Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump resque, omniauth, capybara, jasmine, alto_guisso_rails, sass-rails, omniauth-openid, resque-scheduler and redis #920

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Dec 18, 2023

Bumps resque, omniauth, capybara, jasmine, alto_guisso_rails, sass-rails, omniauth-openid, resque-scheduler and redis. These dependencies needed to be updated together.
Updates resque from 1.27.4 to 2.6.0

Release notes

Sourced from resque's releases.

v2.6.0

What's Changed

New Contributors

Full Changelog: resque/resque@v2.5.0...v2.6.0

v2.5.0

Bunch of bug and deprecation warning fixes in this release. Big thanks to everyone who's contributed to this release!

What's Changed

New Contributors

Full Changelog: resque/resque@v2.4.0...v2.5.0

v2.4.0

What's Changed

New Contributors

Full Changelog: resque/resque@v2.3.0...v2.4.0

... (truncated)

Changelog

Sourced from resque's changelog.

2.6.0

Fixed

  • resque-web: Fix reflected XSS in queues endpoint (#1865)
  • resque-web: Format args in YAML (#1875)
  • Fix MiniTest undefined errors (#1879)
  • Fix failing reconnect tests (#1880)

Added

  • Documents how to make the worker shutdown when the queue is empty (#1873)

2.5.0

Fixed

  • Replace File.exists? with File.exist? (#1846)
  • Escape Resque.redis_id for stats page (#1834)
  • Escape resque info values (#1832)
  • Correctly show the values of hash and none type on stats tab (#1838)
  • Fix logging the worker name when starting the task (#1837)

Added

  • Raise an error when no available Rack server was found (#1836)
  • Move code in Resque::Server.helpers block into a module to make it testable (#1851)

2.4.0

Fixed

  • Remove thread_safe arg in Redis instantiaons (#1822)
  • Updated Test Matrix for Redis 5.0 (#1824)
  • Fix redis-rb 4.8 deprecation warnings (#1827)
  • Fix redis-rb 5.0 compatibility issues (#1828)

2.3.0

Fixed

  • Fix NoMethodError: undefined method 'application' for Rails:Module when Rails module is defined but not a full Rails app (#1799)
  • Fix deprecation warnings in Redis#pipelined for redis 4.6 (#1806)
  • Add Ruby syntax highlighting to remaining markdown docs (#1802)
  • Fix pagination section (#1809)
  • Fix before_run undefined local variable or method runner (#1811)

Added

  • Added support for pausing all workers by setting the Redis key pause-all-workers to string value "true" (#1803)

... (truncated)

Commits
  • 2f9d080 Version 2.6.0 and Changelog
  • 3502893 Make tests for reconnect pass again
  • 18d63e2 Fix MiniTest undefined errors
  • 771b5d2 Documents how to make the worker shutdown when the queue is empty
  • ae3fe72 format args in YAML
  • 7623b8d Fix reflected XSS in queue
  • 811ef35 Version 2.5.0
  • f8444d3 Add tests for #redis_get_size and #redis_get_value_as_array
  • e080135 Cut out codes in the helpers block into a module
  • d683029 Remove unused file
  • Additional commits viewable in compare view

Updates omniauth from 1.9.2 to 2.0.4

Release notes

Sourced from omniauth's releases.

v2.0.4

This release removes unnecessary warning logging when accessing GET routes that are not related to the OmniAuth request path.

Thanks to @​charlie-wasp and @​sponomarev at Evil Martians for the bug find and subsequent PR.

Fix rescuing of application errors when call_app! is used.

As a consequence of the changes that were merged in #689, errors thrown by strategies that utilize other_phase (or more specifically call_app!), would be caught by omniauth, causing headaches for folks looking to have those errors handled by their application. This should allow for errors that come from the app to pass through, while passing errors that come from the authentication phases to the fail! handler.

Resolves #1030

Fix for incorrect order of request_validation_phase in test_mode.

@​jsdalton gave an awesome report of the issue present in test_mode in #1033

The current implementation of mock_call was verifying the token for all requests, regardless of whether the current path is on the omniauth request path. The change was introduced recently in 1b784ff. See #1032 for details.

This creates two problems:

  1. When test mode is on, the authenticity verification logic is run inappropriately against requests where this may not even be wanted.
  2. The behavior varies from actual production behavior, potentially allowing bugs to be introduced by unwary developers.

Note that this bug was only present when OmniAuth was configured for test_mode and using the mock_call phases.

Allow passing rack-protection configuration to default request_validation_phase

This release now properly allows an instance of OmniAuth::AuthenticityTokenProtection (with passed in rack-protection configuration) to be used as the request_validation_phase.

Thanks @​jkowens #1027

If you haven't already read the release notes for v2.0.0, you should do so.

v2.0.0

Version 2.0 of OmniAuth includes some changes that may be breaking depending on how you use OmniAuth in your app.

Many thanks to the folks who contributed in code and discussion for these changes.

OmniAuth now defaults to only POST as the allowed request_phase method.

Hopefully, you were already doing this as a result of the warnings due to CVE-2015-9284.
For detailed context, see:
#960
#809
Resolving CVE-2015-9284

This change also includes an additional configurable phase: request_validation_phase.

Rack/Sinatra

By default, this uses rack-protection's AuthenticityToken class to validate authenticity tokens. If you are using a rack based framework like sinatra, you can find an example of how to add authenticity tokens to your view here.

... (truncated)

Commits
  • e7b8811 Release v2.0.4
  • 119a54d Remove jruby-head for now
  • f0e5d42 Merge pull request #1041 from charlie-wasp/fix/get-request-warning
  • b72a8db Warn only on GET requests for login path
  • 481e307 Prepare for next development iteration
  • f9dddef v2.0.3 release
  • 7e1b49f Merge pull request #1035 from omniauth/1030-standard-error-handling
  • 6f4cdb0 Better handle errors that come from the actual app.
  • 0d533c3 Update README for next dev cycle.
  • ba115e1 Prepare for 2.0.2 release
  • Additional commits viewable in compare view

Updates capybara from 2.18.0 to 3.39.2

Changelog

Sourced from capybara's changelog.

Version 3.39.2

Release date: 2023-06-10

Fixed

  • Fix Selenium version comparison [aki77]

Version 3.39.1

Release date: 2023-05-12

Fixed

  • Fix usage of Selenium logger

Version 3.39.0

Release date: 2023-04-02

Added

  • Support :target filter option on :link selector [Yudai Takada]
  • Experimental Rack 3 support
  • Text normalization performance improvements [Brandon Weaver]

Fixed

  • MS Edge button click [Brian J. Bayer]
  • Options/Capabilities choosing based on Selenium versions
  • Support for base versions [Matijs van Zuijlen]
  • ExpectedError not defined in Selenium 4+
  • Filter block forwarding to a number of matchers [Christophe Bliard]

Changed

  • Dropped support for rack 1.x

Version 3.38.0

Release date: 2022-11-03

Changed

  • Capybara.w3c_click_offset now defaults to true. If you need click offsets to be from the elements top left corner set it to false in your config

Added

  • Support Selenium 4.3 changes to click offset calculations
  • click, double_click, right_click can now be called on the session to click the currently scoped element (or document)
  • Session#within now passes the scoped element to the block
  • Support rack-test 2+
  • Retry interval is now configurable [Masahiro NOMOTO]
  • Support Puma 6 - Issue #2590
  • Selenium: DetachedShadowRootError is treated as an invalid element error [Perryn Fowler]

... (truncated)

Commits

Updates jasmine from 2.7.0 to 3.8.0

Release notes

Sourced from jasmine's releases.

3.8.0

Please see the release notes.

3.7.0

Please see the release notes.

3.6.0

Please see the release notes.

3.5.1

Support rails 6. Also see the full release notes

3.5.0

Please see the release notes

3.4.0

Please see the release notes

3.3.0

Please see the release notes

3.2.0

Please see the release notes

3.1.0

Please see the release notes

3.0.0

Please see the release notes

2.99

Please see the release notes

2.9.0

Please see the release notes

2.8.0

Please see the release notes.

Commits

Updates alto_guisso_rails from 3324e4e to 0.0.2

Commits

Updates sass-rails from 4.0.5 to 6.0.0

Release notes

Sourced from sass-rails's releases.

6.0.0

Breaking change

v5.0.7

  • Remove ruby warnings

v5.0.6

  • Fixes deprecation warnings on Sprockets 3 (#382)

    Richard Schneeman

5.0.5

  • Support Rails 5

5.0.4

  • Allow Tilt 2 usage
  • Allow no compression for all environments

5.0.3

  • Fixed file permissions

5.0.2

  • Configure assets environment inside a configure block. This fixes an issue with sprockets-rails' master branch.

5.0.1

  • Fixed @import glob related caching bug

5.0.0

  • Register scss and sass extensions for rake notes
  • Make possible to use sprocktes > 2.8 and < 4
  • Make possible to use sass ~> 3.1
  • Deprecate .css.scss and .css.sass extensions
  • Limit =require to .css only files and @import to .scss files. Avoid mixing the two.
Commits
  • a77240c Prepare to 6.0.0
  • 8dbe4dc Bump version to 6.0.0.beta3
  • 830a8ec Bump minimum version of sassc-rails
  • ff54c20 Fix open-ended dependency
  • ebe9ef7 Bump version to v6.0.0.beta2
  • 409d871 Merge pull request #424 from rails/sassc-rails
  • d809900 Recomend to use SassC::Rails::Importer to users requiring sass/rails/importer
  • 706526d Make sass-rails an wrapper for sassc-rails to allow a smooth upgrade path
  • ac38f1e Merge pull request #423 from gregmolnar/master
  • d61b999 remove gemnasium badge from readme
  • Additional commits viewable in compare view

Updates omniauth-openid from 1.0.1 to 2.0.1

Release notes

Sourced from omniauth-openid's releases.

Relax Omniauth Requirement

This release relaxes the omniauth version requirement to allow omniauth v2.0.0.

While v2.0.0 of this gem was tagged for a while, it was never pushed to rubygems. It removed the "steam" strategy from the gem, and so was tagged as a breaking change.

If you need a steam strategy, you can try omniauth-steam, but this is neither a guarantee of functionality nor an official recommendation.

v2.0.0

No release notes provided.

Commits

Updates resque-scheduler from 3.0.0 to 4.10.2

Release notes

Sourced from resque-scheduler's releases.

v4.10.1

What's Changed

Full Changelog: resque/resque-scheduler@v4.10.0...v4.10.1

v4.10.0

What's Changed

New Contributors

Full Changelog: resque/resque-scheduler@v4.9.0...v4.10.0

v4.9.0

What's Changed

New Contributors

Full Changelog: resque/resque-scheduler@v4.8.0...v4.9.0

v4.8.0

What's Changed

New Contributors

Full Changelog: resque/resque-scheduler@v4.7.0...v4.8.0

v4.7.0

What's Changed

Full Changelog: resque/resque-scheduler@v4.6.0...v4.7.0

v4.6.0

... (truncated)

Changelog

Sourced from resque-scheduler's changelog.

[4.10.2] - 2023-12-15

Fixed

[4.10.1] - 2023-12-15

Fixed

[4.10.0] - 2023-08-20

Added

  • Add logfmt option for logging output (#763)

Fixed

  • Rubocop Fixes (#771)

[4.9.0] - 2023-05-31

Changed

Fixed

[4.8.0] - 2023-27-1

  • Replace deprecated Socket.gethostname with Addrinfo.getaddrinfo to fix deprecation warnings (#753)

[4.7.0] - 2022-10-6

Fixed

  • Fix tests for redis-rb 5.0 (#757)
  • Use Resque::DataStore#reconnect for redis-rb 5.0 compat (#757)
  • Test suite runs flushall to prevent flakiness (#757)

[4.6.0] - 2022-08-04

Changed

  • Remove support for Ruby < 2.3
  • Configuration to use a set of truthy values to enable boolean settings instead of simply existence
  • Add delay_or_enqueue_at for delaying existing jobs or creating a new job(#645)
  • Fix deprecated uses of Redis#pipelined
  • Fix reading configuration from environment for boolean values (#735)
  • Unblock rufus-scheduler lock on lower than 3.7 by fixing scheduler shutdown (#736)
  • Removed testing against jruby (resque doesn't test against jruby)

[4.5.0] - 2021-09-25

Added

  • Support Ruby 3
  • Add optional argument to remove_schedule to control reloading of the schedule

... (truncated)

Commits

Updates redis from 3.3.5 to 5.0.8

Changelog

Sourced from redis's changelog.

5.0.8

  • Fix Redis#without_reconnect for sentinel clients. Fix #1212.
  • Add sentinel_username, sentinel_password for sentinel clients. Bump redis-client to >=0.17.0. See #1213

5.0.7

  • Fix compatibility with redis-client 0.15.0 when using Redis Sentinel. Fix #1209.

5.0.6

  • Wait for an extra config.read_timeout in blocking commands rather than an arbitrary 100ms. See #1175.
  • Treat ReadOnlyError as ConnectionError. See #1168.

5.0.5

  • Fix automatic disconnection when the process was forked. See #1157.

5.0.4

  • Cast ttl argument to integer in expire, setex and a few others.

5.0.3

  • Add OutOfMemoryError as a subclass of CommandError

5.0.2

  • Fix Redis#close to properly reset the fork protection check.

5.0.1

  • Added a fake Redis::Connections.drivers method to be compatible with older sidekiq versions.

5.0.0

  • Default client timeout decreased from 5 seconds to 1 second.
  • Eagerly and strictly cast Integer and Float parameters.
  • Allow to call subscribe, unsubscribe, psubscribe and punsubscribe from a subscribed client. See #1131.
  • Use MD5 for hashing server nodes in Redis::Distributed. This should improve keys distribution among servers. See #1089.
  • Changed sadd and srem to now always return an Integer.
  • Added sadd? and srem? which always return a Boolean.
  • Added support for IDLE paramter in xpending.
  • Cluster support has been moved to a redis-clustering companion gem.
  • select no longer record the current database. If the client has to reconnect after select was used, it will reconnect to the original database.
  • Better support Float timeout in blocking commands. See #977.
  • Redis.new will now raise an error if provided unknown options.
  • Removed positional timeout in blocking commands (BLPOP, etc). Timeout now must be passed as an option: r.blpop("key", timeout: 2.5)
  • Removed logger option.
  • Removed reconnect_delay_max and reconnect_delay, you can pass precise sleep durations to reconnect_attempts instead.

... (truncated)

Commits
  • 2b183ad Release 5.0.8
  • 230a5c4 Merge pull request #1227 from supercaracal/add-sharded-pubsub-support
  • 54e6a7e Add sharded Pub/Sub support for cluster
  • ccdf15f Merge pull request #1226 from supercaracal/support-transaction-for-cluster-cl...
  • dda95f8 Support transactions for cluster client
  • c888c74 Merge pull request #1225 from afinzel/master
  • ad0f30b Update default timeout docs
  • 8e9183a Update sentinel auth with explicit kwargs (#1221)
  • 01de51a Merge pull request #1222 from supercaracal/fix-cluster
  • ea4d04a Fix redis-clustering gem to pass the test with latest dependencies
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

…ls, omniauth-openid, resque-scheduler and redis

Bumps [resque](https://github.com/resque/resque), [omniauth](https://github.com/omniauth/omniauth), [capybara](https://github.com/teamcapybara/capybara), [jasmine](https://github.com/jasmine/jasmine-gem), [alto_guisso_rails](https://github.com/instedd/alto_guisso_rails), [sass-rails](https://github.com/rails/sass-rails), [omniauth-openid](https://github.com/intridea/omniauth-openid), [resque-scheduler](https://github.com/resque/resque-scheduler) and [redis](https://github.com/redis/redis-rb). These dependencies needed to be updated together.

Updates `resque` from 1.27.4 to 2.6.0
- [Release notes](https://github.com/resque/resque/releases)
- [Changelog](https://github.com/resque/resque/blob/master/HISTORY.md)
- [Commits](resque/resque@v1.27.4...v2.6.0)

Updates `omniauth` from 1.9.2 to 2.0.4
- [Release notes](https://github.com/omniauth/omniauth/releases)
- [Commits](omniauth/omniauth@v1.9.2...v2.0.4)

Updates `capybara` from 2.18.0 to 3.39.2
- [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md)
- [Commits](teamcapybara/capybara@2.18.0...3.39.2)

Updates `jasmine` from 2.7.0 to 3.8.0
- [Release notes](https://github.com/jasmine/jasmine-gem/releases)
- [Changelog](https://github.com/jasmine/jasmine-gem/blob/main/RELEASE.markdown)
- [Commits](jasmine/jasmine-gem@v2.7.0...v3.8.0)

Updates `alto_guisso_rails` from `3324e4e` to 0.0.2
- [Commits](https://github.com/instedd/alto_guisso_rails/commits)

Updates `sass-rails` from 4.0.5 to 6.0.0
- [Release notes](https://github.com/rails/sass-rails/releases)
- [Commits](rails/sass-rails@v4.0.5...v6.0.0)

Updates `omniauth-openid` from 1.0.1 to 2.0.1
- [Release notes](https://github.com/intridea/omniauth-openid/releases)
- [Commits](omniauth/omniauth-openid@v1.0.1...v2.0.1)

Updates `resque-scheduler` from 3.0.0 to 4.10.2
- [Release notes](https://github.com/resque/resque-scheduler/releases)
- [Changelog](https://github.com/resque/resque-scheduler/blob/master/CHANGELOG.md)
- [Commits](https://github.com/resque/resque-scheduler/commits)

Updates `redis` from 3.3.5 to 5.0.8
- [Changelog](https://github.com/redis/redis-rb/blob/master/CHANGELOG.md)
- [Commits](redis/redis-rb@v3.3.5...v5.0.8)

---
updated-dependencies:
- dependency-name: resque
  dependency-type: direct:production
- dependency-name: omniauth
  dependency-type: direct:production
- dependency-name: capybara
  dependency-type: direct:development
- dependency-name: jasmine
  dependency-type: direct:development
- dependency-name: alto_guisso_rails
  dependency-type: direct:production
- dependency-name: sass-rails
  dependency-type: direct:production
- dependency-name: omniauth-openid
  dependency-type: direct:production
- dependency-name: resque-scheduler
  dependency-type: direct:production
- dependency-name: redis
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants