Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the bundler group across 1 directory with 8 updates #144

Merged
merged 1 commit into from
Sep 4, 2024
Merged

Bump the bundler group across 1 directory with 8 updates #144

merged 1 commit into from
Sep 4, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 4, 2024
edited
Loading

Bumps the bundler group with 2 updates in the / directory: rake and actionpack.

Updates rake from 10.3.2 to 12.3.3

Changelog

Sourced from rake's changelog.

=== 12.3.3

==== Bug fixes

  • Use the application's name in error message if a task is not found. Pull Request #303 by tmatilai

==== Enhancements:

  • Use File.open explicitly.

=== 12.3.2

==== Bug fixes

  • Fixed test fails caused by 2.6 warnings. Pull Request #297 by hsbt

==== Enhancements:

  • Rdoc improvements. Pull Request #293 by colby-swandale
  • Improve multitask performance. Pull Request #273 by jsm
  • Add alias prereqs. Pull Request #268 by take-cheeze

=== 12.3.1

==== Bug fixes

  • Support did_you_mean >= v1.2.0 which has a breaking change on formatters. Pull request #262 by FUJI Goro.

==== Enhancements:

  • Don't run task if it depends on already invoked but failed task. Pull request #252 by Gonzalo Rodriguez.
  • Make space trimming consistent for all task arguments. Pull request #259 by Gonzalo Rodriguez.
  • Removes duplicated inclusion of Rake::DSL in tests. Pull request #254 by Gonzalo Rodriguez.
  • Re-raise a LoadError that didn't come from require in the test loader. Pull request #250 by Dylan Thacker-Smith.

=== 12.3.0

==== Compatibility Changes

  • Bump required_ruby_version to Ruby 2.0.0. Rake has already

... (truncated)

Commits
  • 5c87c46 Bump version to 12.3.3.
  • 5b8f8fc Use File.open explicitly.
  • 6497ba4 Merge pull request #317 from ruby/ignore-gitignore
  • be62efb Removed gitignore from gemspec files.
  • 1c22b49 Merge pull request #309 from RDIL/patch-1
  • 496944a Remove deprecated travis ci option
  • 489c7d8 Merge pull request #307 from ruby/azure-pipelines
  • 77eb6d8 Only enabled macOS environment
  • 72ffa2e use realpath
  • 7744872 Do not specify ruby version of macOS
  • Additional commits viewable in compare view

Updates actionpack from 6.1.3 to 7.1.3.4

Release notes

Sourced from actionpack's releases.

7.1.3.4

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103]

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 7.1.3.4 (June 04, 2024)

  • Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103]

Rails 7.1.3.3 (May 16, 2024)

  • No changes.

Rails 7.1.3.2 (February 21, 2024)

  • Fix raise_on_missing_translations not working correctly with the translate method in controllers after the patch for CVE-2024-26143.

Rails 7.1.3.1 (February 21, 2024)

Rails 7.1.3 (January 16, 2024)

  • Fix including Rails.application.routes.url_helpers directly in an ActiveSupport::Concern.

    Jonathan Hefner

  • Fix system tests when using a Chrome binary that has been downloaded by Selenium.

    Jonathan Hefner

Rails 7.1.2 (November 10, 2023)

  • Fix a race condition that could cause a Text file busy - chromedriver error with parallel system tests

    Matt Brictson

  • Fix StrongParameters#extract_value to include blank values

    Otherwise composite parameters may not be parsed correctly when one of the component is blank.

... (truncated)

Commits
  • 19eebf6 Preparing for 7.1.3.4 release
  • bd7c28a update changelog
  • c7b9e0c include the HTTP Permissions-Policy on non-HTML Content-Types
  • 747a03b Preparing for 7.1.3.3 release
  • 6f0d1ad Preparing for 7.1.3.2 release
  • c25f0fc Respect raise_on_missing_ in controller
  • d73ed95 Preparing for 7.1.3.1 release
  • 43037d8 update changelog
  • 5187a9e fix XSS vulnerability when using translation
  • b4d3bfb Fix ReDoS in accept header scanning
  • Additional commits viewable in compare view

Updates actionview from 6.1.3 to 7.1.3.4

Release notes

Sourced from actionview's releases.

7.1.3.4

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103]

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

... (truncated)

Changelog

Sourced from actionview's changelog.

Rails 7.1.3.4 (June 04, 2024)

  • No changes.

Rails 7.1.3.3 (May 16, 2024)

  • No changes.

Rails 7.1.3.2 (February 21, 2024)

  • No changes.

Rails 7.1.3.1 (February 21, 2024)

  • No changes.

Rails 7.1.3 (January 16, 2024)

  • Better handle SyntaxError in Action View.

    Mario Caropreso

  • Fix word_wrap with empty string.

    Jonathan Hefner

  • Rename ActionView::TestCase::Behavior::Content to ActionView::TestCase::Behavior::RenderedViewContent.

    Make RenderedViewContent inherit from String. Make private API with :nodoc:.

    Sean Doyle

  • Fix detection of required strict locals.

    Further fix render @collection compatibility with strict locals

    Jean Boussier

Rails 7.1.2 (November 10, 2023)

  • Fix the number_to_human_size view helper to correctly work with negative numbers.

    Earlopain

  • Automatically discard the implicit locals injected by collection rendering for template that can't accept them

... (truncated)

Commits

Updates activesupport from 6.1.3 to 7.1.3.4

Release notes

Sourced from activesupport's releases.

7.1.3.4

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103]

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 7.1.3.4 (June 04, 2024)

  • No changes.

Rails 7.1.3.3 (May 16, 2024)

  • No changes.

Rails 7.1.3.2 (February 21, 2024)

  • No changes.

Rails 7.1.3.1 (February 21, 2024)

  • No changes.

Rails 7.1.3 (January 16, 2024)

  • Handle nil backtrace_locations in ActiveSupport::SyntaxErrorProxy.

    Eugene Kenny

  • Fix ActiveSupport::JSON.encode to prevent duplicate keys.

    If the same key exist in both String and Symbol form it could lead to the same key being emitted twice.

    Manish Sharma

  • Fix ActiveSupport::Cache::Store#read_multi when using a cache namespace and local cache strategy.

    Mark Oleson

  • Fix Time.now/DateTime.now/Date.today to return results in a system timezone after #travel_to.

    There is a bug in the current implementation of #travel_to: it remembers a timezone of its argument, and all stubbed methods start returning results in that remembered timezone. However, the expected behaviour is to return results in a system timezone.

    Aleksei Chernenkov

  • Fix :unless_exist option for MemoryStore#write (et al) when using a cache namespace.

... (truncated)

Commits
  • 19eebf6 Preparing for 7.1.3.4 release
  • bd7c28a update changelog
  • 747a03b Preparing for 7.1.3.3 release
  • 6f0d1ad Preparing for 7.1.3.2 release
  • c25f0fc Respect raise_on_missing_ in controller
  • d73ed95 Preparing for 7.1.3.1 release
  • 43037d8 update changelog
  • 36c1591 Preparing for 7.1.3 release
  • a84622f Sync changelog
  • 894f933 Merge pull request #50764 from eugeneius/syntax_error_proxy_nil_backtrace_loc...
  • Additional commits viewable in compare view

Updates loofah from 2.9.0 to 2.22.0

Release notes

Sourced from loofah's releases.

2.22.0 / 2023-11-13

Added

2.21.4 / 2023-10-10

Fixed

  • Loofah::HTML5::Scrub.scrub_css is more consistent in preserving whitespace (and lack of whitespace) in CSS property values. In particular, .scrub_css no longer inserts whitespace between tokens that did not already have whitespace between them. [#273, fixes #271]

2.21.3 / 2023-05-15

2.21.2 / 2023-05-11

Dependencies

  • Update the dependency on Nokogiri to be >= 1.12.0. The dependency in 2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would result in a NameError exception. [#266]

2.21.1 / 2023-05-10

Fixed

  • Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.

2.21.0 / 2023-05-10

HTML5 Support

Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:

  • Loofah.html5_document
  • Loofah.html5_fragment
  • Loofah.scrub_html5_document
  • Loofah.scrub_html5_fragment

These classes and methods use Nokogiri's HTML5 parser to ensure modern web standards are used.

⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.

... (truncated)

Changelog

Sourced from loofah's changelog.

2.22.0 / 2023-11-13

Added

2.21.4 / 2023-10-10

Fixed

  • Loofah::HTML5::Scrub.scrub_css is more consistent in preserving whitespace (and lack of whitespace) in CSS property values. In particular, .scrub_css no longer inserts whitespace between tokens that did not already have whitespace between them. [#273, fixes #271]

2.21.3 / 2023-05-15

Fixed

2.21.2 / 2023-05-11

Dependencies

  • Update the dependency on Nokogiri to be >= 1.12.0. The dependency in 2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would result in a NameError exception. [#266]

2.21.1 / 2023-05-10

Fixed

  • Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.

2.21.0 / 2023-05-10

HTML5 Support

Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:

  • Loofah.html5_document
  • Loofah.html5_fragment
  • Loofah.scrub_html5_document
  • Loofah.scrub_html5_fragment

These classes and methods use Nokogiri's HTML5 parser to ensure modern web standards are used.

⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.

... (truncated)

Commits
  • cb14ea7 version bump to v2.22.0
  • 64e0a26 update CHANGELOG
  • c5cfb80 Merge pull request #277 from wynksaiddestroy/feature/noreferrer_scrubber
  • 4ad2e13 Add noreferrer scrubber
  • 5345bb7 Merge pull request #275 from hexdevs/add-target-blank-scrub
  • 09e11ad feat: adds :targetblank scrubber
  • 992b054 version bump to v2.21.4
  • 5d9a22f Merge pull request #273 from flavorjones/flavorjones-css-whitespace-handling
  • 876116e fix: scrub_css is more consistent with whitespace
  • edde5f2 Merge pull request #274 from flavorjones/flavorjones-bump-hoe-markdown
  • Additional commits viewable in compare view

Updates nokogiri from 1.11.1 to 1.16.5

Release notes

Sourced from nokogiri's releases.

v1.16.5 / 2024-05-13

Security

Dependencies

sha256 checksums:

af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874  nokogiri-1.16.5-aarch64-linux.gem
23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec  nokogiri-1.16.5-arm-linux.gem
950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214  nokogiri-1.16.5-arm64-darwin.gem
b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989  nokogiri-1.16.5-java.gem
ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e  nokogiri-1.16.5-x64-mingw-ucrt.gem
6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107  nokogiri-1.16.5-x64-mingw32.gem
abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4  nokogiri-1.16.5-x86-linux.gem
63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4  nokogiri-1.16.5-x86-mingw32.gem
71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279  nokogiri-1.16.5-x86_64-darwin.gem
0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97  nokogiri-1.16.5-x86_64-linux.gem
ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2  nokogiri-1.16.5.gem

v1.16.4 / 2024-04-10

Dependencies

  • [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

sha256 checksums:

bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5  nokogiri-1.16.4-aarch64-linux.gem
0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a  nokogiri-1.16.4-arm-linux.gem
8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196  nokogiri-1.16.4-arm64-darwin.gem
bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc  nokogiri-1.16.4-java.gem
a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae  nokogiri-1.16.4-x64-mingw-ucrt.gem
4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468  nokogiri-1.16.4-x64-mingw32.gem
d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5  nokogiri-1.16.4-x86-linux.gem
d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168  nokogiri-1.16.4-x86-mingw32.gem
a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628  nokogiri-1.16.4-x86_64-darwin.gem
92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31  nokogiri-1.16.4-x86_64-linux.gem
</tr></table>

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.5

Security

Dependencies

v1.16.4 / 2024-04-10

Dependencies

  • [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

Dependencies

v1.16.1 / 2024-02-03

Dependencies

... (truncated)

Commits

Updates rack from 2.2.3 to 3.0.11

Release notes

Sourced from rack's releases.

v3.0.9.1

What's Changed

Full Changelog: rack/rack@v3.0.9...v3.0.9.1

v3.0.9

What's Changed

  • Fix content-length calcuation in Rack:Response#write #2150

Full Changelog: rack/rack@v3.0.8...v3.0.9

v3.0.8

What's Changed

New Contributors

Full Changelog: rack/rack@v3.0.7...v3.0.8

v3.0.7

What's Changed

Full Changelog: rack/rack@v3.0.6.1...v3.0.7

v3.0.6.1

No release notes provided.

v3.0.4.1

Full Changelog: rack/rack@v3.0.4...v3.0.4.1

v3.0.4

Full Changelog: rack/rack@v3.0.3...v3.0.4

v3.0.3

What's Changed

Full Changelog: rack/rack@v3.0.2...v3.0.3

v3.0.2

Full Changelog: rack/rack@v3.0.1...v3.0.2

... (truncated)

Changelog

Sourced from rack's changelog.

[3.0.11] - 2024-05-10

  • Backport #2062 to 3-0-stable: Do not allow BodyProxy to respond to to_str, make to_ary call close . (#2062, @​jeremyevans)

[3.0.10] - 2024-03-21

  • Backport #2104 to 3-0-stable: Return empty when parsing a multi-part POST with only one end delimiter. (#2164, @​JoeDupuis)

[3.0.9.1] - 2024-02-21

Security

[3.0.9] - 2024-01-31

  • Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, @​mattbrictson)

[3.0.8] - 2023-06-14

[3.0.7] - 2023-03-16

[3.0.6.1] - 2023-03-13

Security

[3.0.6] - 2023-03-13

  • Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])

[3.0.5] - 2023-03-13

[3.0.4.2] - 2023-03-02

Security

... (truncated)

Commits

Updates rails-html-sanitizer from 1.3.0 to 1.6.0

Release notes

Sourced from rails-html-sanitizer's releases.

1.6.0 / 2023-05-26

  • Dependencies have been updated:

    • Loofah ~>2.21 and Nokogiri ~>1.14 for HTML5 parser support
    • As a result, required Ruby version is now >= 2.7.0

    Security updates will continue to be made on the 1.5.x release branch as long as Rails 6.1 (which supports Ruby 2.5) is still in security support.

    Mike Dalessio

  • HTML5 standards-compliant sanitizers are now available on platforms supported by Nokogiri::HTML5. These are available as:

    • Rails::HTML5::FullSanitizer
    • Rails::HTML5::LinkSanitizer
    • Rails::HTML5::SafeListSanitizer

    And a new "vendor" is provided at Rails::HTML5::Sanitizer that can be used in a future version of Rails.

    Note that for symmetry Rails::HTML4::Sanitizer is also added, though its behavior is identical to the vendor class methods on Rails::HTML::Sanitizer.

    Users may call Rails::HTML::Sanitizer.best_supported_vendor to get back the HTML5 vendor if it's supported, else the legacy HTML4 vendor.

    Mike Dalessio

  • Module namespaces have changed, but backwards compatibility is provided by aliases.

    The library defines three additional modules:

    • Rails::HTML for general functionality (replacing Rails::Html)
    • Rails::HTML4 containing sanitizers that parse content as HTML4
    • Rails::HTML5 containing sanitizers that parse content as HTML5

    The following aliases are maintained for backwards compatibility:

    • Rails::Html points to Rails::HTML
    • Rails::HTML::FullSanitizer points to Rails::HTML4::FullSanitizer
    • Rails::HTML::LinkSanitizer points to Rails::HTML4::LinkSanitizer
    • Rails::HTML::SafeListSanitizer points to Rails::HTML4::SafeListSanitizer

    Mike Dalessio

  • LinkSanitizer always returns UTF-8 encoded strings. SafeListSanitizer and FullSanitizer already ensured this encoding.

... (truncated)

Changelog

Sourced from rails-html-sanitizer's changelog.

1.6.0 / 2023-05-26

  • Dependencies have been updated:

    • Loofah ~>2.21 and Nokogiri ~>1.14 for HTML5 parser support
    • As a result, required Ruby version is now >= 2.7.0

    Security updates will continue to be made on the 1.5.x release branch as long as Rails 6.1 (which supports Ruby 2.5) is still in security support.

    Mike Dalessio

  • HTML5 standards-compliant sanitizers are now available on platforms supported by Nokogiri::HTML5. These are available as:

    • Rails::HTML5::FullSanitizer
    • Rails::HTML5::LinkSanitizer
    • Rails::HTML5::SafeListSanitizer

    And a new "vendor" is provided at Rails::HTML5::Sanitizer that can be used in a future version of Rails.

    Note that for symmetry Rails::HTML4::Sanitizer is also added, though its behavior is identical to the vendor class methods on Rails::HTML::Sanitizer.

    Users may call Rails::HTML::Sanitizer.best_supported_vendor to get back the HTML5 vendor if it's supported, else the legacy HTML4 vendor.

    Mike Dalessio

  • Module namespaces have changed, but backwards compatibility is provided by aliases.

    The library defines three additional modules:

    • Rails::HTML for general functionality (replacing Rails::Html)
    • Rails::HTML4 containing sanitizers that parse content as HTML4
    • Rails::HTML5 containing sanitizers that parse content as HTML5

    The following aliases are maintained for backwards compatibility:

    • Rails::Html points to Rails::HTML
    • Rails::HTML::FullSanitizer points to Rails::HTML4::FullSanitizer
    • Rails::HTML::LinkSanitizer points to Rails::HTML4::LinkSanitizer
    • Rails::HTML::SafeListSanitizer points to Rails::HTML4::SafeListSanitizer

    Mike Dalessio

  • LinkSanitizer always returns UTF-8 encoded strings. SafeListSanitizer and FullSanitizer already ensured this encoding.

... (truncated)

Commits
  • 19fd6cd version bump to v1.6.0
  • a9b2f1e doc: update CHANGELOG and README with supported branch info
  • ca29c20 doc: update README moving verbose notes after usage
  • 3b31be5 version bump to v1.6.0.rc2
  • b98af6c Merge pull request #167 from rails/flavorjones-best-supported-vendor-method
  • e953444 feat: introduce Rails::HTML::Sanitizer.best_supported_vendor
  • 5419017 version bump to v1.6.0.rc1
  • 669dcd0 doc: update CONTRIBUTING with release process
  • cd77210 Merge pull request #166 from rails/flavorjones-update-deps-for-html5-variation2
  • 7cc07bb dep: update loofah and nokogiri to versions fully supporting HTML5
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump the bundler group across 1 directory with 8 updates
3ab993d 
Bumps the bundler group with 2 updates in the / directory: [rake](https://github.com/ruby/rake) and [actionpack](https://github.com/rails/rails).


Updates `rake` from 10.3.2 to 12.3.3
- [Release notes](https://github.com/ruby/rake/releases)
- [Changelog](https://github.com/ruby/rake/blob/master/History.rdoc)
- [Commits](ruby/rake@v10.3.2...v12.3.3)

Updates `actionpack` from 6.1.3 to 7.1.3.4
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.4/actionpack/CHANGELOG.md)
- [Commits](rails/rails@v6.1.3...v7.1.3.4)

Updates `actionview` from 6.1.3 to 7.1.3.4
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.4/actionview/CHANGELOG.md)
- [Commits](rails/rails@v6.1.3...v7.1.3.4)

Updates `activesupport` from 6.1.3 to 7.1.3.4
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.4/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.1.3...v7.1.3.4)

Updates `loofah` from 2.9.0 to 2.22.0
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](flavorjones/loofah@v2.9.0...v2.22.0)

Updates `nokogiri` from 1.11.1 to 1.16.5
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.11.1...v1.16.5)

Updates `rack` from 2.2.3 to 3.0.11
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/commits)

Updates `rails-html-sanitizer` from 1.3.0 to 1.6.0
- [Release notes](https://github.com/rails/rails-html-sanitizer/releases)
- [Changelog](https://github.com/rails/rails-html-sanitizer/blob/main/CHANGELOG.md)
- [Commits](rails/rails-html-sanitizer@v1.3.0...v1.6.0)

---
updated-dependencies:
- dependency-name: rake
  dependency-type: direct:development
  dependency-group: bundler
- dependency-name: actionpack
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: actionview
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: loofah
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: rack
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: rails-html-sanitizer
  dependency-type: indirect
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jun 4, 2024
@dependabot dependabot bot mentioned this pull request Jun 4, 2024
Closed
@nvasilevski nvasilevski merged commit c5d2f0e into master Sep 4, 2024
1 check passed
@nvasilevski nvasilevski deleted the dependabot/bundler/bundler-2df732853c branch September 4, 2024 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nvasilevski nvasilevski nvasilevski approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nvasilevski