🚨 [security] [ruby] Update cucumber-rails 4.0.1 → 4.1.0 (minor)#5915
Open
depfu[bot] wants to merge 1 commit into
Open
🚨 [security] [ruby] Update cucumber-rails 4.0.1 → 4.1.0 (minor)#5915depfu[bot] wants to merge 1 commit into
depfu[bot] wants to merge 1 commit into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ cucumber-rails (4.0.1 → 4.1.0) · Repo · Changelog
Release Notes
4.1.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 55 commits:
Prepare release v4.1.0Ci/introduce rails 8 1 (#604)Update ruby/setup-ruby action to v1.316.0Update github/codeql-action action to v4.36.3Update ruby/setup-ruby action to v1.315.0Allow Cucumber 11 (#612)Update zizmorcore/zizmor-action action to v0.5.7Update ruby/setup-ruby action to v1.314.0Update actions/checkout action to v7 (#611)Update rubygems/configure-rubygems-credentials action to v2.1.0Update ruby/setup-ruby action to v1.313.0Update ruby/setup-ruby action to v1.312.0Update github/codeql-action action to v4.36.2Update actions/checkout action to v6.0.3Update github/codeql-action action to v4.36.1Update github/codeql-action action to v4.36.0Update ruby/setup-ruby action to v1.310.0Update dependency ruby to v4.0.5Update ruby/setup-ruby action to v1.308.0Update zizmorcore/zizmor-action action to v0.5.6Update github/codeql-action action to v4.35.5Update zizmorcore/zizmor-action action to v0.5.4Update ruby/setup-ruby action to v1.307.0Update dependency ruby to v4.0.4Use trusted publishing for Ruby (#610)Update ruby/setup-ruby action to v1.307.0Update github/codeql-action action to v4.35.4Update github/codeql-action action to v4.35.3Update ruby/setup-ruby action to v1.306.0Update ruby/setup-ruby action to v1.305.0Update ruby/setup-ruby action to v1.302.0Update github/codeql-action action to v4.35.2Offset codeql-ruby schedule trigger from all other codeql-ruby triggersruby: Enable CodeQL (#608)Update zizmorcore/zizmor-action action to v0.5.3Update ruby/setup-ruby action to v1.301.0chore(deps): update ruby/setup-ruby action to v1.300.0chore(deps): update ruby/setup-ruby action to v1.299.0chore(deps): update ruby/setup-ruby action to v1.298.0chore(deps): update ruby/setup-ruby action to v1.297.0chore(deps): update ruby/setup-ruby action to v1.296.0chore(deps): update ruby/setup-ruby action to v1.295.0chore(deps): update ruby/setup-ruby action to v1.294.0chore(deps): update ruby/setup-ruby action to v1.293.0chore(deps): update ruby/setup-ruby action to v1.292.0Lint Zizmor analysis actionReduce GitHub Action permissions (#607)Remove unused workflow callsPin actions/checkout to an exact SHA referencePin ruby/setup-ruby to a exact SHA referenceRefactor GitHub actions to follow Cucumber org conventionsDon't persist credentials after using actions/checkoutPin cucumber/action-create-github-release to exact versionRefactor Github actions to follow Cucumber org conventionsSetup Zizmor analysis for Github ActionsRelease Notes
1.0.7
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 26 commits:
Release 1.0.7Fix inefficient handling of non-ASCII characters during tokenizationPrevent a long run of adjacent comments from exhausting the stackLimit recursion depth to prevent stack overflow and memory exhaustionPrevent resource exhaustion denial of service via excessively large exponentsBump version to 1.0.7Update CI workflow dependenciesUpdate CI test matrixUpgrade minitest and rakeMerge pull request #18 from stoivo/mainUpdate links to point to the targeted versionname Test name look a bit nicerUpgrade minitest to 5.21.1Use actions/checkout@v4Add Ruby 3.2.x to the test matrixMerge pull request #13 from voxik/minitest519Fix compatibility with Minitest 5.19+Remove redundant Ruby 3.2 from the CI matrixAdd Ruby 3.1 and 3.2 to the CI matrix.Remove 1.9.3 and truffleruby from the test matrixReplace Travis with GitHub ActionsReformat readme and historyRemove copyright yearRequire mfaUpgrade dev dependencies🎨Release Notes
11.1.1
11.1.0
11.0.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
19.0.1
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
39.1.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
23.1.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
32.3.1
32.3.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
0.6.4
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 46 commits:
v0.6.4Exclude dependabot updates from release noteMerge pull request #87 from ruby/dependabot/github_actions/rubygems/release-gem-1.4.0Bump rubygems/release-gem from 1.2.0 to 1.4.0Merge pull request #86 from ruby/dependabot/github_actions/step-security/harden-runner-2.19.4Bump step-security/harden-runner from 2.19.3 to 2.19.4Merge pull request #85 from ruby/dependabot/github_actions/step-security/harden-runner-2.19.3Bump step-security/harden-runner from 2.19.1 to 2.19.3Merge pull request #84 from ruby/dependabot/github_actions/step-security/harden-runner-2.19.1Bump step-security/harden-runner from 2.19.0 to 2.19.1Merge pull request #82 from ruby/dependabot/github_actions/step-security/harden-runner-2.19.0Bump step-security/harden-runner from 2.17.0 to 2.19.0Merge pull request #81 from ruby/dependabot/github_actions/step-security/harden-runner-2.17.0Bump step-security/harden-runner from 2.16.1 to 2.17.0Merge pull request #79 from ruby/dependabot/github_actions/rubygems/release-gem-1.2.0Merge pull request #80 from ruby/dependabot/github_actions/step-security/harden-runner-2.16.1Bump step-security/harden-runner from 2.16.0 to 2.16.1Bump rubygems/release-gem from 1.1.4 to 1.2.0Merge pull request #78 from ruby/dependabot/github_actions/actions/create-github-app-token-3Merge pull request #77 from ruby/dependabot/github_actions/rubygems/release-gem-1.1.4Merge pull request #76 from ruby/dependabot/github_actions/step-security/harden-runner-2.16.0Bump actions/create-github-app-token from 2 to 3Bump rubygems/release-gem from 1.1.2 to 1.1.4Bump step-security/harden-runner from 2.15.1 to 2.16.0Merge pull request #75 from ruby/dependabot/github_actions/step-security/harden-runner-2.15.1Bump step-security/harden-runner from 2.15.0 to 2.15.1Merge pull request #74 from ruby/dependabot/github_actions/step-security/harden-runner-2.15.0Bump step-security/harden-runner from 2.14.2 to 2.15.0Merge pull request #72 from ruby/dependabot/github_actions/step-security/harden-runner-2.14.2Bump step-security/harden-runner from 2.14.1 to 2.14.2Merge pull request #71 from ruby/dependabot/github_actions/step-security/harden-runner-2.14.1Bump step-security/harden-runner from 2.14.0 to 2.14.1Support private instance_variables_to_inspect (#70)Merge pull request #69 from ruby/dependabot/github_actions/step-security/harden-runner-2.14.0Bump step-security/harden-runner from 2.13.3 to 2.14.0Merge pull request #68 from ruby/dependabot/github_actions/step-security/harden-runner-2.13.3Bump step-security/harden-runner from 2.13.2 to 2.13.3Merge pull request #67 from ruby/dependabot/github_actions/actions/checkout-6Bump actions/checkout from 5 to 6Merge pull request #66 from ruby/dependabot/github_actions/step-security/harden-runner-2.13.2Bump step-security/harden-runner from 2.13.1 to 2.13.2[DOC] Suppress documentation for internalsUpdate the latest versions of actionsMerge pull request #63 from ruby/dependabot/github_actions/rubygems/release-gem-1.1.2Bump rubygems/release-gem from 1.1.1 to 1.1.2Merge pull request #62 from k0kubun/sync-rubySecurity Advisories 🚨
🚨 RDoc RCE vulnerability with .rdoc_options
🚨 RDoc RCE vulnerability with .rdoc_options
🚨 RDoc RCE vulnerability with .rdoc_options
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
2.8.1 (from changelog)
2.8.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 43 commits:
Ready for 2.8.2Refactor cpath validation for TruffleRubyon_load and on_unload validate their input is a constant pathAdd a constant path validatorLet on_load/on_unload use a sentinel for 0 argsAdd RuboCop to CILintingMerge pull request #335 from Shopify/on_load_qualifierReady for 2.8.1Remove anonymous blocksMake qualified constant paths work with #on_loadRemove README conventionReplace comments with arrowsRewordRewordReady for 2.8.0Refactors in test_nsfiles.rbAdd some copsUpdate the CHANGELOGAdd minimal RuboCopAdd mise.toml to .gitignoreDouble quotes -> single quotesRename exception for conflicting namespace definitionsDocument nsfile recommended conventionRestore shadowed filesPolish the docsTweaks to the READMERename NameConflict -> ShadowedFileErrorDetect multiple nsfiles in collapsed directoriesLet load_file support nsfilesAdd support for nsfilesLet Cref#location handle empty arraysRename the new exception to Zeitwerk::NameConflictAdd a couple of missing signaturesAdd some coverage for tagsLet shadowed files raiseDelete unnecessary nils in with_files/setupRestore expected cpath APIs behavior for collapsed directoriesLet ls handle collapsed directoriesPolishes listing utilitiesReport location when logging files shadowed by existing constantsCode gardeningCorrect Ruby edge branch in CHANGELOG.md🆕 erb (added, 6.0.4)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands