for libtest build
Better document enable/disable libffi switches in the README
Bump VERSION to 1.12.0
Update CHANGELOG for version 1.12.0
Update libffi to latest master branch
Merge pull request #735 from larskanis/disallow-re-layout
Warn about Struct layout redefinition only
Namespace all benchmarks since they are loaded into one process
Disallow struct layout changes
Require "ffi/version" per default
Set ruby-2.3.8 to allow_failures because of ffi unrelated error
Update rake to avoid warnings on ruby-2.7
Update to rake-compiler-dock-1.0.0 to build ruby-2.7 binary gems
Bump VERSION to 1.11.3
Prepare CHANGELOG for 1.11.3
Merge branch 'y-yagi-remove_taint_support'
Remove taint support
Update CHANGELOG [ci skip]
Update libffi to latest master
Update CHANGELOG for 1.11.2
Bump VERSION to 1.11.2
Merge pull request #722 from adam12/regenerate-freebsd12-types
Fix library name mangling for non glibc Linux/UNIX
Merge pull request #724 from ahorek/dragonfly
add types
identify dragonflybsd as a platform
Regenerated type conf for freebsd12 target
Remove MACOSX_DEPLOYMENT_TARGET that was targeting very old version 10.4
Fix compiler warnings raised by ruby-2.7
Add ruby-2.6 to Appveyor CI
Describe "types_conf" so that it's shown in "rake -T"
Update platform x86_64-linux on Ubuntu-18.04
Sort all types.conf files, so that changes are more visible
Merge pull request #711 from wonda-tea-coffee/fix-bigdecimal-new
Fix BigDecimal.new
Merge pull request #703 from jcn/patch-1
Update ffi.gemspec with correct homepage URL
Add a notice about yanked ffi-1.11.0
Release Notes
5.1.2 (from changelog)
5.1.1 (from changelog)
5.1.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
0.9.5
0.9.4
0.9.3
0.9.1
0.9.0
0.8.6
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
2.2.1
2.1.2
2.1.1
2.1.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 49 commits:
Release :gem: v2.2.1
Test with Jekyll 4.0 and 3.6 (#87)
Move Ruby version requirement above dependencies
Re-introduce support for Ruby 2.3 (#86)
Release: v2.2.0
chore (ci): remove deprecated `sudo: false` in .travis.yml
docs: update History
fix: unfreeze to make tests pass
chore(deps): rubocop-jekyll 0.5 / rubocop 0.62
chore(deps): loose version on wdm
chore(deps): relax version constraint on bundler
chore(ci): drop Ruby 2.3
chore(deps): require Ruby 2.4
style: target Ruby 2.4
chore(ci): test oldest and latest ruby versions only
style: auto-gen-only-exclude
chore(deps): :up: rubocop-jekyll 0.4
Update history to reflect merge of #65 [ci skip]
Ignore directories rather than all similar paths (#65)
Update history to reflect merge of #76 [ci skip]
Fix encoding discrepancy in excluded Windows paths (#76)
Update history to reflect merge of #79 [ci skip]
chore(deps): rubocop-jekyll 0.3 (#79)
chore(release): :gem: 2.1.2
Update history to reflect merge of #78 [ci skip]
Fix watcher failure due to incorrect file name encoding (#78)
Update history to reflect merge of #77 [ci skip]
Initialize AppVeyor CI to test plugin on Windows (#77)
chore(release): :gem: 2.1.1
Update history to reflect merge of #73 [ci skip]
Replace non-existent local variable (#73)
Remove unnecessary whitespace
chore(release): :gem:Β 2.1.0
chore(deps): use latest rubocop-jekyll
Update history to reflect merge of #69 [ci skip]
normalize watched-path encoding (#69)
Stop testing unsupported Ruby version
Lint with rubocop-jekyll
Match Jekyll's current version
Merge pull request #67 from ashmaroli/travis-ruby-25
Merge pull request #66 from ashmaroli/bump-rubocop
Fix failing Travis build on Ruby 2.5
Use Rubocop w/ config inherited from Jekyll-3.8.0
Update history to reflect merge of #62 [ci skip]
Test against Ruby 2.5 (#62)
Update LICENSE.txt
Merge pull request #60 from jekyll/copyright-notice
Update Copyright notice
Update History.markdown
Release Notes
4.0.3 (from changelog)
4.0.2 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
3.1.5
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Sorry, we couldn't find anything useful about this release.
Release Notes
5.14.0 (from changelog)
5.13.0 (from changelog)
5.12.2 (from changelog)
5.12.1 (from changelog)
5.12.0 (from changelog)
Does any of this look wrong? Please let us know.
Release Notes
1.14.1 (from changelog)
1.14.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 13 commits:
Version 0.14.1
Update changelog for 0.14.1
Fix 2.7 warning
Merge pull request #193 from orien/gem-metadata
Add project metadata to the gemspec
Version 0.14.0
Remove ssh key signing
Add changelog for 0.14
Oj 2 and 3 support
Fix CI
Remove gemnasium
Merge pull request #192 from igas/patch-2
Fix codeclimate badge
Release Notes
1.10.9
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 5 commits:
version bump to v1.10.9
update CHANGELOG
Change return type to RubyArray
update CHANGELOG for #1985
Work around a bug in libxml2
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Commits
See the full diff on Github. The new version differs by 8 commits:
:package: v0.16.2
Bring back Ruby 2.5 compatibility.
Fix Benchmarking.
Update .travis.yml
Add Pathname.
Sync development files.
Fix deprecation with RubyGems.
Update the Gitignore.
Release Notes
4.0.5 (from changelog)
4.0.4 (from changelog)
4.0.3 (from changelog)
4.0.2 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 31 commits:
Release 4.0.5
Update tests.yml
Update tests.yml
Add CI workflow
Add project metadata to the gemspec (#172)
Update definitions
Create codecov.yml
Update Travis badge link
Release 4.0.3
Update definitions
Update to Rubocop 0.81.0
Update rubocop requirement from 0.80.0 to 0.80.1 (#170)
Update rubocop requirement from 0.79.0 to 0.80.0 (#169)
Update SECURITY.md
Update README.md
Update README.md
Update .gitignore
Update definitions
Sync up my Rubocop default file
Move development dependencies from gemspec to Bundle
Release 4.0.3
Welcome 2020
CHANGELOG for GH-167
Fix 2.7 deprecations and warnings (#168)
Update .travis.yml
Experiment with https://keepachangelog.com/
Update rubocop
Release 4.0.2
Update README.md
Create SECURITY.md
Update CHANGELOG.md
Commits
See the full diff on Github. The new version differs by 3 commits:
bump version
Handle case where session id key is requested but it is missing
Merge pull request #1462 from jeremyevans/sessionid-to_s
Release Notes
0.10.4
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 3 commits:
Update gem version to 0.10.4
Merge pull request #85 from tyler-ball/patch-1
Remove bundler development dependency
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
1.0.5 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 8 commits:
Exclude built *.gem files from version control
Bump version to 1.0.5
Merge pull request #90 from elifoster/fix-80
Fix uninitialized constant DateTime
removed store.yaml from repo
updated tests for SafeYAML::Store
Merge pull request #68 from blackwinter/add-safe_yaml-store
Add SafeYAML::Store, a YAML::Store variant that uses SafeYAML.load instead of YAML.load.
Commits
See the full diff on Github. The new version differs by 15 commits:
v0.8.2
Merge pull request #127 from k0kubun/truffleruby-stringsplitter
Support truffleruby in StaticAnalyzer
Support truffleruby in StringSplitter
Remove gemnasium badge (#123)
v0.8.1
Update CHANGES
Stop relying on deprecated method in Rails (#121)
Merge pull request #111 from jeremyevans/fstring
Merge pull request #114 from jirutka/badges
Readme: Add Gem Version badge
Readme: Replace PNG badges with SVG variants
Fix issue with --enable-frozen-string-literal
Merge pull request #110 from doits/fix_expression_md
escape html in markdown
Release Notes
1.0.1 (from changelog)
1.0.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
2.0.10 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
1.2.7
1.2.6
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 46 commits:
Improve grammar.
Preparing v1.2.7.
Update to Ruby 2.7.1.
Revert to Ruby 2.4.9 and 2.7.0.
Update to Ruby 2.4.10, 2.5.8, 2.6.6, 2.7.1 and JRuby 9.2.11.1.
Use shields.io for badges.
Update copyright years.
Add a build status badge for AppVeyor.
Replace broken links.
Use https for links where available.
Update to JRuby 9.2.11.0.
Merge pull request #112.
Test for just the non-existence of #untaint.
Fix comments relating to taint/untaint removal.
Don't rely on lexicographic version comparisons.
Fix test failures on Ruby 1.8.7.
Fix erroneous 'wrong number of arguments' errors on JRuby 9.0.5.0.
`$VERBOSE = false` won't be worked since `rb_warning` is changed to `rb_warn`
Update to Ruby 2.7.0.
Update copyright years.
Preparing v1.2.6.
Replace expired gem signing certificate.
Fix a comment.
Ruby Enterprise Edition requires older versions of RubyGems and Bundler.
Fix block not being called by RubyCoreSupport.open_file on JRuby 9.2.
Revert "Try and fix an incorrect rake version being picked with JRuby 1.7."
Try and fix an incorrect rake version being picked with JRuby 1.7.
Convert to UNIX line endings.
Simplify minitest version constraint.
Update to Ruby v2.7.0-rc2.
Run CI tests on Windows with AppVeyor.
Enable verbose test output.
Update Travis CI Ruby versions.
Prevent bundler from attempting to use version minitest v5.12.0.
Allow newer versions of Rake that fix warnings with Ruby 2.7.
Eliminate a warning when calling File.open with keyword arguments.
Suppress deprecation warnings due to Object#untaint on Ruby 2.7.
Fix test failures on Ruby 1.8.7 caused by DateTime issues.
Remove the unused REQUIRE_PATH constant from RubyDataSource.
Fix SecurityErrors when loading data in safe mode.
Test that RUBY_ENGINE is defined.
Skip tests that fail due to Ruby bug 14060 on Ruby 2.4.4.
Update to the latest Ruby, JRuby and Rubinius releases.
Fix a documentation typo.
Return the correct seconds since the epoch value for strftime with %s.
Restrictions on timezones only apply to older (pre-1.9) Ruby releases.
Release Notes
4.2.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
π backports (added, 3.17.1)
π concurrent-ruby (added, 1.1.6)
π contracts (added, 0.16.0)
π dotenv (added, 2.7.5)
π fastimage (added, 2.1.7)
π hamster (added, 3.0.0)
π hashie (added, 3.6.0)
π lazy_priority_queue (added, 0.1.1)
π memoist (added, 0.16.2)
π middleman-cli (added, 5.0.0.rc.1)
π oj (added, 3.10.6)
π rgl (added, 0.5.6)
π sassc (added, 2.3.0)
π servolux (added, 0.13.0)
π stream (added, 0.5.2)
ποΈ capybara (removed)
ποΈ chunky_png (removed)
ποΈ compass (removed)
ποΈ compass-import-once (removed)
ποΈ hike (removed)
ποΈ hooks (removed)
ποΈ json (removed)
ποΈ middleman-sprockets (removed)
ποΈ mime-types (removed)
ποΈ mime-types-data (removed)
ποΈ rack-test (removed)
ποΈ sprockets (removed)
ποΈ sprockets-helpers (removed)
ποΈ sprockets-sass (removed)
ποΈ uber (removed)
ποΈ xpath (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands