Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump actionpack, rails, dotenv-rails and rubocop #222

Open
wants to merge 1 commit into
base: qa
Choose a base branch
from
Open

Bump actionpack, rails, dotenv-rails and rubocop #222

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 11, 2024

Bumps actionpack, rails, dotenv-rails and rubocop. These dependencies needed to be updated together.
Updates actionpack from 6.1.7.8 to 8.0.0.1

Release notes

Sourced from actionpack's releases.

8.0.0.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

    [CVE-2024-54133]

    Gannon McGibbon

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 8.0.0.1 (December 10, 2024)

  • Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

    [CVE-2024-54133]

    Gannon McGibbon

Rails 8.0.0 (November 07, 2024)

  • No changes.

Rails 8.0.0.rc2 (October 30, 2024)

  • Fix routes with :: in the path.

    Rafael Mendonça França

  • Maintain Rack 2 parameter parsing behaviour.

    Matthew Draper

Rails 8.0.0.rc1 (October 19, 2024)

  • Remove Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality.

    Rafael Mendonça França

  • Improve ActionController::TestCase to expose a binary encoded request.body.

    The rack spec clearly states:

    The input stream is an IO-like object which contains the raw HTTP POST data. When applicable, its external encoding must be “ASCII-8BIT” and it must be opened in binary mode.

    Until now its encoding was generally UTF-8, which doesn't accurately reflect production behavior.

    Jean Boussier

  • Update ActionController::AllowBrowser to support passing method names to :block

    class ApplicationController < ActionController::Base
  allow_browser versions: :modern, block: :handle_outdated_browser

... (truncated)

Commits

Updates rails from 6.1.7.8 to 8.0.0.1

Release notes

Sourced from rails's releases.

8.0.0.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

    [CVE-2024-54133]

    Gannon McGibbon

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

Active Storage

  • No changes.

... (truncated)

Commits
  • a993c27 Preparing for 8.0.0.1 release
  • 54b0daf Update vendored trix version to 2.1.10
  • 2e3f41e Add CSP directive validation
  • dd8f718 Preparing for 8.0.0 release
  • f88e6ae Merge pull request #53550 from tysongach/devcontainer-links
  • 43425c8 Bump deprecation message to 8.1
  • 38bf52d Add yarn.lock to allowed dirty files
  • 3de9afc Merge pull request #53546 from matthewd/dst_deprecation_fix
  • ebcb66e Merge pull request #53542 from Uaitt/remove-redundant-period-in-security-guides
  • 4f042a8 Merge pull request #53520 from Earlopain/fix-backtrace-env-gem-paths
  • Additional commits viewable in compare view

Updates dotenv-rails from 3.1.0 to 3.1.4

Release notes

Sourced from dotenv-rails's releases.

3.1.4

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.3...v3.1.4

3.1.3

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.2...v3.1.3

3.1.2

What's Changed

Full Changelog: bkeepers/dotenv@v3.1.1...v3.1.2

3.1.1

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.0...v3.1.1

Changelog

Sourced from dotenv-rails's changelog.

3.1.4

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.3...v3.1.4

3.1.3

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.2...v3.1.3

3.1.2

Full Changelog: bkeepers/dotenv@v3.1.1...v3.1.2

3.1.1

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.0...v3.1.1

Commits

Updates rubocop from 1.63.2 to 1.69.1

Release notes

Sourced from rubocop's releases.

RuboCop 1.69.1

Bug fixes

  • #13502: Fix an incorrect autocorrect for Style/DigChain when using safe navigation method chain with dig method. (@​koic)
  • #13505: Fix an error for Style/ParallelAssignment when using the anonymous splat operator. (@​earlopain)
  • #13184: Fix some false positives in Lint/UnreachableCode. (@​isuckatcs)
  • #13494: Fix false positives for Style/HashExcept cop when using reject/!include?, reject/!in? or select/!exclude? combinations. (@​lovro-bikic)
  • #13522: Fix Lint/UnescapedBracketInRegexp cop failure with invalid regular expression. (@​viralpraxis)
  • #13523: Fix Style::AccessModifierDeclarations cop failure in case of if node without else. (@​viralpraxis)
  • #13524: Fix Style/RedundantArgument cop failure while inspecting string literal with invalid encoding. (@​viralpraxis)
  • #13528: Fix Style/RedundantParentheses cop failure in case of splatted case node without condition. (@​viralpraxis)
  • #13521: Fix Style/RedundantSelf cop failure with kwnilarg argument node. (@​viralpraxis)
  • #13526: Fix Style/StringConcatenation cop failure when there are mixed implicit and explicit concatenations. (@​viralpraxis)
  • #13511: Fix false positive in Lint/UnescapedBracketInRegexp when using regexp_parser 2.9.2 and earlier. (@​dvandersluis)
  • #13096: Update Style/BlockDelimiters to not change braces when they are required for syntax. (@​dvandersluis)
  • #13512: Update Style/LambdaCall to be aware of safe navigation. (@​dvandersluis)

RuboCop 1.69

New features

Bug fixes

  • #13455: Fix a false positive for Layout/EmptyLineAfterGuardClause when using a guard clause outside oneliner block. (@​koic)
  • #13412: Fix a false positive for Style/RedundantLineContinuation when there is a line continuation at the end of Ruby code followed by __END__ data. (@​koic)
  • #13476: Allow to write generics type of RBS::Inline annotation after subclass definition in Style/CommentedKeyword. ([@​dak2][])
  • #13441: Fix an incorrect autocorrect for Style/IfWithSemicolon when using return with value in if with a semicolon is used. (@​koic)
  • #13448: Fix an incorrect autocorrect for Style/IfWithSemicolon when the then body contains an arithmetic operator method call with an argument. (@​koic)
  • #13199: Make Style/RedundantCondition skip autocorrection when a branch has a comment. (@​koic)
  • #13411: Fix Style/BitwisePredicate when having regular method. ([@​d4be4st][])
  • #13432: Fix false positive for Lint/FloatComparison against nil. (@​lovro-bikic)
  • #13461: Fix false positives for Lint/InterpolationCheck when using invalid syntax in interpolation. (@​koic)
  • #13402: Fix a false positive for Lint/SafeNavigationConsistency when using unsafe navigation with both && and ||. (@​koic)
  • #13434: Fix a false positive for Naming/MemoizedInstanceVariableName for assignment methods`. (@​earlopain)
  • #13415: Fix false positives for Naming/MemoizedInstanceVariableName when using initialize_clone, initialize_copy, or initialize_dup. (@​koic)
  • #13421: Fix false positives for Style/SafeNavigation when using a method chain that exceeds the MaxChainLength value and includes safe navigation operator. (@​koic)
  • #13433: Fix autocorrection for Style/AccessModifierDeclarations for multiple inline symbols. (@​dvandersluis)

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.69.1 (2024-12-03)

Bug fixes

  • #13502: Fix an incorrect autocorrect for Style/DigChain when using safe navigation method chain with dig method. ([@​koic][])
  • #13505: Fix an error for Style/ParallelAssignment when using the anonymous splat operator. ([@​earlopain][])
  • #13184: Fix some false positives in Lint/UnreachableCode. ([@​isuckatcs][])
  • #13494: Fix false positives for Style/HashExcept cop when using reject/!include?, reject/!in? or select/!exclude? combinations. ([@​lovro-bikic][])
  • #13522: Fix Lint/UnescapedBracketInRegexp cop failure with invalid regular expression. ([@​viralpraxis][])
  • #13523: Fix Style::AccessModifierDeclarations cop failure in case of if node without else. ([@​viralpraxis][])
  • #13524: Fix Style/RedundantArgument cop failure while inspecting string literal with invalid encoding. ([@​viralpraxis][])
  • #13528: Fix Style/RedundantParentheses cop failure in case of splatted case node without condition. ([@​viralpraxis][])
  • #13521: Fix Style/RedundantSelf cop failure with kwnilarg argument node. ([@​viralpraxis][])
  • #13526: Fix Style/StringConcatenation cop failure when there are mixed implicit and explicit concatenations. ([@​viralpraxis][])
  • #13511: Fix false positive in Lint/UnescapedBracketInRegexp when using regexp_parser 2.9.2 and earlier. ([@​dvandersluis][])
  • #13096: Update Style/BlockDelimiters to not change braces when they are required for syntax. ([@​dvandersluis][])
  • #13512: Update Style/LambdaCall to be aware of safe navigation. ([@​dvandersluis][])

1.69.0 (2024-11-26)

New features

Bug fixes

  • #13455: Fix a false positive for Layout/EmptyLineAfterGuardClause when using a guard clause outside oneliner block. ([@​koic][])
  • #13412: Fix a false positive for Style/RedundantLineContinuation when there is a line continuation at the end of Ruby code followed by __END__ data. ([@​koic][])
  • #13476: Allow to write generics type of RBS::Inline annotation after subclass definition in Style/CommentedKeyword. ([@​dak2][])
  • #13441: Fix an incorrect autocorrect for Style/IfWithSemicolon when using return with value in if with a semicolon is used. ([@​koic][])
  • #13448: Fix an incorrect autocorrect for Style/IfWithSemicolon when the then body contains an arithmetic operator method call with an argument. ([@​koic][])
  • #13199: Make Style/RedundantCondition skip autocorrection when a branch has a comment. ([@​koic][])
  • #13411: Fix Style/BitwisePredicate when having regular method. ([@​d4be4st][])
  • #13432: Fix false positive for Lint/FloatComparison against nil. ([@​lovro-bikic][])
  • #13461: Fix false positives for Lint/InterpolationCheck when using invalid syntax in interpolation. ([@​koic][])
  • #13402: Fix a false positive for Lint/SafeNavigationConsistency when using unsafe navigation with both && and ||. ([@​koic][])
  • #13434: Fix a false positive for Naming/MemoizedInstanceVariableName for assignment methods`. ([@​earlopain][])
  • #13415: Fix false positives for Naming/MemoizedInstanceVariableName when using initialize_clone, initialize_copy, or initialize_dup. ([@​koic][])
  • #13421: Fix false positives for Style/SafeNavigation when using a method chain that exceeds the MaxChainLength value and includes safe navigation operator. ([@​koic][])
  • #13433: Fix autocorrection for Style/AccessModifierDeclarations for multiple inline symbols. ([@​dvandersluis][])
  • #13430: Fix EmptyLinesAroundMethodBody for methods with arguments spanning multiple lines. ([@​aduth][])
  • #13438: Fix incorrect correction in Lint/Void if an operator is called in a void context using a dot. ([@​dvandersluis][])
  • #13419: Fix Lint/DeprecatedOpenSSLConstant false positive when the argument is a safe navigation method call. ([@​dvandersluis][])
  • #13404: Fix Style/AccessModifierDeclarations to register (as positive or negative, depending on AllowModifiersOnSymbols value) access modifiers with multiple symbols. ([@​dvandersluis][])
  • #13436: Fix incorrect offense and autocorrect for Lint/RedundantSplatExpansion when percent literal array is used in a safe navigation method call. ([@​lovro-bikic][])

... (truncated)

Commits
  • 3d95b38 Cut 1.69.1
  • c60ffa5 Update Changelog
  • 4f2ac18 Lint/BinaryOperatorWithIdenticalOperands: Remove MATH_OPERATORS as they will ...
  • ea4aa48 Merge pull request #13529 from dvandersluis/generator-internal-affairs
  • 12e1ea2 Update rake new_cop to handle InternalAffairs cops
  • 84f3d43 Specify maximum_target_ruby_version for a handful of cops, document it
  • ef8009c Merge pull request #13531 from rubocop/dependabot/github_actions/karancode/ya...
  • 7715ed7 Bump karancode/yamllint-github-action from 2.1.1 to 3.0.0
  • cc43be0 Merge pull request #13528 from viralpraxis/fix-style-redundant-parentheses-co...
  • bd8b674 Fix Style/RedundantParentheses cop failure in case of splatted case node ...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump actionpack, rails, dotenv-rails and rubocop
4d8b010 
Bumps [actionpack](https://github.com/rails/rails), [rails](https://github.com/rails/rails), [dotenv-rails](https://github.com/bkeepers/dotenv) and [rubocop](https://github.com/rubocop/rubocop). These dependencies needed to be updated together.

Updates `actionpack` from 6.1.7.8 to 8.0.0.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.0.0.1/actionpack/CHANGELOG.md)
- [Commits](rails/rails@v6.1.7.8...v8.0.0.1)

Updates `rails` from 6.1.7.8 to 8.0.0.1
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](rails/rails@v6.1.7.8...v8.0.0.1)

Updates `dotenv-rails` from 3.1.0 to 3.1.4
- [Release notes](https://github.com/bkeepers/dotenv/releases)
- [Changelog](https://github.com/bkeepers/dotenv/blob/main/Changelog.md)
- [Commits](bkeepers/dotenv@v3.1.0...v3.1.4)

Updates `rubocop` from 1.63.2 to 1.69.1
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.63.2...v1.69.1)

---
updated-dependencies:
- dependency-name: actionpack
  dependency-type: direct:production
- dependency-name: rails
  dependency-type: direct:production
- dependency-name: dotenv-rails
  dependency-type: direct:production
- dependency-name: rubocop
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Dec 11, 2024
@dependabot dependabot bot mentioned this pull request Dec 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants