🚨 [security] Update rails 7.0.8 → 7.1.2 (minor) #295

depfu · 2023-11-12T00:12:21Z

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ rails (7.0.8 → 7.1.2) · Repo

Release Notes

7.1.2

7.1.1

7.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actioncable (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

Release Notes

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionmailbox (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

↗️ actionmailer (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

Release Notes

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionpack (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

Release Notes

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actiontext (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

Release Notes

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionview (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

Release Notes

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activejob (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

Release Notes

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activemodel (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

Release Notes

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activerecord (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

Release Notes

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activestorage (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

Release Notes

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activesupport (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

Release Notes

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ date (indirect, 3.3.3 → 3.3.4) · Repo

Release Notes

3.3.4

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ loofah (indirect, 2.21.4 → 2.22.0) · Repo · Changelog

Release Notes

2.22.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ net-imap (indirect, 0.4.1 → 0.4.7) · Repo

Release Notes

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ net-protocol (indirect, 0.2.1 → 0.2.2) · Repo

Release Notes

0.2.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nio4r (indirect, 2.5.9 → 2.6.1) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.15.4 → 1.15.5) · Repo · Changelog

Release Notes

1.15.5

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ racc (indirect, 1.7.2 → 1.7.3) · Repo · Changelog

Release Notes

1.7.3

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rack (indirect, 2.2.8 → 3.0.8) · Repo · Changelog

Security Advisories 🚨

🚨 Possible Denial of Service Vulnerability in Rack’s header parsing

🚨 Possible DoS Vulnerability in Multipart MIME parsing

🚨 Denial of service via header parsing in Rack

🚨 Denial of Service Vulnerability in Rack Content-Disposition parsing

🚨 Denial of service via multipart parsing in Rack

Release Notes

3.0.8

3.0.7

3.0.6.1 (from changelog)

3.0.4.1

3.0.2

3.0.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ railties (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

Release Notes

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rake (indirect, 13.0.6 → 13.1.0) · Repo · Changelog

Release Notes

13.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ thor (indirect, 1.2.2 → 1.3.0) · Repo · Changelog

Release Notes

1.3.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ timeout (indirect, 0.4.0 → 0.4.1) · Repo

Release Notes

0.4.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🆕 base64 (added, 0.2.0)

🆕 bigdecimal (added, 3.1.4)

🆕 connection_pool (added, 2.4.1)

🆕 drb (added, 2.2.0)

🆕 io-console (added, 0.6.0)

🆕 irb (added, 1.9.1)

🆕 mutex_m (added, 0.2.0)

🆕 psych (added, 5.1.1.1)

🆕 rack-session (added, 2.0.0)

🆕 rackup (added, 2.1.0)

🆕 rdoc (added, 6.6.0)

🆕 reline (added, 0.4.1)

🆕 stringio (added, 3.1.0)

🆕 webrick (added, 1.8.1)

🗑️ method_source (removed)

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

codecov · 2023-11-12T00:14:11Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Additional details and impacted files

@@           Coverage Diff            @@
##             main      #295   +/-   ##
========================================
  Coverage        ?   100.00%           
========================================
  Files           ?        45           
  Lines           ?       616           
  Branches        ?         0           
========================================
  Hits            ?       616           
  Misses          ?         0           
  Partials        ?         0

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

depfu · 2024-06-04T13:34:59Z

Closing because this update has already been applied

depfu bot added the depfu label Nov 12, 2023

Update rails to version 7.1.2

3bba100

depfu bot force-pushed the depfu/update/group/rails-7.1.2 branch from 1bf73e4 to 3bba100 Compare November 29, 2023 23:40

Merge branch 'main' into depfu/update/group/rails-7.1.2

fb00aa9

digitaltom force-pushed the main branch 3 times, most recently from 7249eab to 8cc1693 Compare June 4, 2024 11:41

depfu bot closed this Jun 4, 2024

depfu bot deleted the depfu/update/group/rails-7.1.2 branch June 4, 2024 13:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🚨 [security] Update rails 7.0.8 → 7.1.2 (minor) #295

🚨 [security] Update rails 7.0.8 → 7.1.2 (minor) #295

depfu bot commented Nov 12, 2023 •

edited

Loading

codecov bot commented Nov 12, 2023 •

edited

Loading

depfu bot commented Jun 4, 2024

🚨 [security] Update rails 7.0.8 → 7.1.2 (minor) #295

🚨 [security] Update rails 7.0.8 → 7.1.2 (minor) #295

Conversation

depfu bot commented Nov 12, 2023 • edited Loading

What changed?

✳️ rails (7.0.8 → 7.1.2) · Repo

↗️ actioncable (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

↗️ actionmailbox (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

↗️ actionmailer (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

↗️ actionpack (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

↗️ actiontext (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

↗️ actionview (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

↗️ activejob (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

↗️ activemodel (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

↗️ activerecord (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

↗️ activestorage (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

↗️ activesupport (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

↗️ date (indirect, 3.3.3 → 3.3.4) · Repo

↗️ loofah (indirect, 2.21.4 → 2.22.0) · Repo · Changelog

↗️ net-imap (indirect, 0.4.1 → 0.4.7) · Repo

↗️ net-protocol (indirect, 0.2.1 → 0.2.2) · Repo

↗️ nio4r (indirect, 2.5.9 → 2.6.1) · Repo · Changelog

↗️ nokogiri (indirect, 1.15.4 → 1.15.5) · Repo · Changelog

↗️ racc (indirect, 1.7.2 → 1.7.3) · Repo · Changelog

↗️ rack (indirect, 2.2.8 → 3.0.8) · Repo · Changelog

Impact

Workarounds

Impact

Workarounds

Impact

Workarounds

Impact

Workarounds

Impact

Workarounds

3.0.6.1 (from changelog)

3.0.0 (from changelog)

↗️ railties (indirect, 7.0.8 → 7.1.2) · Repo · Changelog

7.1.2 (from changelog)

7.1.1 (from changelog)

7.1.0 (from changelog)

↗️ rake (indirect, 13.0.6 → 13.1.0) · Repo · Changelog

↗️ thor (indirect, 1.2.2 → 1.3.0) · Repo · Changelog

↗️ timeout (indirect, 0.4.0 → 0.4.1) · Repo

🆕 base64 (added, 0.2.0)

🆕 bigdecimal (added, 3.1.4)

🆕 connection_pool (added, 2.4.1)

🆕 drb (added, 2.2.0)

🆕 io-console (added, 0.6.0)

🆕 irb (added, 1.9.1)

depfu bot commented Nov 12, 2023 •

edited

Loading

codecov bot commented Nov 12, 2023 •

edited

Loading