🚨 [security] [ruby] Update vite_rails 3.11.0 → 3.11.1 (patch)#5914
Open
depfu[bot] wants to merge 1 commit into
Open
🚨 [security] [ruby] Update vite_rails 3.11.0 → 3.11.1 (patch)#5914depfu[bot] wants to merge 1 commit into
depfu[bot] wants to merge 1 commit into
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## develop #5914 +/- ##
===========================================
- Coverage 84.86% 84.82% -0.05%
===========================================
Files 1492 1492
Lines 33936 33936
Branches 3613 3613
===========================================
- Hits 28799 28785 -14
- Misses 4286 4304 +18
+ Partials 851 847 -4
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ vite_rails (3.11.0 → 3.11.1) · Repo · Changelog
Release Notes
3.11.1 (from changelog)
Does any of this look wrong? Please let us know.
Release Notes
1.0.7
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 26 commits:
Release 1.0.7Fix inefficient handling of non-ASCII characters during tokenizationPrevent a long run of adjacent comments from exhausting the stackLimit recursion depth to prevent stack overflow and memory exhaustionPrevent resource exhaustion denial of service via excessively large exponentsBump version to 1.0.7Update CI workflow dependenciesUpdate CI test matrixUpgrade minitest and rakeMerge pull request #18 from stoivo/mainUpdate links to point to the targeted versionname Test name look a bit nicerUpgrade minitest to 5.21.1Use actions/checkout@v4Add Ruby 3.2.x to the test matrixMerge pull request #13 from voxik/minitest519Fix compatibility with Minitest 5.19+Remove redundant Ruby 3.2 from the CI matrixAdd Ruby 3.1 and 3.2 to the CI matrix.Remove 1.9.3 and truffleruby from the test matrixReplace Travis with GitHub ActionsReformat readme and historyRemove copyright yearRequire mfaUpgrade dev dependencies🎨Release Notes
0.6.4
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 46 commits:
v0.6.4Exclude dependabot updates from release noteMerge pull request #87 from ruby/dependabot/github_actions/rubygems/release-gem-1.4.0Bump rubygems/release-gem from 1.2.0 to 1.4.0Merge pull request #86 from ruby/dependabot/github_actions/step-security/harden-runner-2.19.4Bump step-security/harden-runner from 2.19.3 to 2.19.4Merge pull request #85 from ruby/dependabot/github_actions/step-security/harden-runner-2.19.3Bump step-security/harden-runner from 2.19.1 to 2.19.3Merge pull request #84 from ruby/dependabot/github_actions/step-security/harden-runner-2.19.1Bump step-security/harden-runner from 2.19.0 to 2.19.1Merge pull request #82 from ruby/dependabot/github_actions/step-security/harden-runner-2.19.0Bump step-security/harden-runner from 2.17.0 to 2.19.0Merge pull request #81 from ruby/dependabot/github_actions/step-security/harden-runner-2.17.0Bump step-security/harden-runner from 2.16.1 to 2.17.0Merge pull request #79 from ruby/dependabot/github_actions/rubygems/release-gem-1.2.0Merge pull request #80 from ruby/dependabot/github_actions/step-security/harden-runner-2.16.1Bump step-security/harden-runner from 2.16.0 to 2.16.1Bump rubygems/release-gem from 1.1.4 to 1.2.0Merge pull request #78 from ruby/dependabot/github_actions/actions/create-github-app-token-3Merge pull request #77 from ruby/dependabot/github_actions/rubygems/release-gem-1.1.4Merge pull request #76 from ruby/dependabot/github_actions/step-security/harden-runner-2.16.0Bump actions/create-github-app-token from 2 to 3Bump rubygems/release-gem from 1.1.2 to 1.1.4Bump step-security/harden-runner from 2.15.1 to 2.16.0Merge pull request #75 from ruby/dependabot/github_actions/step-security/harden-runner-2.15.1Bump step-security/harden-runner from 2.15.0 to 2.15.1Merge pull request #74 from ruby/dependabot/github_actions/step-security/harden-runner-2.15.0Bump step-security/harden-runner from 2.14.2 to 2.15.0Merge pull request #72 from ruby/dependabot/github_actions/step-security/harden-runner-2.14.2Bump step-security/harden-runner from 2.14.1 to 2.14.2Merge pull request #71 from ruby/dependabot/github_actions/step-security/harden-runner-2.14.1Bump step-security/harden-runner from 2.14.0 to 2.14.1Support private instance_variables_to_inspect (#70)Merge pull request #69 from ruby/dependabot/github_actions/step-security/harden-runner-2.14.0Bump step-security/harden-runner from 2.13.3 to 2.14.0Merge pull request #68 from ruby/dependabot/github_actions/step-security/harden-runner-2.13.3Bump step-security/harden-runner from 2.13.2 to 2.13.3Merge pull request #67 from ruby/dependabot/github_actions/actions/checkout-6Bump actions/checkout from 5 to 6Merge pull request #66 from ruby/dependabot/github_actions/step-security/harden-runner-2.13.2Bump step-security/harden-runner from 2.13.1 to 2.13.2[DOC] Suppress documentation for internalsUpdate the latest versions of actionsMerge pull request #63 from ruby/dependabot/github_actions/rubygems/release-gem-1.1.2Bump rubygems/release-gem from 1.1.1 to 1.1.2Merge pull request #62 from k0kubun/sync-rubyCommits
See the full diff on Github. The new version differs by 20 commits:
Sync Gemfile.lock to 0.8.3Merge pull request #128 from jsugarman/fix/handle-non-rewindable-body-streamsBump version to 0.8.3Add regression test for non-rewindable body streamsFix: Handle non-rewindable body streams in Rack::ProxyBump version to 0.8.2Harden build_header_hash against top-level ::Headers leakBump version to 0.8.1Merge pull request #127 from ncr/logging-supportAdd :logger option for Net::HTTP debug outputMerge pull request #126 from ncr/v0.8-breakingBump rack to 3.2.6Bump version to 0.8.0Default SSL verify to VERIFY_PEERMerge pull request #124 from ncr/tier1-bugfixesFix body and connection-error handlingBump version to 0.7.8Fix tests for Rack 3 and current upstream behaviorMerge pull request #120 from ncr/dependabot/bundler/rack-3.0.9.1Bump rack from 3.0.8 to 3.0.9.1Security Advisories 🚨
🚨 RDoc RCE vulnerability with .rdoc_options
🚨 RDoc RCE vulnerability with .rdoc_options
🚨 RDoc RCE vulnerability with .rdoc_options
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
2.8.1 (from changelog)
2.8.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 43 commits:
Ready for 2.8.2Refactor cpath validation for TruffleRubyon_load and on_unload validate their input is a constant pathAdd a constant path validatorLet on_load/on_unload use a sentinel for 0 argsAdd RuboCop to CILintingMerge pull request #335 from Shopify/on_load_qualifierReady for 2.8.1Remove anonymous blocksMake qualified constant paths work with #on_loadRemove README conventionReplace comments with arrowsRewordRewordReady for 2.8.0Refactors in test_nsfiles.rbAdd some copsUpdate the CHANGELOGAdd minimal RuboCopAdd mise.toml to .gitignoreDouble quotes -> single quotesRename exception for conflicting namespace definitionsDocument nsfile recommended conventionRestore shadowed filesPolish the docsTweaks to the READMERename NameConflict -> ShadowedFileErrorDetect multiple nsfiles in collapsed directoriesLet load_file support nsfilesAdd support for nsfilesLet Cref#location handle empty arraysRename the new exception to Zeitwerk::NameConflictAdd a couple of missing signaturesAdd some coverage for tagsLet shadowed files raiseDelete unnecessary nils in with_files/setupRestore expected cpath APIs behavior for collapsed directoriesLet ls handle collapsed directoriesPolishes listing utilitiesReport location when logging files shadowed by existing constantsCode gardeningCorrect Ruby edge branch in CHANGELOG.md🆕 erb (added, 6.0.4)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands